Jump to content

Recommended Posts

My antivirus is Avira AntiVir Personal. I used the most updated version (July 4)

Here is my Malwarebytes log:

Malwarebytes' Anti-Malware 1.38

Database version: 2369

Windows 5.1.2600 Service Pack 2

7/4/2009 1:32:41 PM

mbam-log-2009-07-04 (13-32-34).txt

Scan type: Full Scan (C:\|)

Objects scanned: 181367

Time elapsed: 51 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.

And here is my HST log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:36:36 PM, on 7/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\BrownSW\VPNCLN~1\INSTAL~1.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

O2 - BHO: IDXHlprObj Class - {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files\IDX Web Desktop\IDXIEController.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: DictateBHO - {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: TouchWorks Dictate - {6F60C5C5-61B3-4378-8902-ED9497663AC9} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [] C:\Documents and Settings\vtewari\.exe /i

O4 - HKCU\..\Run: [vtewari] C:\Documents and Settings\vtewari\vtewari.exe /i

O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [jegosabahi] Rundll32.exe "C:\WINDOWS\system32\yeyatene.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} (Engine Class) - /Touchworks/AHSCompressionEngine.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} (IDXssl Class) - http://emr.bgpma.com/IDXICW/IDXM/idxssl.cab

O16 - DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} (WAVSCtl.WAVitalSignsCtl) - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab

O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab

O16 - DPF: {46965FE7-2129-407B-938C-BE358A56D11E} (AICViewer.Viewer) - /touchworks/docworks/chworks/note/aicviewer3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229557813171

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.14.142.downloads.estara.com...227562OneCC.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232477913984

O16 - DPF: {77C84519-8818-4E32-9540-653A9905C9F6} (DictationController Class) - http://tw.bgpma.com/Touchworks/DictationController.cab

O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl) - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab

O16 - DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} (Pesgoa Control) - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab

O16 - DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} (Flowcast LDAP Class) - http://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} (DictionaryManager.Dictionary) - /Touchworks/DictionaryManager.CAB

O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab

O16 - DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} (IDX TermWin Control) - http://emr.bgpma.com/IDXICW/IDXM/icw.CAB

O16 - DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} (TWRTFControl) - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab

O16 - DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} (DictateBandInstaller) - https://tw.bgpma.com/Touchworks/DictateBar.cab

O16 - DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} (IDXcsvr Control Class) - http://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab

O16 - DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} (AIC_ViewerAS2.Viewer) - /TouchWorks/docworks/chworks/note/aic_viewer2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bgpma.com

O17 - HKLM\Software\..\Telephony: DomainName = bgpma.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC}: NameServer = 202.149.208.92,202.149.208.11

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bgpma.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bgpma.com

O18 - Filter hijack: text/html - {b9dfea23-651b-4b7e-bf9a-3936ff1c819f} - (no file)

O20 - AppInit_DLLs: ytvrlh.dll KATRACK.DLL zvmwsm.dll sofduk.dll zdcfil.dll

O23 - Service: Application Layer Gateway Service ALGSharedAccess (ALGSharedAccess) - Unknown owner - C:\WINDOWS\system32\advpackx.exe (file missing)

O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\BrownSW\VPNCLN~1\INSTAL~1.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe

O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 16271 bytes

Thank you so much for your help

Link to post
Share on other sites

  • Root Admin

Is this a work computer and part of the Domain bgpma.com ?

Did you or your IT Dept set these DNS Server entries: 202.149.208.92,202.149.208.11

STEP 01

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

  • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
  • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
  • O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  • O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  • O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
  • O4 - HKCU\..\Run: [] C:\Documents and Settings\vtewari\.exe /i
  • O4 - HKCU\..\Run: [vtewari] C:\Documents and Settings\vtewari\vtewari.exe /i
  • O4 - HKUS\S-1-5-19\..\Run: [jegosabahi] Rundll32.exe "C:\WINDOWS\system32\yeyatene.dll",s (User 'LOCAL SERVICE')
  • O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  • O18 - Filter hijack: text/html - {b9dfea23-651b-4b7e-bf9a-3936ff1c819f} - (no file)
  • O20 - AppInit_DLLs: ytvrlh.dll KATRACK.DLL zvmwsm.dll sofduk.dll zdcfil.dll
    Then Quit All Browsers including the one you're reading this in now.
    Then click on Fix checked and then quit HJT

STEP 02

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

Thank you so much for your message. It is a work computer that is part of the bgpma.com domain.

Here is my ComboFix.txt :

ComboFix 09-07-06.02 - vtewari 07/06/2009 20:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.626 [GMT -4:00]

Running from: c:\documents and settings\vtewari\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\-1398234865

c:\documents and settings\All Users\Application Data\13B5E8A1.exe

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{010851FB-E87B-4B15-B89D-31BCA16CB409}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0191F380-CE67-4E66-AC7F-AF85A1A70EF5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{02140FBD-EFCD-4954-AA51-3EC959634BDA}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{03F041FD-3F3A-424A-88F0-84351B0C7234}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{04B6190D-BB0B-444B-98EE-474F2C35C135}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{04DB7525-C121-4AA6-A18F-1688B0C1FFF9}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0500A0C4-77E0-4F50-A5B4-AB67707141D2}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{061DE70F-E1FA-41B8-9359-E76187719F66}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0685C898-6A71-4EA3-8BE8-AE14F901F82C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{06F7AC6F-CF24-4707-856D-3730898FAFD7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{08488A8B-CE72-4C5B-B92A-42BF00D61D11}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0893DA15-1568-4A12-BA4B-03C02C8F9D17}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{08BF69EB-7A77-4974-9208-1C88B79714E1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{09487DC3-3517-495A-989C-811544B253B8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0978B4F3-F83D-4551-88FE-F8AAD8583F3C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0A7A0EE4-C523-49AD-AA57-89AA2CAC2A97}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B54D927-E5A1-4789-BB74-61221152F02B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B5DA379-7053-4CEC-903A-AFF2FA2A888B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0B9E8426-82A5-4F94-B2C6-8D04096E7792}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0C7EA272-B681-4C14-A4B8-12996AB8725B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0EC6EF41-DF71-4AEE-9B5D-FE0C34D85164}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{0F359B3A-66EE-4453-930A-B899CB7F0D40}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{100ECC25-B5E5-4790-A848-2525363C5F1C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1126C211-3C15-473E-B32C-8F6753A561E1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{115B6B95-4FC0-4B9D-81F9-D44C48F9BB52}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1244729B-0B52-4EF4-A7FD-5BFBF7962CC7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{12EE75DB-F4AD-4DF3-8DEB-4FF5630B73B8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{15277D43-9416-4EF7-A82C-BA8D9DA09C76}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1595F55E-79E5-4585-9DEF-F8D8D7CEA728}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{16103788-4258-4D60-BB2D-F50178904DFF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{162080FD-33C1-49AC-B5CD-7C3BCD448CA3}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{16EE379E-EE9A-4169-823B-31534899A850}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1739EAF4-B0FD-482E-84A5-76B066CF8ED2}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{17B68B72-19E4-48BE-92C9-C5FEB6E10805}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{17C687B4-D05E-4F7C-B271-9E48AA6DA636}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1981FE74-AC3A-4B1F-8845-08EF843A36F8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{19D0AED9-8670-4584-958B-9B3FB18D5826}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1C7D836B-F192-4EA0-9F04-1CE6FAB6C4EE}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1D41E7FF-F552-40CB-8FD1-CDC1D19647B9}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1DAA25C7-2AC0-4E1A-B876-7AA8CC03903F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{1FBCE2DC-BD7C-4547-A374-FC5D84B4BB51}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2287BC21-FFEE-4852-AC36-04A9C7DB6B3B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2343D064-4ABB-4D00-921C-35C34C048297}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{23C089F9-663D-41E7-B088-049552BAA5FC}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{24B7F475-B2AC-4DAF-961C-4C34C6412AAB}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{27AB224E-8CDB-447F-9E25-DDB9D00C0138}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{281545B4-972C-4DAF-A0F9-08F17815AEC9}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28A385F8-06AB-4D9A-A6BF-7F6E0BF006B8}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28A49E85-AA93-4A50-BCFA-32A696DCC4C5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28CCF5A5-3764-4DE8-8EDE-BAFAA19DC97F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{28DEBA5F-5AB9-4434-8A74-85E7CEC85E73}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{291B1687-11C5-478D-8828-2795F3C3BFDE}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29280690-76DE-4BA1-BB89-97DD080BD922}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29C3FA4C-2859-4BBB-BD5A-F8CA69712C3A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{29F8E176-ADB7-44C8-8424-3DB43F257051}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A12AF4D-C6F9-48C6-887C-2F74A93929FA}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A14ADE4-0E85-4E40-B908-957AAE235AC6}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2A4F96CA-4D23-4B17-9CA9-A4F78BE81C49}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2B51A903-9A94-4389-B637-6F1C88A12D65}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2B69A695-CA54-41A3-BB7D-424BFE734724}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2BBCE97F-6A60-44B4-B3A3-7CB9481796C3}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2CE88845-9511-4062-A8C0-F001B72ED9FC}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2DCF3314-7C34-40C0-A9F5-BE29CC5B2A2C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2E11003D-6AFF-46DA-AB6A-2EFD95E17B43}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2E89D667-2989-49D6-99DE-CB02A103B451}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2F901039-6D1E-4460-8A43-B98D6DC111AE}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2F907FF8-D622-4408-9AF7-60CF7F89FD19}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{2FB2DB80-5DA8-414C-843D-40DF7DA89C8E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{300489B1-7D3B-42DB-8140-19DA32665472}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{31CCEEB5-6316-49B4-91BB-CA9AC652B448}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{32011C5F-B5BA-4884-BBD8-2D5955DA63A8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{334E49B8-C297-4537-89F1-6D1B85C5FF60}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3437587F-6FD0-4D9C-8746-1F3C3200F8E7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{35ACB1CD-52D0-4AA8-B9E4-8C90318F2178}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{36601610-E3A3-41FB-90A6-0C8CA31E6B7B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{36694957-907A-4061-B8C1-B43C92AC8C40}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{37DBA378-D684-4E27-A3FD-903E9C2A8BA1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{380F6A13-4BA4-49F3-9A6A-D0280458277B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{39A4B93F-EA81-4BC4-B828-590D4103B2BF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3A7E1974-9D09-4AD6-B7AA-4F20186C5E51}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3AD9D121-4DB0-4AA0-B37F-C3DF374A3B4F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B266237-C7F3-41C0-B7F7-16D5620255A1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B33C647-7448-4617-B028-7EE791B1D0DB}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3B4B4770-0536-42BA-8CBE-377E661AB415}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3BD5807D-D7B6-44EA-95E3-001800A5BB4D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3C7DA435-25FA-40D6-B82D-BB1D006089E8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3CA25348-73ED-4614-8437-7A86E872D17F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{3D9EAA7B-E63E-48BB-9892-E3E20F52880A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{402D0AC6-7BD8-4C11-BDB4-39473EF2DE80}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{404D084F-E2B9-44B0-9778-A0A416D6C006}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{412B13F7-B106-4D83-8C7C-2B4204A9B86E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{423FA1E8-386D-4002-BF97-86EB9763EC24}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{42945578-FA41-4518-B2F9-7F46FF28F2B0}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4316DAED-8281-4644-9A48-71BB7C3AAB76}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{43E7A830-7421-44B3-8504-2995B5F4F65A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{44422074-351F-4ED3-A720-3FFB4BF37462}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4485CA72-FD13-4982-86AF-6588CB532605}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{459DC5F1-14FA-4BB7-8E8F-1B180396AC07}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{45A91680-F4E5-4A7C-98AE-CDC79216C9E1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{45D7435B-80C3-490B-A874-E58D455DF916}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4650B851-2CCA-48C4-B803-692A6BF3AABF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46969F9E-FDFA-4EE7-8F3A-3EC0B291455C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46EF85F0-3883-41C5-9E93-8B3507635FD4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{46FE700C-3876-4B8C-B871-530D38C835B6}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4730D75E-17DB-4576-96BF-D9C5C85E27C3}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{476F973A-AD82-474A-8EC8-9E563E95027D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{47D89126-F86F-4264-BD59-48DF662C27CF}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{48257CA3-2FCB-4068-A806-EC3FDAF70DD0}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4891FE67-87A4-483B-A7E4-D7CACF6F0E28}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{492DB771-64FD-4800-A226-C34FA99429F4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A19EA0A-E557-4C44-88B6-1B22D01A4F56}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A307AEA-BA37-417A-8AA1-0EDEDC1FD199}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4A7DB28A-4A3D-4BA9-9F11-A3732C9B2509}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4AFCC474-6AFC-45AE-A74A-5460284A9DEC}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4B5CD0FD-BBAA-4057-BDEF-B85F72EB5599}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C053A06-A917-4E83-AAC8-489A41B1E803}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C289E8B-72CA-4612-AC64-16ECF0BD8F54}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4C7B62FB-6815-467C-B6D0-467C644B97A0}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4CB5CC86-311D-4A1B-B5C6-F12817BB9F8F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4D659318-0737-41E6-828C-05212A74F261}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{4F76E7B4-D8B0-4CD4-BEE5-5E7EA51E7ACF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{50CE66E5-D096-4020-8013-93D21D642267}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{52F24EED-3604-457B-ABFA-004FF8B5CF4A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{534C9310-6401-4555-956D-BB37AE91F54E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{54336CA0-7421-4777-AC21-6498110328A8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{55D92F5C-1E39-4873-8395-B3DA819EEA18}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{562AC82F-A4AA-4FDC-AE25-3FDC62D8D710}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{56C80657-E5F0-40D1-AEBF-F8558EB76C46}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58431356-99D1-4113-B86D-84E6E5AB702F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58908418-7A35-41D0-BC49-95BE4656E77A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{58D0D90C-04FB-4548-B605-DBC0B6400579}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5A361BE0-1FC9-421E-AD5A-67483803271C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5A433DD2-DBED-4446-8AFB-FE2CFC2E3FEF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5BA79241-6263-43EA-B03F-5722F5076E92}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5BFED51A-CD2E-4F61-9537-FAA8372CC13A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5C5A2CED-B42B-41BD-88C7-5BDDFF287BBF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5D5FBD94-85DB-4CCB-B3E5-46DDA18797A0}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5DBF80A4-6AAA-42D6-844F-2EFA52F1B107}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5F470A54-25D5-4602-B0B3-30E75AE51761}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{5FADCA06-A959-4781-94DA-E1FD2F081B04}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6065A0E6-18A2-41A4-B488-C538DEC148E6}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{62CD3FF4-E2D6-467D-9435-51F0988D3178}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{63709F8A-2A42-4DE3-8D1A-EF553ABD8105}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6378A53E-FEA1-47D6-86C1-7DE4AA50832C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6395F99C-4018-4B4E-987D-D98538CA51C5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{63E395FD-8C37-435A-9C03-6EA09BCF4C0C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{64807461-7494-4A7A-8096-DE1D294D241E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{64DE09DA-9B57-4E7B-9DF1-E29218E14EE7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{679D5051-41C7-48FB-A52B-95CA73959D3E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6873D373-0095-4BE6-8602-FD4E09B183CF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6A20C3EF-919D-44E7-AA6A-5828BD82EF90}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6AE3D9AC-9D10-478A-A1F8-418853859D57}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6B660FE8-C9F0-4D22-9AF2-74E16B0C0619}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6CCF6463-F18C-42AD-B41D-AA8816862D7E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6D3D1227-2D57-4F5D-B8E3-AA7F89AEB4F7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6D83E8E0-E00E-4E88-B14B-96264EB79107}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6E632EFF-2103-44FE-8A1B-17B66FF77A88}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6EC0622C-8D55-457E-9E92-C24D345A63B0}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{6FBC910D-15C1-473D-85A0-C5F9228C17D4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70714DD8-1D51-47B6-B63F-A6EDB7B66291}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70C5F7ED-48F9-4C00-A274-3E557DA77915}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{70FE31AF-6FB1-4CDD-A460-29F5FE9236D0}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{711F3DAC-1666-470D-AA8F-2CFA474E76C6}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{71E0FA53-C96B-408A-96D6-62EBAAE05F8E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72433408-AED1-480A-AE23-E8C91AE691C5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72D173F9-EFBB-499F-935D-107E61E2E9D5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{72EA8E90-CD35-44BA-9365-5D6744750793}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{739B62C8-76A4-404E-B9AF-250A710EF839}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74769858-1FF9-419D-8B4D-1AFFCBEE40E5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74828E3E-B4EA-482C-8278-BBAD9D751A17}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{74A10724-0153-478E-88F7-C71CF164B556}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{758E33F7-05FA-4336-B3A0-C153EB871A21}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{77E57209-56E3-43A3-8EA1-E3C699792091}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7874163B-39A3-4F16-9D5B-E9823A811328}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{78B41F84-826B-4EAF-AA21-F88E80E3F9A7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7981C931-93C8-4C46-B472-09F5D95D24C3}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7AC924CA-0510-4CF6-A6DE-D6A7BDBBE9B8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7B262F2D-68CB-4A8D-9E06-7A456A3C7D62}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7B791AE1-6D63-4A66-B51D-0B769BCFECE9}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7BE65B15-D508-4DF8-8B39-98F54C2ACD17}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7D77E815-716F-4A6D-9675-8F385A2D0E8C}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7D842E1B-4C13-415D-90C4-55EEEE9C3C69}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7E22F450-BEAC-47CC-A7C0-C6396986CC51}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7E94B200-B5AD-433E-92B0-F0F7B83EADF2}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7F5923F0-D1F3-4B12-827D-F2D0D0F84100}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{7FDAF9EF-4213-48BA-AF5E-BC6A20CF53BF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{804DD6D7-D762-48BB-AD67-66C4BCE61CF2}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{80B5AA1A-B11B-4FE2-B11A-3406B79933C2}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{81251391-A16F-40F0-98C5-19D91046BB67}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{82B266E9-E86D-479F-A86B-1B984BF83CC2}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{830D9D91-FCFC-4A97-A1DE-961F666241F7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{83236231-EC45-4741-9819-A51EC0D22173}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{857E6C60-B3C6-48FA-B633-B10D7EFC9E12}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{86F1B9AB-9CD8-4176-A0A3-647E382105B6}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{86FF82AD-09F3-4C47-B7D6-37BF66B0C525}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8705A7CE-F411-4F3F-A602-99207981C03E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{875922B2-DBF6-4CF3-8C2F-9527C51DBE7E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{87EB5630-C02B-4DA1-AD17-D71EB1B2E9B8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{896E503B-3E07-4719-8298-E159FF310D4C}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{89A5F723-B3FE-4237-8632-624F0CBA7670}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{89FE48D6-8ECC-4F73-8477-EFEF94A47D1C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8A50AB12-65C4-4EF5-9D33-176DD919CCF4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8BFBF8F8-57C6-4AA0-AF18-85DCFF4DD58F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8D6F3F53-2D33-4E11-AFA1-D9122AE6D95A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8E90EEAD-8212-44D4-B6A3-24BA73047DFF}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8EA64903-D940-43BD-8D67-5D56A7FC292F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{8FC90F8B-936F-43A4-8896-15F946B3D456}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{90FA57B1-B755-43BE-92A0-734829397A86}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{927730F3-8979-4F91-B34C-36A6D8FEB197}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{936C6EFD-D164-4467-9B96-B689288CFE13}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{939C0A7D-6FDD-49B5-B028-39CF2DC9EF1D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{93BA648D-4D12-4493-8C8E-198F69003854}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{93CCC2FC-570B-40DE-A907-D9F95938CEDC}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{959D8A96-C262-43DC-9BFC-BD08333969A9}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{96440AD0-4E6E-41EE-8554-C872D79D9022}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{969DCFA1-394F-406B-84E5-E61D76EDEECD}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9797AED5-76DD-4E78-908A-B544201121B3}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98396DDA-CF11-4302-8215-BA8120B5DA19}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98A3C4DE-DBA6-4C0D-8DDB-74C15E0A6B8E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{98FD387D-166E-422F-B91D-26E1CB0D8280}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{993DAE10-10D0-4131-AAE8-C512B10713B7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9B0B61ED-4748-490A-8DAC-09B2D7A684D5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9C4A0C62-B92A-4742-ACDE-C635BABDE7AD}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9C80058F-C21F-4C1C-B176-146AB674E21D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9D6D56E0-9E0F-4F7C-937E-DA8DEA57C211}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9D92C13E-F779-473A-A030-2A0428A54782}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9DB354A5-1DE2-42D6-A9C3-ABB392B81288}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9DDA5E25-7A9E-4833-8DB8-03B8B2F3BAA1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9E68916F-46C0-46DA-92F7-74F34A76893C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9ED484FF-7E15-40F8-81CE-27C99D346B35}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{9F499E7E-5900-4F3C-A577-57A2ED232029}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A17CDAEC-6615-4B1C-AA27-C1C52442C7E3}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A197085F-6871-484C-8B05-DE43C6D914FC}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A21AE1A2-0E33-4ED9-885B-633FF46B0A04}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A2CCDCB1-A499-4E0A-8E79-9D71C2A21C8C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A39ABF35-4BDE-46CE-876B-BD4C5FC96CC7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A39BF21F-A764-45C1-8F1D-CA4EE86FB8F0}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A43EA216-4E67-4BC3-B650-CD317DAB9D5F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A4612DAF-D6CA-497C-B500-10C8BA726001}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A4AFCA9E-1596-4B47-8C27-413779938714}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A50DBD74-9558-4772-A1B7-1E3529B074E5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5365AC5-5DE2-4C50-85A2-59C51D9BC740}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A58A6264-9E95-4132-B94F-4A1222C9741D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5B64A85-FCD1-4828-815B-762D70EE547F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5C88E5B-89EF-4914-B7B0-8D183C1B1509}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A5F8C5CD-A2D3-440D-B513-1DD8FE89F424}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A625F791-D329-4166-8E5C-143F8EF7DA6D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A72543EC-2538-45A8-8F05-ED6CFFA6F7AC}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A93E66AB-D324-44C0-A56E-9AA4C1C4BF9A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{A9B28D64-4686-4908-9D35-4F863AB8658E}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AB71F5CB-4EA4-44DD-A998-42CEF3989D1B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AC0C7551-1A0C-4EB5-84B2-E08911BAE550}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AC812428-006B-4AF4-81F5-B0A4F8387882}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ACF56F86-2E0F-4D68-B51F-D217E1572138}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AEEF3AED-D56D-43D8-8953-5974678CF215}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AEF6A5AB-6583-4DC8-9D20-FD47C658D585}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF115377-4251-4238-A0CA-FF3FE9D2D109}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF26A0CE-3985-48A7-9190-2987446D2307}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF5E112D-3949-4AA1-BD0D-C81D2ED05F96}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AF5E1704-476F-4964-86A8-1D9F917000FE}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{AFB4B228-9025-4631-B6F6-0539B9095016}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B1049DF0-04C7-4A7C-A7DB-4F15B05000A5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B2267AD6-246B-46CF-8859-9FB7AB03A08D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B257C6A8-E80F-4F76-86A6-884B6830EED1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B26AA993-82CB-4AF1-8E67-58B3621368D9}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B26B54E7-D238-4E64-B173-BABBC3AC51F5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B2C726B2-31C0-49F7-A5C8-84C003DBF2F5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B3940A87-3BE8-4BCA-9C8C-877D9BC66F18}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B4A0058E-BF67-4060-942B-F7B4F6F4216A}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B576FB1E-F851-4F9F-9EF4-57481A18E4E4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B5A0664C-2554-4460-97BB-F46BA27C5EE3}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B667CE22-14D4-4A4D-A556-72831B6022BB}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B85B1533-C8DB-40F9-BAF7-AC9A426407B8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{B9AE93BC-26BA-43B9-8212-0162A97B30A8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BA0F0FFB-C0D6-4AC8-A113-4A0FE2F3BF65}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BA427AE0-6535-40D2-B154-18FB7EC7C3CD}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BAD64514-DBC5-438D-B33F-9F56431EF112}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BCD54A82-6F1F-4EBD-B2A6-6F043DFC0EE4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BCDD7B0B-7650-4803-B6EE-E39A5DE27132}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{BEC61222-5A03-4DA7-9F24-54739827EF4C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C072A14F-1ADE-493A-9FFE-DADA1A3EA84A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C0ED1A7C-8ED2-40DA-A80B-D13F5DCB9EE8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C1C6A65D-2982-4713-A037-A1863868CE1D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C34186A1-8120-4F8E-8139-8D57A56980E0}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C4519FE7-68F1-4C7E-830A-EC859D482182}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C670C825-CCDE-4025-95DD-D73D02FBF610}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C686E537-4AE1-4F50-948F-6AC9878F4C97}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C70111F6-2B52-485A-8C43-212167932D28}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C732CBEF-C88D-464F-AF46-AF0B5BC58264}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C76909D0-7073-4599-91BF-301DB1CCDF32}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C76B5FC4-81D8-4C46-9080-FDA757C11825}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C80FBEFE-9255-41B7-8293-A70F6F193083}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{C94F23E0-15A5-4A00-929D-BAF174E157DD}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA348364-002E-4FCB-8619-C35EBCBDE5A5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA9104DE-0884-4A8C-9363-E7A6922D500B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CA930EA9-C214-4239-8FF8-A8F11BE99919}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CAE7414F-615B-4DB0-9271-7982223FCEA8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CBF0B258-C7A6-4169-B7C5-CE96398FCA91}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CC56A505-0CA3-4045-AA0A-3F843932A7D7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CCFC982C-F863-45CC-A9C6-C6BABC0C6BB7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CD160B53-D53B-4C00-B33A-9F22CB62DAA7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CD168EE0-4D6B-4140-8061-E7B41967CE67}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CDFC076E-F0B8-4CAC-A80B-B4B27F8BC24A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CF8364B6-6298-4145-9B7B-99AC176C6835}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CF8411A9-2BBB-4181-A51B-6B70D4B6069D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{CFEDC560-F294-47C2-9E27-EF7AED37AD72}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D03F7398-124C-4198-9777-3317FF1FB5DE}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D05B1BE1-6E7E-4ACD-87D7-EEDBDF2B4C89}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D1137DC6-E266-4058-A083-E62B7921B714}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D27A93F2-EBD0-4B6D-BCDE-02D0915E3D7D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D292D24E-A06E-4BCC-AFA8-225D07ECD46D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D2E1246D-6376-4F10-9D09-2142E6DBCAAA}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D3146BE6-03FA-409C-87C1-947C78D557F4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D46B0FBE-7097-4C53-AA94-B93EBE53C27F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D55829D6-9C2F-4EFA-BB84-07A0097D6B07}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D5BB6777-13ED-46F8-982B-C583D304F209}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D64E70FF-E322-442F-BA1D-F8561F5784E9}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D6CA47DF-9C42-4E26-A40D-32C8BC6F31C0}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D6FD8099-8B64-4A4F-939D-71F4DCCE4654}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D79520AC-BC34-484A-AABA-2127AD62F97A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D7F7BEF5-ABD4-4B85-AECE-2FD9E0DDB16F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D9567DFA-80A0-4A9F-A3B8-DF45A777DD6F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{D994E807-6F87-46AB-A7DC-5DA8813338A4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DB0D8EEA-ED01-4877-8DFC-1D048EE6BA7A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DBC661A8-946A-46FD-9CBF-4FD5E84BF8F4}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DD65758E-EE46-42C3-AE64-A5003B4C47F2}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DEE89120-9AB8-421E-8548-8228A3E8B021}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{DF636ED9-3328-45DD-A069-D95AEAEF0493}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E09F6E7A-12D8-4E3A-AB2F-328D68E08DB5}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E0B39F8D-2E62-4103-85AB-6D9EEC95D212}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E2383642-0F42-4718-9989-F767822E9022}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E286E750-8358-4C7C-9B87-53D2E7B6B119}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E310E16E-F719-454A-AD3D-812D45356C25}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E3AB500B-7141-4D59-BC6F-7EA628A94DEA}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E3BAAFB2-2623-4924-87C3-275882A5BD6A}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E418B9AC-5C73-4FDD-AB8E-EC165A339288}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E44A1F27-918C-4800-8D1F-54BCB2F8C344}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E49AB4BB-CA7F-4A90-B775-0CB88E48F875}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E4C0FE93-7388-4DE3-B3B4-9B9B85604931}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E6570C13-C36B-4A07-803B-B3DDAD286E73}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E84FC7BB-B33F-4EEA-9F35-DEC9F49FE100}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E8B02223-EDDE-4B34-B1CE-0458C77FC2E1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E9028390-A3E4-4EC8-8FCF-5F65E16D1728}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{E95EC689-094E-4B68-8CD6-9607BFEED49D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EA620DB4-E084-4199-97BC-7FE4CAEF9C7C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EB4C93CA-A2AB-4A57-906E-CC19F6961D3D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EB613649-063B-4544-80BD-C6870A872B41}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EC03100D-C090-415A-9B0A-9C940099EB81}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ED2E82AF-D94C-4148-9068-8CCF4ACC889B}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{ED68507B-46D0-467B-8A29-80B4CD1573F8}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EDF42BAC-DBC0-4A8D-9C31-E2762233F47C}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EE46CB2F-8C34-4C2D-A518-67F6B507287D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EE89C592-F26B-416C-A74F-CDFF3DCA1305}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{EFF84AD8-B774-4699-B160-198B99920626}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F3EE20DB-B4D9-4FF7-B2C6-6A4FB3596A38}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F3F78710-4D3C-4C48-B305-7B2BEDB10410}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F4BFDDB6-0B15-449E-A425-55AB18E33EE4}.ANN

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F55F5422-F758-4DF9-857A-4302A99FC9FB}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F6CC75D0-960C-458F-BA46-B34FE1C55643}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F6EBFAD8-3B3F-48C9-96F7-2C8C20B43B55}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F71C2CE3-4920-4DF9-95B8-D895A0FF2E87}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F80C92C2-A821-4677-B50F-1F15288E46CA}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F823C621-6351-45AD-B15B-4C7B62E29276}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F84BD060-C800-4192-87B3-C4B7ADDBDB4F}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F868BAD4-0834-4DD4-ABFB-371A45D80A91}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{F8C4CB74-DC93-4210-AA3B-568A3DFBFCAA}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FC6B93CA-EBF2-4BB0-BF13-485FF0BC93D1}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FD361363-D9B7-4253-9A2C-050521280C90}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FD4C3926-FDCF-42CE-B1A3-B3F56EC352BE}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FDC178B1-D0B8-4EE5-8FF1-0FDDFDE6498D}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FE33A2AF-6D7D-4450-A373-D074C48B7E86}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FE472A43-6D20-4424-B080-C991B8DF6A79}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FEC30EAD-E81B-4333-95E1-D721076E4BDC}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FF362866-4208-4946-A51D-D287E2B90FE7}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\{FFCAE9B6-7A2D-41C0-8F3A-87303C082C87}.TIF

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\fbk.sts

c:\documents and settings\vtewari\Local Settings\Temporary Internet Files\TempAnn.tmp

c:\program files\Common

c:\recycler\S-1-5-21-1217390584-4277175751-802309137-500

c:\recycler\S-1-5-21-1217902377-572023911-202798795-500

c:\recycler\S-1-5-21-1227394513-3536351638-1695338302-500

c:\recycler\S-1-5-21-1262618328-1462636851-3286993213-500

c:\recycler\S-1-5-21-1327079009-2111749817-1912604795-500

c:\recycler\S-1-5-21-1500826160-3693644323-698219342-500

c:\recycler\S-1-5-21-1606980848-606747145-682003330-1005

c:\recycler\S-1-5-21-1606980848-606747145-682003330-500

c:\recycler\S-1-5-21-1662757381-569527022-1593833163-500

c:\recycler\S-1-5-21-1721403634-1097047974-2694086253-500

c:\recycler\S-1-5-21-196574989-3277469933-42256743-500

c:\recycler\S-1-5-21-2116029844-4227404912-3071640610-500

c:\recycler\S-1-5-21-2214428612-3109298320-3657402991-500

c:\recycler\S-1-5-21-2641373605-2314955636-3407094535-500

c:\recycler\S-1-5-21-2666547893-547290626-141348200-500

c:\recycler\S-1-5-21-2943395483-479417999-1967988638-500

c:\recycler\S-1-5-21-3263195274-3041481093-3970812305-500

c:\recycler\S-1-5-21-3397542853-2082011447-125019259-500

c:\recycler\S-1-5-21-407872128-946764450-2912708799-500

c:\recycler\S-1-5-21-547319329-825754736-2758472541-500

c:\recycler\S-1-5-21-626977674-3388118148-1406371419-500

c:\windows\Installer\522e119.msi

c:\windows\system32\drivers\aydztnlsyhzd.sys

c:\windows\system32\drivers\str.sys

c:\windows\system32\drivers\TDSSmqlt.sys

c:\windows\system32\TDSSarxx.dll

c:\windows\system32\TDSScfmm.dll

c:\windows\system32\TDSSkkai.log

c:\windows\system32\TDSSlxcp.dll

c:\windows\system32\TDSSmtve.dat

c:\windows\system32\TDSSnmxh.log

c:\windows\system32\TDSSoiqt.dll

c:\windows\system32\TDSSsahc.dll

c:\windows\system32\TDSSvoql.dll

c:\windows\system32\TDSSxhyf.log

c:\windows\system32\vebimayo.dll

c:\windows\TEMP\logishrd\LVPrcInj06.dll

c:\windows\wiaserviv.log

c:\windows\system32\proquota.exe . . . is missing!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_TDSSSERV.SYS

-------\Legacy_TDSSSERV.SYS

-------\Legacy_ACPI32

-------\Legacy_ALGSHAREDACCESS

-------\Legacy_HTPQHY

-------\Legacy_NICSK32

-------\Service_ALGSharedAccess

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))

.

2009-07-04 14:50 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-04 14:50 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-04 14:50 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-04 14:50 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-04 14:50 . 2009-07-04 14:50 -------- d-----w- c:\program files\Avira

2009-07-04 14:50 . 2009-07-04 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll

2009-06-20 12:44 . 2009-06-24 01:04 -------- d-----w- c:\program files\Family Feud II

2009-06-20 12:38 . 2009-06-20 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon

2009-06-19 15:26 . 2009-06-19 15:26 1915520 ----a-w- c:\documents and settings\vtewari\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2009-06-09 19:59 . 2009-06-09 19:59 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-03 12:22 . 2007-12-25 14:56 -------- d-----w- c:\documents and settings\vtewari\Application Data\LimeWire

2009-07-02 10:02 . 2008-07-25 17:13 -------- d-----w- c:\program files\Microsoft Silverlight

2009-06-20 12:38 . 2009-02-07 13:56 -------- d-----w- c:\program files\Amazon

2009-06-19 17:48 . 2008-12-13 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-19 17:47 . 2009-03-25 10:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-17 15:27 . 2008-12-13 16:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 15:27 . 2008-12-13 16:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-09 20:00 . 2006-10-04 14:22 -------- d-----w- c:\program files\Java

2009-05-28 22:07 . 2009-05-01 13:52 -------- d-----w- c:\documents and settings\vtewari\Application Data\gtk-2.0

2009-05-26 10:36 . 2007-10-27 14:01 -------- d-----w- c:\program files\Google

2009-05-21 15:33 . 2008-12-21 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-16 22:38 . 2007-12-29 16:33 -------- d-----w- c:\program files\LimeWire

2009-05-10 15:46 . 2008-12-02 01:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-05-10 15:46 . 2008-12-02 01:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-05-08 13:20 . 2009-05-08 13:20 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys

2009-05-08 13:12 . 2009-05-08 12:53 32 --s-a-w- c:\windows\system32\612250469.dat

2009-05-08 12:56 . 2009-05-08 12:56 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys

2009-05-08 12:54 . 2009-05-08 12:54 22696 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.dll

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2009-04-11 22:15 . 2009-04-11 22:15 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-11 19:08 . 2008-11-25 11:01 664 ----a-w- c:\windows\system32\d3d9caps.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]

"Google Update"="c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]

"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-05-20 223744]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-12-25 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]

2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]

2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]

2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5sbxx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\lxddcoms.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\WINDOWS\\keyacc32.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=

"c:\\WINDOWS\\system32\\wisptis.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/4/2009 10:50 AM 108289]

R2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\brownsw\VPNCLN~1\INSTAL~1.EXE [12/25/2008 2:39 PM 217219]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 5:05 PM 87808]

R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 2:09 PM 34736]

S0 ati5sbxx;ati5sbxx;c:\windows\system32\Drivers\ati5sbxx.sys --> c:\windows\system32\Drivers\ati5sbxx.sys [?]

S0 rlwcn;rlwcn;c:\windows\system32\drivers\gcwpzi.sys --> c:\windows\system32\drivers\gcwpzi.sys [?]

S2 htpqhy;htpqhy;\??\c:\windows\system32\drivers\aydztnlsyhzd.sys --> c:\windows\system32\drivers\aydztnlsyhzd.sys [?]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [12/30/2007 1:27 PM 99248]

S2 rslrwtte;rslrwtte;c:\windows\system32\drivers\jcfrvoky.sys --> c:\windows\system32\drivers\jcfrvoky.sys [?]

S2 sdhnyu;sdhnyu;c:\windows\system32\drivers\uvyleveo.sys --> c:\windows\system32\drivers\uvyleveo.sys [?]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/20/2009 8:38 AM 297472]

S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2/13/2009 8:07 PM 46108]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]

S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [7/14/2005 1:19 PM 23936]

S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [9/15/2006 11:44 AM 13568]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrvI7

.

Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869Core.job

- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869UA.job

- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: {CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC} = 202.149.208.92,202.149.208.11

DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab

DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxssl.cab

DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab

DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.142.downloads.estara.com./as/OneCCDM.php?template=83205&sessionid=1053845106_72.221.65.205_60883&=&req=1228491227562OneCC.cab

DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxp://tw.bgpma.com/Touchworks/DictationController.cab

DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab

DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} - hxxp://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab

DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB

DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab

DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} - hxxp://emr.bgpma.com/IDXICW/IDXM/icw.CAB

DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab

DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://tw.bgpma.com/Touchworks/DictateBar.cab

DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab

DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab

FF - ProfilePath - c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\

FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-06 20:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ??? ???????(?@???????@

scanning hidden files ...

c:\windows\system32\drivers\hjgruiylktlkuo.sys 67072 bytes executable

c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000 0 bytes

c:\windows\TEMP\hjgruirkwlxdnprd.tmp 18944 bytes executable

c:\windows\system32\hjgruideqtnylb.dll 18944 bytes executable

c:\windows\system32\hjgruidvibpjwy.dat 93 bytes

c:\windows\system32\hjgruilog.dat 50 bytes

c:\windows\system32\hjgruimpxbrqpd.dat 34537 bytes

c:\windows\system32\hjgruivxviuxym.dll 19456 bytes executable

c:\windows\system32\hjgruiypyygyoi.dll 42496 bytes executable

scan completed successfully

hidden files: 9

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruiuwpiimrd]

"imagepath"="\systemroot\system32\drivers\hjgruiylktlkuo.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1808)

c:\windows\system32\MSVCRT40.dll

- - - - - - - > 'explorer.exe'(5896)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\windows journal\nbmaptip.dll

c:\windows\IME\SPGRMR.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\windows\system32\scardsvr.exe

c:\windows\system32\wisptis.exe

c:\windows\system32\tabbtnu.exe

c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe

c:\windows\system32\igfxsrvc.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\lxddcoms.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\ZuneBusEnum.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2009-07-07 20:38 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-07 00:38

Pre-Run: 31,703,957,504 bytes free

Post-Run: 32,471,879,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

687

And here is the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:42:00 PM, on 7/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\BrownSW\VPNCLN~1\INSTAL~1.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: IDXHlprObj Class - {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files\IDX Web Desktop\IDXIEController.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: DictateBHO - {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll

O3 - Toolbar: TouchWorks Dictate - {6F60C5C5-61B3-4378-8902-ED9497663AC9} - C:\WINDOWS\Downloaded Program Files\DictateBar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} (Engine Class) - /Touchworks/AHSCompressionEngine.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} (IDXssl Class) - http://emr.bgpma.com/IDXICW/IDXM/idxssl.cab

O16 - DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} (WAVSCtl.WAVitalSignsCtl) - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab

O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab

O16 - DPF: {46965FE7-2129-407B-938C-BE358A56D11E} (AICViewer.Viewer) - /touchworks/docworks/chworks/note/aicviewer3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229557813171

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.14.142.downloads.estara.com...227562OneCC.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232477913984

O16 - DPF: {77C84519-8818-4E32-9540-653A9905C9F6} (DictationController Class) - http://tw.bgpma.com/Touchworks/DictationController.cab

O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl) - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab

O16 - DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} (Pesgoa Control) - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab

O16 - DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} (Flowcast LDAP Class) - http://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} (DictionaryManager.Dictionary) - /Touchworks/DictionaryManager.CAB

O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab

O16 - DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} (IDX TermWin Control) - http://emr.bgpma.com/IDXICW/IDXM/icw.CAB

O16 - DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} (TWRTFControl) - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab

O16 - DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} (DictateBandInstaller) - https://tw.bgpma.com/Touchworks/DictateBar.cab

O16 - DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} (IDXcsvr Control Class) - http://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab

O16 - DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} (AIC_ViewerAS2.Viewer) - /TouchWorks/docworks/chworks/note/aic_viewer2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bgpma.com

O17 - HKLM\Software\..\Telephony: DomainName = bgpma.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC}: NameServer = 202.149.208.92,202.149.208.11

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bgpma.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bgpma.com

O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\BrownSW\VPNCLN~1\INSTAL~1.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe

O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 14414 bytes

Again, thank you immensely for your help

Link to post
Share on other sites

  • Root Admin

Very sorry for the delay. I lost track of your post.

Please run the following.

STEP 01

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::
Driver::
ati5sbxx
rlwcn
htpqhy
rslrwtte
sdhnyu
File::
c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000
c:\windows\system32\Drivers\ati5sbxx.sys
c:\windows\system32\drivers\aydztnlsyhzd.sys
c:\windows\system32\drivers\gcwpzi.sys
c:\windows\system32\drivers\hjgruiylktlkuo.sys
c:\windows\system32\drivers\jcfrvoky.sys
c:\windows\system32\drivers\uvyleveo.sys
c:\windows\system32\hjgruideqtnylb.dll
c:\windows\system32\hjgruidvibpjwy.dat
c:\windows\system32\hjgruilog.dat
c:\windows\system32\hjgruimpxbrqpd.dat
c:\windows\system32\hjgruivxviuxym.dll
c:\windows\system32\hjgruiypyygyoi.dll
c:\windows\TEMP\hjgruirkwlxdnprd.tmp
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruiuwpiimrd]

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply.

STEP 03

Please disable your current Anti-Virus and run the following Online AV scanner

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Link to post
Share on other sites

Thanks again for your reply.

Here is my new combofix log. The next two messages will have the other logs:

ComboFix 09-07-14.07 - vtewari 07/14/2009 21:49.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.579 [GMT -4:00]

Running from: c:\documents and settings\vtewari\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\vtewari\Desktop\CFscript.txt

FILE ::

"c:\docume~1\vtewari\LOCALS~1\Temp\hjgrui000"

"c:\windows\system32\Drivers\ati5sbxx.sys"

"c:\windows\system32\drivers\aydztnlsyhzd.sys"

"c:\windows\system32\drivers\gcwpzi.sys"

"c:\windows\system32\drivers\hjgruiylktlkuo.sys"

"c:\windows\system32\drivers\jcfrvoky.sys"

"c:\windows\system32\drivers\uvyleveo.sys"

"c:\windows\system32\hjgruideqtnylb.dll"

"c:\windows\system32\hjgruidvibpjwy.dat"

"c:\windows\system32\hjgruilog.dat"

"c:\windows\system32\hjgruimpxbrqpd.dat"

"c:\windows\system32\hjgruivxviuxym.dll"

"c:\windows\system32\hjgruiypyygyoi.dll"

"c:\windows\TEMP\hjgruirkwlxdnprd.tmp"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\hjgruilog.dat

c:\windows\system32\hjgruivxviuxym.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\proquota.exe . . . is missing!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ATI5SBXX

-------\Service_ati5sbxx

-------\Service_htpqhy

-------\Service_rlwcn

-------\Service_rslrwtte

-------\Service_sdhnyu

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))

.

2009-07-15 00:26 . 2009-07-15 00:26 19456 ----a-w- c:\windows\system32\_hjgruivxviuxym.dll_.vir

2009-07-15 00:20 . 2009-07-15 00:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ApplicationHistory

2009-07-15 00:20 . 2009-07-15 00:20 135 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fusioncache.dat

2009-07-04 14:50 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll

2009-06-20 12:44 . 2009-06-24 01:04 -------- d-----w- c:\program files\Family Feud II

2009-06-20 12:38 . 2009-06-20 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon

2009-06-19 15:26 . 2009-06-19 15:26 1915520 ----a-w- c:\documents and settings\vtewari\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-12 18:21 . 2007-12-25 14:56 -------- d-----w- c:\documents and settings\vtewari\Application Data\LimeWire

2009-07-02 10:02 . 2008-07-25 17:13 -------- d-----w- c:\program files\Microsoft Silverlight

2009-06-20 12:38 . 2009-02-07 13:56 -------- d-----w- c:\program files\Amazon

2009-06-19 17:48 . 2008-12-13 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-19 17:47 . 2009-03-25 10:51 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-17 15:27 . 2008-12-13 16:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 15:27 . 2008-12-13 16:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-09 20:00 . 2006-10-04 14:22 -------- d-----w- c:\program files\Java

2009-06-09 19:59 . 2009-06-09 19:59 152576 ----a-w- c:\documents and settings\vtewari\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-05-28 22:07 . 2009-05-01 13:52 -------- d-----w- c:\documents and settings\vtewari\Application Data\gtk-2.0

2009-05-26 10:36 . 2007-10-27 14:01 -------- d-----w- c:\program files\Google

2009-05-21 15:33 . 2008-12-21 21:50 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-16 22:38 . 2007-12-29 16:33 -------- d-----w- c:\program files\LimeWire

2009-05-08 13:20 . 2009-05-08 13:20 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys

2009-05-08 13:12 . 2009-05-08 12:53 32 --s-a-w- c:\windows\system32\612250469.dat

2009-05-08 12:56 . 2009-05-08 12:56 10412 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys

2009-05-08 12:54 . 2009-05-08 12:54 22696 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.dll

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2009-06-12 21:37 . 2008-12-14 20:30 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-07-07_00.31.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-15 01:58 . 2009-07-15 01:58 16384 c:\windows\temp\Perflib_Perfdata_c74.dat

+ 2006-02-28 12:00 . 2009-07-09 20:49 61084 c:\windows\system32\perfc009.dat

+ 2007-10-24 05:47 . 2007-10-24 05:47 15360 c:\windows\system32\mui\0409\mscorees.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\system32\mscories.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 96760 c:\windows\system32\dfshim.dll

+ 2006-09-15 20:08 . 2009-07-14 22:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-09-15 20:08 . 2009-07-07 00:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2006-09-15 20:08 . 2009-07-14 22:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2006-09-15 20:08 . 2009-07-07 00:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2007-10-24 05:47 . 2007-10-24 05:47 37896 c:\windows\Microsoft.Net\Framework\v2.0.50727\WMINet_Utils.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 81400 c:\windows\Microsoft.Net\Framework\v2.0.50727\TLBREF.DLL

+ 2007-10-24 05:47 . 2007-10-24 05:47 90112 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 57392 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.Design.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Configuration.Install.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 95232 c:\windows\Microsoft.Net\Framework\v2.0.50727\ShFusRes.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 61952 c:\windows\Microsoft.Net\Framework\v2.0.50727\regtlibv12.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegSvcs.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegSvcs.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 53248 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegAsm.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows\Microsoft.Net\Framework\v2.0.50727\RegAsm.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 89096 c:\windows\Microsoft.Net\Framework\v2.0.50727\PerfCounter.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 24584 c:\windows\Microsoft.Net\Framework\v2.0.50727\normalization.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 31744 c:\windows\Microsoft.Net\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 19456 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscortim.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 70144 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsvw.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 18944 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsn.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 77312 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsec.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 94208 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorld.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 47104 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorie.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 83456 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordbc.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 69632 c:\windows\Microsoft.Net\Framework\v2.0.50727\MSBuild.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows\Microsoft.Net\Framework\v2.0.50727\MSBuild.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 97792 c:\windows\Microsoft.Net\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 12800 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 40960 c:\windows\Microsoft.Net\Framework\v2.0.50727\jsc.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows\Microsoft.Net\Framework\v2.0.50727\jsc.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows\Microsoft.Net\Framework\v2.0.50727\ISymWrapper.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 72192 c:\windows\Microsoft.Net\Framework\v2.0.50727\ISymWrapper.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 65032 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtilLib.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtil.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\InstallUtil.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEHost.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 18936 c:\windows\Microsoft.Net\Framework\v2.0.50727\fusion.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 66552 c:\windows\Microsoft.Net\Framework\v2.0.50727\dfdll.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 35320 c:\windows\Microsoft.Net\Framework\v2.0.50727\cvtres.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 69120 c:\windows\Microsoft.Net\Framework\v2.0.50727\CustomMarshalers.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 27136 c:\windows\Microsoft.Net\Framework\v2.0.50727\Culture.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 13312 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscompmgd.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscompmgd.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 80376 c:\windows\Microsoft.Net\Framework\v2.0.50727\csc.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 33280 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_wp.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 33800 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_state.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 32776 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regiis.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 24576 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_rc.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 33288 c:\windows\Microsoft.Net\Framework\v2.0.50727\Aspnet_perf.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 17928 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_isapi.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 22024 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_filter.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_compiler.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_compiler.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 59392 c:\windows\Microsoft.Net\Framework\v2.0.50727\AppLaunch.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 99320 c:\windows\Microsoft.Net\Framework\v2.0.50727\alink.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 10752 c:\windows\Microsoft.Net\Framework\v2.0.50727\Accessibility.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.Net\Framework\v2.0.50727\Accessibility.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 13824 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\alinkui.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 97280 c:\windows\Microsoft.Net\Framework\v1.0.3705\mscormmc.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\SharedReg12.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp20_perfcounter.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp20_mscorwks.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.Net\Framework\sbscmp10.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 82944 c:\windows\Microsoft.Net\Framework\NETFXSBS10.exe

+ 2009-07-07 17:49 . 2009-07-07 17:49 86528 c:\windows\Installer\5df30b.msi

+ 2009-07-07 19:29 . 2009-07-07 19:29 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\UIXControls\6e4069707f650352d7dad858289692df\UIXControls.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll

+ 2009-07-07 19:28 . 2009-07-07 19:28 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll

+ 2009-07-07 19:28 . 2009-07-07 19:28 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe

+ 2009-07-07 19:28 . 2009-07-07 19:28 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 7168 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 5632 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 6656 c:\windows\Microsoft.Net\Framework\v2.0.50727\IIEHost.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExecRemote.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 8192 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExecRemote.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExec.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 9728 c:\windows\Microsoft.Net\Framework\v2.0.50727\IEExec.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 5120 c:\windows\Microsoft.Net\Framework\v2.0.50727\dfsvc.exe

+ 2009-07-07 17:48 . 2009-07-07 17:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2007-10-09 18:33 . 2007-10-09 18:33 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll

+ 2006-02-28 12:00 . 2009-07-09 20:49 401472 c:\windows\system32\perfh009.dat

+ 2007-10-24 05:47 . 2007-10-24 05:47 158720 c:\windows\system32\mscorier.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 282112 c:\windows\system32\mscoree.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 434688 c:\windows\Microsoft.Net\Framework\v2.0.50727\webengine.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 839680 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.Services.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 884736 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 261120 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Transactions.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Security.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Security.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 131072 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 299008 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Remoting.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 299008 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Messaging.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Messaging.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Management.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 113664 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 630784 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Drawing.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 188416 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 401408 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 933888 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Deployment.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 741376 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 483840 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 425984 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.configuration.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\sysglobl.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\sysglobl.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 392696 c:\windows\Microsoft.Net\Framework\v2.0.50727\SOS.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 119296 c:\windows\Microsoft.Net\Framework\v2.0.50727\shfusion.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 144896 c:\windows\Microsoft.Net\Framework\v2.0.50727\peverify.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 101880 c:\windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 242688 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorsvc.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 340992 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorrc.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorpe.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 348672 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorjit.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 308224 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordbi.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 822280 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscordacwks.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 671744 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

- 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

- 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 749568 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 655360 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 348160 c:\windows\Microsoft.Net\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 230904 c:\windows\Microsoft.Net\Framework\v2.0.50727\ilasm.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 798224 c:\windows\Microsoft.Net\Framework\v2.0.50727\EventLogMessages.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 572936 c:\windows\Microsoft.Net\Framework\v2.0.50727\diasymreader.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 101896 c:\windows\Microsoft.Net\Framework\v2.0.50727\CORPerfMonExt.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\CasPol.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\CasPol.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 507904 c:\windows\Microsoft.Net\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regsql.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.Net\Framework\v2.0.50727\aspnet_regsql.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 147968 c:\windows\Microsoft.Net\Framework\v2.0.50727\AdoNetDiag.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 218112 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 193016 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 145408 c:\windows\Microsoft.Net\Framework\v2.0.50727\1033\cscompui.dll

+ 2007-11-07 19:07 . 2007-11-07 19:07 999936 c:\windows\Installer\5df314.msp

+ 2007-11-07 18:56 . 2007-11-07 18:56 553472 c:\windows\Installer\5df311.msp

+ 2007-11-07 18:58 . 2007-11-07 18:58 908800 c:\windows\Installer\5df30d.msp

+ 2007-11-07 18:54 . 2007-11-07 18:54 507392 c:\windows\Installer\5df30c.msp

+ 2009-07-07 19:29 . 2009-07-07 19:29 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 733184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 815104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll

+ 2009-07-07 17:57 . 2009-07-07 17:57 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll

+ 2009-07-07 19:28 . 2009-07-07 19:28 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll

+ 2009-07-07 19:28 . 2009-07-07 19:28 876544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll

+ 2009-07-07 19:28 . 2009-07-07 19:28 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll

+ 2009-07-07 19:28 . 2009-07-07 19:28 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2007-10-09 18:33 . 2007-10-09 18:33 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 1344000 c:\windows\Microsoft.Net\Framework\v2.0.50727\VsaVb7rt.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 1172472 c:\windows\Microsoft.Net\Framework\v2.0.50727\vbc.exe

+ 2007-10-24 05:47 . 2007-10-24 05:47 2068480 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.XML.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 5013504 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 5431296 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Web.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 3076096 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 5070848 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Design.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 3036160 c:\windows\Microsoft.Net\Framework\v2.0.50727\System.Data.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 5814784 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorwks.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 4444160 c:\windows\Microsoft.Net\Framework\v2.0.50727\mscorlib.dll

+ 2007-10-24 05:47 . 2007-10-24 05:47 1162744 c:\windows\Microsoft.Net\Framework\v2.0.50727\cscomp.dll

+ 2007-11-07 18:50 . 2007-11-07 18:50 6055936 c:\windows\Installer\5df313.msp

+ 2007-11-07 19:00 . 2007-11-07 19:00 3407360 c:\windows\Installer\5df312.msp

+ 2007-11-07 18:46 . 2007-11-07 18:46 3010560 c:\windows\Installer\5df310.msp

+ 2007-11-07 19:02 . 2007-11-07 19:02 6473216 c:\windows\Installer\5df30f.msp

+ 2007-11-07 19:12 . 2007-11-07 19:12 2533376 c:\windows\Installer\5df30e.msp

+ 2009-07-07 19:29 . 2009-07-07 19:29 2932736 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\92fd478f4e94520543b7f5b39052de61\ZuneShell.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 1523712 c:\windows\assembly\NativeImages_v2.0.50727_32\ZuneDBApi\b9227e075c3cd6a3cf2f3fdeeb0cd296\ZuneDBApi.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 5517312 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX\980ffc2e13c341c36c64c93139305761\UIX.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 2256896 c:\windows\assembly\NativeImages_v2.0.50727_32\UIX.RenderApi\62097460d5f4aa49ff059fa7a6a40c44\UIX.RenderApi.ni.dll

+ 2009-07-07 17:56 . 2009-07-07 17:56 8265728 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll

+ 2009-07-07 18:00 . 2009-07-07 18:00 5771264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll

+ 2009-07-07 17:57 . 2009-07-07 17:57 1667072 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 1224704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 1798144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll

+ 2009-07-07 17:56 . 2009-07-07 17:56 7049216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 2756608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 1183744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 1011712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll

+ 2009-07-07 19:28 . 2009-07-07 19:28 1695744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2009-07-07 17:48 . 2009-07-07 17:48 4444160 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-07-07 18:00 . 2009-07-07 18:00 13193216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll

+ 2009-07-07 19:29 . 2009-07-07 19:29 12509184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll

+ 2009-07-07 17:56 . 2009-07-07 17:57 10969088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll

+ 2009-07-07 17:56 . 2009-07-07 17:56 11722752 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-16 1200128]

"Google Update"="c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]

"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-26 271872]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-05-20 223744]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-12-25 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]

2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]

2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]

2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\lxddcoms.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\vtewari\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\WINDOWS\\keyacc32.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=

"c:\\WINDOWS\\system32\\wisptis.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]

R2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\brownsw\VPNCLN~1\INSTAL~1.EXE [12/25/2008 2:39 PM 217219]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 5:05 PM 87808]

R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [1/22/2007 2:09 PM 34736]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [12/30/2007 1:27 PM 99248]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [6/20/2009 8:38 AM 297472]

S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2/13/2009 8:07 PM 46108]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]

S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [7/14/2005 1:19 PM 23936]

S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [9/15/2006 11:44 AM 13568]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrvI7

.

Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869Core.job

- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333544005-732890874-926709054-2869UA.job

- c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 13:04]

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll

SafeBoot-ati5sbxx.sys

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: {CEEDBCB4-4E3A-4D8B-9A4B-472F41939AFC} = 202.149.208.92,202.149.208.11

DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab

DPF: {18D0680E-E927-11D3-B34E-00C04FAC4E43} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxssl.cab

DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab

DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.142.downloads.estara.com./as/OneCCDM.php?template=83205&sessionid=1053845106_72.221.65.205_60883&=&req=1228491227562OneCC.cab

DPF: {77C84519-8818-4E32-9540-653A9905C9F6} - hxxp://tw.bgpma.com/Touchworks/DictationController.cab

DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab

DPF: {9192D4F0-C65C-43C9-9160-D0DA5F9934B8} - hxxp://emr.bgpma.com/IDXICW/IDXM/FlowcastLDAP.cab

DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB

DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab

DPF: {B50B4ECE-666C-11D1-8DB2-000000000000} - hxxp://emr.bgpma.com/IDXICW/IDXM/icw.CAB

DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab

DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://tw.bgpma.com/Touchworks/DictateBar.cab

DPF: {C0FFB157-3B62-477B-8DEA-203247B88C04} - hxxp://emr.bgpma.com/IDXICW/IDXM/idxcsvr.cab

DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab

FF - ProfilePath - c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\

FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\Firefox\Profiles\ae0283l9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\documents and settings\vtewari\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\vtewari\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-14 21:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???pT??????(?@???????@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6964)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\windows journal\nbmaptip.dll

c:\windows\IME\SPGRMR.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\windows\system32\scardsvr.exe

c:\windows\system32\wisptis.exe

c:\windows\system32\tabbtnu.exe

c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe

c:\windows\system32\igfxsrvc.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\lxddcoms.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\ZuneBusEnum.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2009-07-15 22:03 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-15 02:03

ComboFix2.txt 2009-07-07 00:38

Pre-Run: 32,220,848,128 bytes free

Post-Run: 32,234,414,080 bytes free

552

Link to post
Share on other sites

Here is my new malwarevytes log:

Malwarebytes' Anti-Malware 1.39

Database version: 2421

Windows 5.1.2600 Service Pack 2

7/14/2009 10:15:27 PM

mbam-log-2009-07-14 (22-15-27).txt

Scan type: Quick Scan

Objects scanned: 113520

Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

and here is my eset log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# IEXPLORE.EXE=7.00.6000.16791 (vista_gdr.081217-1620)

# OnlineScanner.ocx=1.0.0.5886

# api_version=3.0.2

# EOSSerial=7ac72c70fa7822409a195eab816842dd

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-07-15 02:54:57

# local_time=2009-07-14 10:54:57 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=3585 63 50 0 0

# scanned=54327

# found=3

# cleaned=0

# scan_time=1566

C:\Documents and Settings\All Users\Documents\Amazon Games & Software\FamilyFeudIISetup.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I

C:\Program Files\Family Feud II\FamilyFeud.RWG probably unknown NewHeur_PE virus 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\13B5E8A1.exe.vir probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I

Thanks again for your generous help!

Link to post
Share on other sites

  • Root Admin

How is the computer running now?

Are there still any signs of infection?

Please upload this file C:\Documents and Settings\All Users\Documents\Amazon Games & Software\FamilyFeudIISetup.exe to VirusTotal and post back the results.

Please delete this file: c:\windows\system32\_hjgruivxviuxym.dll_.vir

Please download and run these tools which are designed to restore some standard policy settings. They are not harmful.

    VArestorepolicies.INF
  • Download this INF repair file from here: VArestorepolicies.zip by MS-MVP Miekiemoes
  • Unzip or open the file VArestorepolicies.zip
  • Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install
    FixPolicies.exe
  • Download this self-extracting ZIP archive from here: FixPolicies.exe by MS-MVP Bill Castner and save it to your desktop.
  • Double-click FixPolicies.exe
  • Click the "Install" button on the bottom toolbar of the box that will open
  • The program will create a new Folder called FixPolicies
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
  • A black box will briefly appear and then close
  • These fixes may prove temporary. Active malware may revert these changes on your next startup. You can safely run these utilities again.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.