Jump to content

Trojan.Agent


dennisl

Recommended Posts

I unfortunately have an infection with the above.

Last year I had a similar problem & re followed your earlier instrucions using Combofix, but regret this has not been succesful on this occasion.

Logs below -hope you can help.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:40:05, on 09/09/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\SRNMIC~1\SOLOSENT.EXE

C:\SRNMIC~1\SOLOCFG.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\WinZip\winzip32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloadcenter.intel.com/detail_des...;ProductID=1784

R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\intel\wireless\bin\ifrmewrksrv.exe,c:\program files\microsoft\desktoplayer.exe,

O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soloSentry] C:\SRNMIC~1\SOLOSENT.EXE

O4 - HKLM\..\Run: [soloSchedule] C:\SRNMIC~1\SOLOCFG.EXE

O4 - HKLM\..\Run: [soloSysCheck] C:\SRNMIC~1\SYSCHECK.COM

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [nonep] C:\Program Files\riv87\oops.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 6701 bytes

ComboFix 10-09-08.01 - **** 09/09/2010 8:57.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.702 [GMT 1:00]

Running from: c:\documents and settings\****\Desktop\ComboFix.exe

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\****\Application Data\Qeca\yqvo.exe

c:\documents and settings\****\Local Settings\Application Data\{C40D5472-713E-4487-969F-EE9A1F58AA14}

c:\documents and settings\****\Local Settings\Application Data\{C40D5472-713E-4487-969F-EE9A1F58AA14}\chrome.manifest

c:\documents and settings\****\Local Settings\Application Data\{C40D5472-713E-4487-969F-EE9A1F58AA14}\chrome\content\_cfg.js

c:\documents and settings\****\Local Settings\Application Data\{C40D5472-713E-4487-969F-EE9A1F58AA14}\chrome\content\overlay.xul

c:\documents and settings\****\Local Settings\Application Data\{C40D5472-713E-4487-969F-EE9A1F58AA14}\install.rdf

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

c:\windows\alacigitulob.dll

c:\windows\eladihos.dll

c:\windows\eriqamab.dll

c:\windows\exakeyoj.dll

c:\windows\eyesecoqaf.dll

c:\windows\otowasil.dll

c:\windows\ugunepubikehejon.dll

c:\windows\uwovuzitoha.dll

c:\windows\uyuxiqeni.dll

Infected copy of c:\windows\system32\drivers\WudfPf.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))

.

2010-09-08 14:30 . 2010-09-09 08:07 -------- d-----w- c:\program files\riv87

2010-09-07 21:43 . 2010-09-07 21:43 -------- d-----w- c:\program files\syst32

2010-09-07 21:43 . 2010-09-09 08:07 -------- d-----w- c:\program files\Microsoft

2010-08-19 12:44 . 2010-08-19 12:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 08:10 . 2009-07-09 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-09-09 08:10 . 2008-04-30 02:42 -------- d-----w- c:\documents and settings\****\Application Data\Utakl

2010-09-09 08:04 . 2009-07-10 05:35 -------- d-----w- c:\documents and settings\****\Application Data\Qeca

2010-09-09 07:48 . 2010-05-07 10:07 -------- d-----w- c:\documents and settings\****\Application Data\Ogoton

2010-09-08 15:04 . 2008-09-29 02:51 -------- d-----w- c:\documents and settings\****\Application Data\Ewrahi

2010-09-08 15:02 . 2009-04-21 15:05 -------- d-----w- c:\documents and settings\****\Application Data\Rugywe

2010-09-08 14:40 . 2010-05-16 11:24 -------- d-----w- c:\documents and settings\****\Application Data\Oqid

2010-09-08 14:40 . 2010-01-21 11:30 -------- d-----w- c:\documents and settings\****\Application Data\Axyduc

2010-09-08 14:31 . 2008-09-22 14:26 -------- d-----w- c:\documents and settings\****\Application Data\Geope

2010-09-08 14:29 . 2009-01-19 14:21 29748924 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-07 22:13 . 2009-01-08 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-07 22:04 . 2009-08-11 19:27 217600 ----a-w- C:\UNWISE.EXE

2010-09-07 22:03 . 2008-07-12 09:38 -------- d-----w- c:\documents and settings\****\Application Data\Foacru

2010-09-07 21:43 . 2010-09-08 15:02 170982 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2010-09-07 21:37 . 2008-04-08 15:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-01 13:37 . 2010-03-16 18:36 -------- d-----w- c:\documents and settings\****\Application Data\Ofexug

2010-08-05 21:18 . 2010-08-05 21:18 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2010-07-26 12:44 . 2010-06-28 16:59 -------- d-----w- c:\program files\iTunes

2010-07-26 12:43 . 2010-07-26 12:43 -------- d-----w- c:\program files\iPod

2010-07-26 12:43 . 2008-04-08 15:47 -------- d-----w- c:\program files\Common Files\Apple

2010-07-21 14:49 . 2010-07-21 14:49 339968 ----a-w- c:\windows\system32\RapportBuka.dll

2010-07-20 12:15 . 2010-07-20 12:15 -------- d-----w- c:\documents and settings\****\Application Data\CheckPoint

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\Conduit

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\ZoneAlarm

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\CheckPoint

2010-07-20 10:20 . 2010-07-20 10:20 38 ----a-w- c:\windows\SOLOSCAN.BAT

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\documents and settings\****\Application Data\Malwarebytes

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 08:47 . 2010-07-20 08:46 -------- d-----w- c:\program files\Registry Patrol

2010-07-19 17:26 . 2009-07-09 11:19 -------- d-----w- c:\program files\Kontiki

2010-07-19 16:44 . 2010-02-23 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-19 16:02 . 2010-07-19 16:02 -------- d-----w- c:\program files\Enigma Software Group

2010-07-19 10:46 . 2010-07-19 10:46 120 ----a-w- c:\windows\Mmaci.dat

2010-07-19 10:46 . 2010-07-19 10:46 0 ----a-w- c:\windows\Wrejupukalegete.bin

2010-07-16 09:35 . 2010-07-12 15:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-16 09:35 . 2010-07-12 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-23 12:51 . 2010-07-20 12:09 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-06-23 12:51 . 2010-07-20 12:09 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-06-23 12:51 . 2010-07-20 12:09 103936 ----a-w- c:\windows\system32\zlcommdb.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-09-09 860160]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-09-09 753664]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]

"SoloSentry"="c:\srnmic~1\SOLOSENT.EXE" [2009-10-15 77824]

"SoloSchedule"="c:\srnmic~1\SOLOCFG.EXE" [2009-10-15 303104]

"SoloSysCheck"="c:\srnmic~1\SYSCHECK.COM" [2010-03-27 237568]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"nonep"="c:\program files\riv87\oops.exe" [2010-09-09 156160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 13:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-07-14 16:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-07-14 16:07 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inini]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]

2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2009-11-10 09:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nonep]

2010-09-07 22:03 211456 ----a-w- c:\program files\syst32\oops.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-07 21:59 479232 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 09:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Common Files\\ProspectSoft Shared\\ASA\\Win32\\dbeng9.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 22:16 390528]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]

S0 adxsvy;adxsvy;c:\windows\system32\drivers\axlcst.sys --> c:\windows\system32\drivers\axlcst.sys [?]

S0 dldm;dldm;c:\windows\system32\drivers\pgmsgog.sys --> c:\windows\system32\drivers\pgmsgog.sys [?]

S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 0]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 0]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [06/08/2009 11:58 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [06/08/2009 11:58 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [06/08/2009 11:58 122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [06/08/2009 11:59 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [06/08/2009 11:59 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [06/08/2009 11:59 111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [06/08/2009 11:59 117544]

.

Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://downloadcenter.intel.com/detail_desc.aspx?DwnldID=8061&ProductID=1784

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

.

------- File Associations -------

.

scrfile="%1" %*

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-kdx - c:\program files\Kontiki\KHost.exe

MSConfigStartUp-Vnotuje - c:\windows\pcococ.dll

MSConfigStartUp-{4E3F9816-F833-D799-57F1-5180EB3B6E08} - c:\documents and settings\****\Application Data\Ewrahi\ubum.exe

MSConfigStartUp-{E0A2501B-F1A1-65FB-2FEA-50C8FA682158} - c:\documents and settings\****\Application Data\Axyduc\pahy.exe

AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-09 09:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5328)

c:\windows\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Kontiki\KService.exe

c:\program files\Trusteer\Rapport\bin\RapportService.exe

.

**************************************************************************

.

Completion time: 2010-09-09 09:18:31 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-09 08:18

Pre-Run: 70,225,047,552 bytes free

Post-Run: 68,866,592,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EF77BA77E74D95289B32594268749D88

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4578

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

09/09/2010 12:18:09

mbam-log-2010-09-09 (12-18-09).txt

Scan type: Quick scan

Objects scanned: 139837

Time elapsed: 10 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,c:\program files\intel\wireless\bin\ifrmewrksrv.exe,c:\program files\microsoft\desktoplayer.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

I removed the file but after reboot it reappeared.

When the file was deleted the comp was slow to start up, but after another restart it seems fairly normal. I tried removing with MWB but as you can see the infection keeps coming back again.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:46:28, on 13/09/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\SRNMIC~1\SOLOSENT.EXE

C:\SRNMIC~1\SOLOCFG.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloadcenter.intel.com/detail_des...;ProductID=1784

R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\intel\wireless\bin\ifrmewrksrv.exe,c:\program files\microsoft\desktoplayer.exe,,c:\program files\intel\wireless\bin\ifrmewrksrvsrv.exe

O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [soloSentry] C:\SRNMIC~1\SOLOSENT.EXE

O4 - HKLM\..\Run: [soloSchedule] C:\SRNMIC~1\SOLOCFG.EXE

O4 - HKLM\..\Run: [soloSysCheck] C:\SRNMIC~1\SYSCHECK.COM

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [nonep] C:\Program Files\riv87\oops.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 6756 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4603

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

13/09/2010 10:05:04

mbam-log-2010-09-13 (10-05-04).txt

Scan type: Quick scan

Objects scanned: 141017

Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,c:\program files\intel\wireless\bin\ifrmewrksrv.exe,c:\program files\microsoft\desktoplayer.exe,,c:\program files\intel\wireless\bin\ifrmewrksrvsrv.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4603

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

13/09/2010 10:21:37

mbam-log-2010-09-13 (10-21-37).txt

Scan type: Quick scan

Objects scanned: 141079

Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here's the new log file as requested

The computer is running much better at the moment.

ComboFix 10-09-12.04 - *** 13/09/2010 20:13:58.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.519 [GMT 1:00]

Running from: c:\documents and settings\***\Desktop\ComboFix1.exe

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\***\Application Data\Rugywe

c:\documents and settings\***\Application Data\Rugywe\piald.tmp

c:\documents and settings\***\Application Data\Rugywe\piald.voi

c:\documents and settings\***\Application Data\Vuoc

c:\documents and settings\***\Application Data\Vuoc\madi.exe

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

.

---- Previous Run -------

.

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))

.

2010-09-09 12:39 . 2010-09-09 12:39 -------- d-----w- c:\program files\Trend Micro

2010-09-08 14:30 . 2010-09-09 10:52 -------- d-----w- c:\program files\riv87

2010-09-07 21:43 . 2010-09-07 21:43 -------- d-----w- c:\program files\syst32

2010-09-07 21:43 . 2010-09-13 19:18 -------- d-----w- c:\program files\Microsoft

2010-08-19 12:44 . 2010-08-19 12:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-13 19:19 . 2009-07-09 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-09-13 09:26 . 2008-04-08 15:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-09 10:50 . 2010-02-23 08:00 -------- d-----w- c:\documents and settings\***\Application Data\Uxmoez

2010-09-09 08:49 . 2008-09-11 11:27 -------- d-----w- c:\documents and settings\***\Application Data\Kaiz

2010-09-09 08:31 . 2009-10-07 14:59 -------- d-----w- c:\documents and settings\***\Application Data\Ydaz

2010-09-09 08:10 . 2008-04-30 02:42 -------- d-----w- c:\documents and settings\***\Application Data\Utakl

2010-09-09 08:04 . 2009-07-10 05:35 -------- d-----w- c:\documents and settings\***\Application Data\Qeca

2010-09-09 07:48 . 2010-05-07 10:07 -------- d-----w- c:\documents and settings\***\Application Data\Ogoton

2010-09-08 15:04 . 2008-09-29 02:51 -------- d-----w- c:\documents and settings\***\Application Data\Ewrahi

2010-09-08 14:40 . 2010-05-16 11:24 -------- d-----w- c:\documents and settings\***\Application Data\Oqid

2010-09-08 14:40 . 2010-01-21 11:30 -------- d-----w- c:\documents and settings\***\Application Data\Axyduc

2010-09-08 14:31 . 2008-09-22 14:26 -------- d-----w- c:\documents and settings\***\Application Data\Geope

2010-09-08 14:29 . 2009-01-19 14:21 29748924 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-07 22:13 . 2009-01-08 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-07 22:04 . 2009-08-11 19:27 217600 ----a-w- C:\UNWISE.EXE

2010-09-07 22:03 . 2008-07-12 09:38 -------- d-----w- c:\documents and settings\***\Application Data\Foacru

2010-09-07 21:45 . 2008-10-06 17:24 167936 ----a-w- c:\documents and settings\***\Application Data\U3\temp\cleanup.exe

2010-09-07 21:45 . 2009-06-12 11:53 207872 ----a-w- c:\documents and settings\***\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2010-09-07 21:45 . 2010-05-23 12:07 405504 ----a-w- c:\documents and settings\***\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-70c9cf9b-n\msvcr71.dll

2010-09-07 21:43 . 2010-07-01 11:07 491520 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-09-07 21:43 . 2010-03-01 21:16 307200 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-09-07 21:43 . 2010-09-08 15:02 170982 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2010-09-01 13:37 . 2010-03-16 18:36 -------- d-----w- c:\documents and settings\***\Application Data\Ofexug

2010-08-05 21:18 . 2010-08-05 21:18 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2010-07-26 12:44 . 2010-06-28 16:59 -------- d-----w- c:\program files\iTunes

2010-07-26 12:43 . 2010-07-26 12:43 -------- d-----w- c:\program files\iPod

2010-07-26 12:43 . 2008-04-08 15:47 -------- d-----w- c:\program files\Common Files\Apple

2010-07-26 12:36 . 2010-07-26 12:36 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-21 14:49 . 2010-07-21 14:49 0 ----a-w- c:\documents and settings\***\Application Data\Trusteer\Rapport\RapportBukaExt.dll

2010-07-21 14:49 . 2010-07-21 14:49 339968 ----a-w- c:\windows\system32\RapportBuka.dll

2010-07-20 12:15 . 2010-07-20 12:15 -------- d-----w- c:\documents and settings\***\Application Data\CheckPoint

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\Conduit

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\ZoneAlarm

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\CheckPoint

2010-07-20 10:20 . 2010-07-20 10:20 38 ----a-w- c:\windows\SOLOSCAN.BAT

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\documents and settings\***\Application Data\Malwarebytes

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 08:47 . 2010-07-20 08:46 -------- d-----w- c:\program files\Registry Patrol

2010-07-19 17:26 . 2009-07-09 11:19 -------- d-----w- c:\program files\Kontiki

2010-07-19 16:44 . 2010-02-23 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-19 16:02 . 2010-07-19 16:02 -------- d-----w- c:\program files\Enigma Software Group

2010-07-19 10:46 . 2010-07-19 10:46 120 ----a-w- c:\windows\Mmaci.dat

2010-07-19 10:46 . 2010-07-19 10:46 0 ----a-w- c:\windows\Wrejupukalegete.bin

2010-07-16 09:35 . 2010-07-12 15:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-16 09:35 . 2010-07-12 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-06-23 12:51 . 2010-07-20 12:09 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-06-23 12:51 . 2010-07-20 12:09 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-06-23 12:51 . 2010-07-20 12:09 103936 ----a-w- c:\windows\system32\zlcommdb.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-09_08.07.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-13 19:04 . 2010-09-13 19:04 16384 c:\windows\Temp\Perflib_Perfdata_8ac.dat

+ 2010-09-13 19:02 . 2010-09-13 19:02 16384 c:\windows\Temp\Perflib_Perfdata_890.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-09-09 860160]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-09-09 753664]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]

"SoloSentry"="c:\srnmic~1\SOLOSENT.EXE" [2009-10-15 77824]

"SoloSchedule"="c:\srnmic~1\SOLOCFG.EXE" [2009-10-15 303104]

"SoloSysCheck"="c:\srnmic~1\SYSCHECK.COM" [2010-03-27 237568]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 13:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-07-14 16:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-07-14 16:07 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inini]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]

2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2009-11-10 09:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nonep]

2010-09-07 22:03 211456 ----a-w- c:\program files\syst32\oops.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-07 21:59 479232 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 09:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Common Files\\ProspectSoft Shared\\ASA\\Win32\\dbeng9.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 22:16 390528]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]

S0 adxsvy;adxsvy;c:\windows\system32\drivers\axlcst.sys --> c:\windows\system32\drivers\axlcst.sys [?]

S0 dldm;dldm;c:\windows\system32\drivers\pgmsgog.sys --> c:\windows\system32\drivers\pgmsgog.sys [?]

S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 0]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 0]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [06/08/2009 11:58 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [06/08/2009 11:58 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [06/08/2009 11:58 122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [06/08/2009 11:59 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [06/08/2009 11:59 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [06/08/2009 11:59 111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [06/08/2009 11:59 117544]

.

Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://downloadcenter.intel.com/detail_desc.aspx?DwnldID=8061&ProductID=1784

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-13 20:19

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(896)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Completion time: 2010-09-13 20:21:44

ComboFix-quarantined-files.txt 2010-09-13 19:21

ComboFix2.txt 2010-09-09 08:18

Pre-Run: 70,051,196,928 bytes free

Post-Run: 71,084,351,488 bytes free

- - End Of File - - D973FE9BA114741DBFB51FD31CB925D8

Link to post
Share on other sites

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Now run a new MBAM scan and post the results.

Link to post
Share on other sites

Cobofix produced a new log so I've included that as well below.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4621

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

15/09/2010 18:52:04

mbam-log-2010-09-15 (18-52-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 223287

Time elapsed: 44 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Intel\Wireless\Bin\ifrmewrkSrv.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\***\Application Data\Qeca\yqvo.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\***\Application Data\Vuoc\madi.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\SRN Micro\SOLOCFGSrv.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9AB3E8EF-2371-4FD3-B75B-DCD8AD2D9C49}\RP23\A0060704.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9AB3E8EF-2371-4FD3-B75B-DCD8AD2D9C49}\RP23\A0065013.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9AB3E8EF-2371-4FD3-B75B-DCD8AD2D9C49}\RP24\A0072174.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9AB3E8EF-2371-4FD3-B75B-DCD8AD2D9C49}\RP24\A0072173.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

------------------------------------------------------------

ComboFix 10-09-12.04 - *** 15/09/2010 17:09:47.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.575 [GMT 1:00]

Running from: c:\documents and settings\***\Desktop\ComboFix1.exe

Command switches used :: /IUninstall

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))

.

2010-09-09 12:39 . 2010-09-09 12:39 -------- d-----w- c:\program files\Trend Micro

2010-09-08 14:30 . 2010-09-09 10:52 -------- d-----w- c:\program files\riv87

2010-09-07 21:43 . 2010-09-07 21:43 -------- d-----w- c:\program files\syst32

2010-09-07 21:43 . 2010-09-15 16:15 -------- d-----w- c:\program files\Microsoft

2010-08-19 12:44 . 2010-08-19 12:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-15 16:15 . 2009-07-09 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-09-13 09:26 . 2008-04-08 15:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-09 10:50 . 2010-02-23 08:00 -------- d-----w- c:\documents and settings\***\Application Data\Uxmoez

2010-09-09 08:49 . 2008-09-11 11:27 -------- d-----w- c:\documents and settings\***\Application Data\Kaiz

2010-09-09 08:31 . 2009-10-07 14:59 -------- d-----w- c:\documents and settings\***\Application Data\Ydaz

2010-09-09 08:10 . 2008-04-30 02:42 -------- d-----w- c:\documents and settings\***\Application Data\Utakl

2010-09-09 08:04 . 2009-07-10 05:35 -------- d-----w- c:\documents and settings\***\Application Data\Qeca

2010-09-09 07:48 . 2010-05-07 10:07 -------- d-----w- c:\documents and settings\***\Application Data\Ogoton

2010-09-08 15:04 . 2008-09-29 02:51 -------- d-----w- c:\documents and settings\***\Application Data\Ewrahi

2010-09-08 14:40 . 2010-05-16 11:24 -------- d-----w- c:\documents and settings\***\Application Data\Oqid

2010-09-08 14:40 . 2010-01-21 11:30 -------- d-----w- c:\documents and settings\***\Application Data\Axyduc

2010-09-08 14:31 . 2008-09-22 14:26 -------- d-----w- c:\documents and settings\***\Application Data\Geope

2010-09-08 14:29 . 2009-01-19 14:21 29748924 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-07 22:13 . 2009-01-08 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-07 22:04 . 2009-08-11 19:27 217600 ----a-w- C:\UNWISE.EXE

2010-09-07 22:03 . 2008-07-12 09:38 -------- d-----w- c:\documents and settings\***\Application Data\Foacru

2010-09-07 21:45 . 2008-10-06 17:24 167936 ----a-w- c:\documents and settings\***\Application Data\U3\temp\cleanup.exe

2010-09-07 21:45 . 2009-06-12 11:53 207872 ----a-w- c:\documents and settings\***\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2010-09-07 21:45 . 2010-05-23 12:07 405504 ----a-w- c:\documents and settings\***\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-70c9cf9b-n\msvcr71.dll

2010-09-07 21:43 . 2010-07-01 11:07 491520 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-09-07 21:43 . 2010-03-01 21:16 307200 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-09-07 21:43 . 2010-09-08 15:02 170982 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2010-09-01 13:37 . 2010-03-16 18:36 -------- d-----w- c:\documents and settings\***\Application Data\Ofexug

2010-08-05 21:18 . 2010-08-05 21:18 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2010-07-26 12:44 . 2010-06-28 16:59 -------- d-----w- c:\program files\iTunes

2010-07-26 12:43 . 2010-07-26 12:43 -------- d-----w- c:\program files\iPod

2010-07-26 12:43 . 2008-04-08 15:47 -------- d-----w- c:\program files\Common Files\Apple

2010-07-26 12:36 . 2010-07-26 12:36 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-21 14:49 . 2010-07-21 14:49 0 ----a-w- c:\documents and settings\***\Application Data\Trusteer\Rapport\RapportBukaExt.dll

2010-07-21 14:49 . 2010-07-21 14:49 339968 ----a-w- c:\windows\system32\RapportBuka.dll

2010-07-20 12:15 . 2010-07-20 12:15 -------- d-----w- c:\documents and settings\***\Application Data\CheckPoint

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\Conduit

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\ZoneAlarm

2010-07-20 12:10 . 2010-07-20 12:10 -------- d-----w- c:\program files\CheckPoint

2010-07-20 10:20 . 2010-07-20 10:20 38 ----a-w- c:\windows\SOLOSCAN.BAT

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\documents and settings\***\Application Data\Malwarebytes

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-20 09:39 . 2010-07-20 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 08:47 . 2010-07-20 08:46 -------- d-----w- c:\program files\Registry Patrol

2010-07-19 17:26 . 2009-07-09 11:19 -------- d-----w- c:\program files\Kontiki

2010-07-19 16:44 . 2010-02-23 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-19 16:02 . 2010-07-19 16:02 -------- d-----w- c:\program files\Enigma Software Group

2010-07-19 10:46 . 2010-07-19 10:46 120 ----a-w- c:\windows\Mmaci.dat

2010-07-19 10:46 . 2010-07-19 10:46 0 ----a-w- c:\windows\Wrejupukalegete.bin

2010-06-23 12:51 . 2010-07-20 12:09 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-06-23 12:51 . 2010-07-20 12:09 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-06-23 12:51 . 2010-07-20 12:09 103936 ----a-w- c:\windows\system32\zlcommdb.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-09_08.07.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-15 16:01 . 2010-09-15 16:01 16384 c:\windows\Temp\Perflib_Perfdata_208.dat

+ 2010-09-15 15:59 . 2010-09-15 15:59 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-09-09 860160]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-09-09 753664]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]

"SoloSentry"="c:\srnmic~1\SOLOSENT.EXE" [2009-10-15 77824]

"SoloSchedule"="c:\srnmic~1\SOLOCFG.EXE" [2009-10-15 303104]

"SoloSysCheck"="c:\srnmic~1\SYSCHECK.COM" [2010-03-27 237568]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 13:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-07-14 16:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-07-14 16:07 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inini]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]

2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2009-11-10 09:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nonep]

2010-09-07 22:03 211456 ----a-w- c:\program files\syst32\oops.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-07 21:59 479232 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 09:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Common Files\\ProspectSoft Shared\\ASA\\Win32\\dbeng9.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 22:16 390528]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]

S0 adxsvy;adxsvy;c:\windows\system32\drivers\axlcst.sys --> c:\windows\system32\drivers\axlcst.sys [?]

S0 dldm;dldm;c:\windows\system32\drivers\pgmsgog.sys --> c:\windows\system32\drivers\pgmsgog.sys [?]

S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 0]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 0]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [06/08/2009 11:58 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [06/08/2009 11:58 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [06/08/2009 11:58 122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [06/08/2009 11:59 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [06/08/2009 11:59 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [06/08/2009 11:59 111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [06/08/2009 11:59 117544]

.

Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://downloadcenter.intel.com/detail_desc.aspx?DwnldID=8061&ProductID=1784

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-15 17:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(900)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Completion time: 2010-09-15 17:18:05

ComboFix-quarantined-files.txt 2010-09-15 16:18

ComboFix2.txt 2010-09-13 19:21

ComboFix3.txt 2010-09-09 08:18

Pre-Run: 70,092,398,592 bytes free

Post-Run: 70,074,073,088 bytes free

- - End Of File - - 84D43B214A2190755C95DED9648E1C7E

Link to post
Share on other sites

Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis:

c:\windows\system32\drivers\axlcst.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Do the same for:

c:\windows\system32\drivers\pgmsgog.sys

If virscan.org is too busy you can try these.

http://virscan.org/

http://www.kaspersky.com/scanforvirus.html

http://www.virustotal.com/en/indexf.html

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

File::
c:\windows\system32\drivers\axlcst.sys
c:\windows\system32\drivers\pgmsgog.sys


Driver::
dldm
adxsvy

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I downloaded a new Combofix file & got a warning that it wasn't safe to continue & may be infected with Virut virus

A new CF hung in a command prompt window, so I quit & ran MWB with fairly alarming results.Following deleting the infected files entries I dragged the text file into CF which asked to update itself & then ran

The MWB & CF logs are below

The computer seems to be running ok though at the moment, although Desktoplayer.exe is still on the computer.

mbam-log-2010-09-20 (09-52-02).txt

Scan type: Quick scan

Objects scanned: 141935

Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\eguqajacuqe.dll (Trojan.Hiloti) -> No action taken.

C:\WINDOWS\pcococ.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inini (Trojan.Hiloti) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnotuje (Trojan.Hiloti) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{e0a2501b-f1a1-65fb-2fea-50c8fa682158} (Spyware.Passwords.XGen) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Dropper) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\eguqajacuqe.dll (Trojan.Hiloti) -> No action taken.

C:\WINDOWS\pcococ.dll (Trojan.Hiloti) -> No action taken.

C:\Documents and Settings\Peter\Application Data\Raar\take.exe (Spyware.Passwords.XGen) -> No action taken.

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> No action taken.

C:\Program Files\riv87\oops.exe (Trojan.Dropper) -> No action taken.

--------------------------

ComboFix 10-09-19.03 - ***20/09/2010 11:06:22.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.498 [GMT 1:00]

Running from: c:\documents and settings\***\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\***\Desktop\CFScript.txt

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::

"c:\windows\system32\drivers\axlcst.sys"

"c:\windows\system32\drivers\pgmsgog.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\***\Local Settings\Application Data\{4F51ABAE-5FB8-4224-B36C-FBFB6510BAE0}

c:\documents and settings\***\Local Settings\Application Data\{4F51ABAE-5FB8-4224-B36C-FBFB6510BAE0}\chrome.manifest

c:\documents and settings\***\Local Settings\Application

Data\{4F51ABAE-5FB8-4224-B36C-FBFB6510BAE0}\chrome\content\_cfg.js

c:\documents and settings\***\Local Settings\Application

Data\{4F51ABAE-5FB8-4224-B36C-FBFB6510BAE0}\chrome\content\overlay.xul

c:\documents and settings\***\Local Settings\Application Data\{4F51ABAE-5FB8-4224-B36C-FBFB6510BAE0}\install.rdf

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Microsoft\DesktopLayer.exe

c:\program files\Microsoft\DesktopLayerSrv.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_adxsvy

-------\Service_dldm

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-20 10:18 . 2009-07-09 11:19 -------- d-----w- c:\documents and settings\All

Users\Application Data\Kontiki

2010-09-20 10:17 . 2010-07-02 05:58 -------- d-----w- c:\documents and settings\***\Application

Data\Keel

2010-09-20 10:15 . 2010-09-08 14:30 -------- d-----w- c:\program files\riv87

2010-09-20 10:15 . 2010-09-07 21:43 -------- d-----w- c:\program files\Microsoft

2010-09-20 09:59 . 2009-07-07 09:57 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-20 09:53 . 2008-04-08 14:12 -------- d-----w- c:\documents and settings\All

Users\Application Data\Microsoft Help

2010-09-20 09:17 . 2008-04-08 15:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-20 08:52 . 2009-03-27 08:28 -------- d-----w- c:\documents and settings\***\Application

Data\Raar

2010-09-20 07:58 . 2010-04-04 13:22 -------- d-----w- c:\documents and settings\***\Application

Data\Nusy

2010-09-20 07:38 . 2010-07-19 10:46 120 ----a-w- c:\windows\Mmaci.dat

2010-09-20 07:38 . 2010-07-19 10:46 0 ----a-w- c:\windows\Wrejupukalegete.bin

2010-09-18 16:20 . 2010-09-15 18:03 -------- d-----w- c:\program files\sys32

2010-09-16 12:18 . 2009-06-16 08:40 -------- d-----w- c:\program files\Reali-Design

2010-09-09 12:39 . 2010-09-09 12:39 -------- d-----w- c:\program files\Trend Micro

2010-09-09 10:50 . 2010-02-23 08:00 -------- d-----w- c:\documents and settings\***\Application

Data\Uxmoez

2010-09-09 08:49 . 2008-09-11 11:27 -------- d-----w- c:\documents and settings\***\Application

Data\Kaiz

2010-09-09 08:31 . 2009-10-07 14:59 -------- d-----w- c:\documents and settings\***\Application

Data\Ydaz

2010-09-09 08:10 . 2008-04-30 02:42 -------- d-----w- c:\documents and settings\***\Application

Data\Utakl

2010-09-09 08:04 . 2009-07-10 05:35 -------- d-----w- c:\documents and settings\***\Application

Data\Qeca

2010-09-09 07:48 . 2010-05-07 10:07 -------- d-----w- c:\documents and settings\***\Application

Data\Ogoton

2010-09-08 15:04 . 2008-09-29 02:51 -------- d-----w- c:\documents and settings\***\Application

Data\Ewrahi

2010-09-08 14:40 . 2010-05-16 11:24 -------- d-----w- c:\documents and settings\***\Application

Data\Oqid

2010-09-08 14:40 . 2010-01-21 11:30 -------- d-----w- c:\documents and settings\***\Application

Data\Axyduc

2010-09-08 14:31 . 2008-09-22 14:26 -------- d-----w- c:\documents and settings\***\Application

Data\Geope

2010-09-08 14:29 . 2009-01-19 14:21 29748924 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-07 22:13 . 2009-01-08 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-07 22:04 . 2009-08-11 19:27 217600 ----a-w- C:\UNWISE.EXE

2010-09-07 22:03 . 2008-07-12 09:38 -------- d-----w- c:\documents and settings\***\Application

Data\Foacru

2010-09-07 21:45 . 2008-10-06 17:24 167936 ----a-w- c:\documents and settings\***\Application

Data\U3\temp\cleanup.exe

2010-09-07 21:45 . 2009-06-12 11:53 207872 ----a-w- c:\documents and settings\***\Application

Data\Sun\Java\jre1.6.0_14\lzma.dll

2010-09-07 21:45 . 2010-05-23 12:07 405504 ----a-w- c:\documents and settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-70c9cf9b-n\msvcr71.dll

2010-09-07 21:43 . 2010-07-01 11:07 491520 ----a-w- c:\documents and settings\All Users\Application

Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-09-07 21:43 . 2010-03-01 21:16 307200 ----a-w- c:\documents and settings\All Users\Application

Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-09-07 21:43 . 2010-09-08 15:02 170982 ----a-w-

c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2010-09-07 21:43 . 2010-09-07 21:43 -------- d-----w- c:\program files\syst32

2010-09-01 13:37 . 2010-03-16 18:36 -------- d-----w- c:\documents and settings\***\Application

Data\Ofexug

2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-05 21:18 . 2010-08-05 21:18 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2010-07-26 12:44 . 2010-06-28 16:59 -------- d-----w- c:\program files\iTunes

2010-07-26 12:43 . 2010-07-26 12:43 -------- d-----w- c:\program files\iPod

2010-07-26 12:43 . 2008-04-08 15:47 -------- d-----w- c:\program files\Common Files\Apple

2010-07-26 12:36 . 2010-07-26 12:36 73000 ----a-w- c:\documents and settings\All Users\Application

Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-22 15:49 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2010-04-06 11:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-21 14:49 . 2010-07-21 14:49 0 ----a-w- c:\documents and settings\***\Application

Data\Trusteer\Rapport\RapportBukaExt.dll

2010-07-21 14:49 . 2010-07-21 14:49 339968 ----a-w- c:\windows\system32\RapportBuka.dll

2010-07-20 10:20 . 2010-07-20 10:20 38 ----a-w- c:\windows\SOLOSCAN.BAT

2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:15 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:15 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:15 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll

2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 12:51 . 2010-07-20 12:09 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-06-23 12:51 . 2010-07-20 12:09 69120 ----a-w- c:\windows\system32\zlcomm.dll

2010-06-23 12:51 . 2010-07-20 12:09 103936 ----a-w- c:\windows\system32\zlcommdb.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-09_08.07.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-20 10:15 . 2010-09-20 10:15 16384 c:\windows\Temp\Perflib_Perfdata_734.dat

+ 2010-03-30 23:16 . 2010-03-30 23:16 99176 c:\windows\system32\PresentationHostProxy.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 44544 c:\windows\system32\pngfilt.dll

+ 2004-08-04 10:00 . 2010-09-20 09:43 68558 c:\windows\system32\perfc009.dat

- 2004-08-04 10:00 . 2010-06-11 20:00 68558 c:\windows\system32\perfc009.dat

+ 2009-11-07 00:07 . 2009-11-07 00:07 49488 c:\windows\system32\netfxperf.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 11600 c:\windows\system32\mui\0409\mscorees.dll

+ 2007-08-13 17:54 . 2010-06-24 12:15 52224 c:\windows\system32\msfeedsbs.dll

- 2007-08-13 17:54 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 27648 c:\windows\system32\jsproxy.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll

- 2007-08-13 17:39 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe

+ 2007-08-13 17:39 . 2010-06-23 12:06 13824 c:\windows\system32\ieudinit.exe

+ 2004-08-04 10:00 . 2010-06-24 12:15 44544 c:\windows\system32\iernonce.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll

+ 2004-08-04 10:00 . 2010-06-23 12:06 70656 c:\windows\system32\ie4uinit.exe

- 2004-08-04 10:00 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe

- 2004-08-04 10:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll

+ 2004-08-04 10:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll

- 2007-08-13 17:36 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll

+ 2007-08-13 17:36 . 2010-06-24 12:15 63488 c:\windows\system32\icardie.dll

+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

+ 2006-03-04 03:33 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2008-06-03 09:09 . 2010-06-24 12:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-06-03 09:09 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2008-06-03 09:09 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2008-06-03 09:09 . 2010-06-23 12:06 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2004-08-04 10:00 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 78336 c:\windows\system32\dllcache\ieencode.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll

- 2004-08-04 10:00 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2004-08-04 10:00 . 2010-06-23 12:06 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-06-03 09:09 . 2010-06-24 12:15 63488 c:\windows\system32\dllcache\icardie.dll

- 2008-06-03 09:09 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll

+ 2010-01-05 10:00 . 2010-06-24 12:15 17408 c:\windows\system32\dllcache\corpol.dll

- 2010-01-05 10:00 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13648

c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13648

c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13688

c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13696

c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13672

c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 35088

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 35088

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 18704

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 18704

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 20240

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 20240

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe

- 2010-06-11 14:53 . 2010-06-11 14:53 49152

c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-06-11 14:53 . 2010-09-20 09:51 49152

c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\pngfilt.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 52224 c:\windows\ie7updates\KB2183461-IE7\msfeedsbs.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 27648 c:\windows\ie7updates\KB2183461-IE7\jsproxy.dll

+ 2010-09-20 09:48 . 2010-05-04 12:39 13824 c:\windows\ie7updates\KB2183461-IE7\ieudinit.exe

+ 2010-09-20 09:48 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\iernonce.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 78336 c:\windows\ie7updates\KB2183461-IE7\ieencode.dll

+ 2010-09-20 09:48 . 2010-05-04 12:39 70656 c:\windows\ie7updates\KB2183461-IE7\ie4uinit.exe

+ 2010-09-20 09:48 . 2010-05-04 17:20 63488 c:\windows\ie7updates\KB2183461-IE7\icardie.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 17408 c:\windows\ie7updates\KB2183461-IE7\corpol.dll

+ 2010-09-20 09:50 . 2010-09-20 09:50 60928

c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProv

ider.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 37888

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.P

resentation.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 36864

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.Dynam

icData.Design.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 94208

c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.Component

Model.DataAnnotations.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 82944

c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Con

tract.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 44032

c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\9eba4732354d330d1d86f0416fd40817\stdole.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 29184

c:\windows\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\898c9256ffaa39ac35f45b30ff6952e0\SFMARKETLib.ni.dll

+ 2010-09-20 09:46 . 2010-09-20 09:46 47104

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFont

Cache.ni.exe

+ 2010-09-20 09:45 . 2010-09-20 09:45 39424

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFR

asterizer.ni.dll

+ 2010-09-20 10:09 . 2010-09-20 10:09 55296

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 15872

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\272d51526813ea113970b8e890c92ee2\Microsoft.VisualC.n

i.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 74752

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.

Framework.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 65024

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.

Framework.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 60928

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\69fa979a07d4b4f68c9d217ebf9dea2c\Interop.QTOContr

olLib.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 76800

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\cf0bc825a38ce12a4f388933b23b233c\Interop.Portable

DeviceTypesLib.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 77312

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\497117f3346909bb740d572bd9179957\Interop.Portable

DeviceApiLib.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 35328

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\ff44d004c171400538b4a50c99d2a27a\Interop.CDDBUICO

NTROLLibSMS.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 42496

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\37e0233b02433270e64389f8eddc3fe5\Interop.CDDBLINK

LibSMS.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 30208

c:\windows\assembly\NativeImages_v2.0.50727_32\Interfaces\f223d9a409fbc61a937f81a021a633cc\Interfaces.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 14336

c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe

+ 2010-09-20 09:56 . 2010-09-20 09:56 59904

c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\df1d71d325f39dbf845e03c0ca5b1890\AxInterop.QTOCon

trolLib.ni.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 25600

c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 77824

c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dl

l

- 2010-06-11 14:43 . 2010-06-11 14:43 77824

c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dl

l

+ 2010-09-20 09:41 . 2010-09-20 09:41 81920

c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 81920

c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 81920

c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 81920

c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 32768

c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 32768

c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 12800

c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProc

essor.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 12800

c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProc

essor.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 28672

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 28672

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 77824

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 77824

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 36864

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 36864

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 77824

c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 77824

c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 13312

c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 13312

c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 10752

c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 10752

c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 72192

c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 72192

c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 69120

c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 69120

c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 8192

c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 8192

c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 7168

c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 7168

c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 5632

c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 5632

c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-06-11 14:43 . 2010-06-11 14:43 6656

c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 6656

c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 8192

c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 8192

c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 113664

c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrap

per.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 113664

c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrap

per.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 258048

c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 258048

c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2004-08-04 10:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

- 2004-08-04 10:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 233472 c:\windows\system32\webcheck.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll

+ 2004-08-04 10:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll

- 2004-08-04 10:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 105984 c:\windows\system32\url.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll

+ 2010-03-30 23:10 . 2010-03-30 23:10 295264 c:\windows\system32\PresentationHost.exe

- 2004-08-04 10:00 . 2010-06-11 20:00 435828 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2010-09-20 09:43 435828 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2010-06-24 12:15 102912 c:\windows\system32\occache.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 671232 c:\windows\system32\mstime.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 193024 c:\windows\system32\msrating.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 477696 c:\windows\system32\mshtmled.dll

- 2007-08-13 17:54 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll

+ 2007-08-13 17:54 . 2010-06-24 12:15 459264 c:\windows\system32\msfeeds.dll

+ 2009-11-07 00:07 . 2009-11-07 00:07 297808 c:\windows\system32\mscoree.dll

- 2006-10-18 21:47 . 2006-10-18 21:47 317440 c:\windows\system32\MP4SDECD.dll

+ 2006-10-18 21:47 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll

+ 2008-04-08 11:25 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll

- 2007-08-13 17:34 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll

+ 2007-08-13 17:34 . 2010-06-24 12:15 268288 c:\windows\system32\iertutil.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 192512 c:\windows\system32\iepeers.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 385024 c:\windows\system32\iedkcs32.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 11:27 . 2010-06-24 12:15 380928 c:\windows\system32\ieapfltr.dll

- 2007-07-11 11:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll

+ 2004-08-04 10:00 . 2010-06-17 15:11 161792 c:\windows\system32\ieakui.dll

- 2004-08-04 10:00 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 230400 c:\windows\system32\ieaksie.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 153088 c:\windows\system32\ieakeng.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll

- 2008-04-08 11:58 . 2010-06-11 19:57 269392 c:\windows\system32\FNTCACHE.DAT

+ 2008-04-08 11:58 . 2010-09-20 09:59 269392 c:\windows\system32\FNTCACHE.DAT

+ 2006-03-04 03:33 . 2010-06-24 12:15 133120 c:\windows\system32\extmgr.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 214528 c:\windows\system32\dxtrans.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 347136 c:\windows\system32\dxtmsft.dll

+ 2004-08-04 10:00 . 2010-06-21 15:27 354304 c:\windows\system32\drivers\srv.sys

+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 832512 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 105984 c:\windows\system32\dllcache\url.dll

+ 2010-03-15 12:37 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys

+ 2009-06-25 08:25 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll

+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 102912 c:\windows\system32\dllcache\occache.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 671232 c:\windows\system32\dllcache\mstime.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 193024 c:\windows\system32\dllcache\msrating.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2008-06-03 09:09 . 2010-06-24 12:15 459264 c:\windows\system32\dllcache\msfeeds.dll

- 2008-06-03 09:09 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

+ 2010-04-06 11:14 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2008-04-08 11:25 . 2010-06-17 15:12 634656 c:\windows\system32\dllcache\iexplore.exe

- 2008-04-08 11:25 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe

+ 2008-06-03 09:09 . 2010-06-24 12:15 268288 c:\windows\system32\dllcache\iertutil.dll

- 2008-06-03 09:09 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 385024 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-06-03 09:09 . 2010-06-24 12:15 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2008-06-03 09:09 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2004-08-04 10:00 . 2010-06-17 15:11 161792 c:\windows\system32\dllcache\ieakui.dll

- 2004-08-04 10:00 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 153088 c:\windows\system32\dllcache\ieakeng.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2010-09-20 09:21 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe

+ 2006-03-04 03:33 . 2010-06-24 12:15 133120 c:\windows\system32\dllcache\extmgr.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2006-03-04 03:33 . 2010-06-24 12:15 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 124928 c:\windows\system32\dllcache\advpack.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll

+ 2004-08-04 10:00 . 2010-06-24 12:15 124928 c:\windows\system32\advpack.dll

+ 2008-04-08 11:25 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe

- 2008-04-08 11:25 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe

+ 2010-03-30 23:16 . 2010-03-30 23:16 130408

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2009-08-07 23:51 . 2009-08-07 23:51 989016

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 989016

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2008-04-08 14:17 . 2010-06-11 14:54 888080

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 888080

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 272648

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 272648

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 922384

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 922384

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 845584

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 845584

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 217864

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 217864

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe

+ 2007-08-24 05:17 . 2007-08-24 05:17 505240

c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\SOA.DLL

+ 2007-08-24 05:17 . 2007-08-24 05:17 165256

c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\ACCWIZ.DLL

+ 2010-09-20 09:48 . 2010-05-04 17:20 832512 c:\windows\ie7updates\KB2183461-IE7\wininet.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 233472 c:\windows\ie7updates\KB2183461-IE7\webcheck.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 105984 c:\windows\ie7updates\KB2183461-IE7\url.dll

+ 2010-09-20 09:48 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2183461-IE7\spuninst\updspapi.dll

+ 2010-09-20 09:48 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2183461-IE7\spuninst\spuninst.exe

+ 2010-09-20 09:48 . 2010-05-04 17:20 102912 c:\windows\ie7updates\KB2183461-IE7\occache.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 671232 c:\windows\ie7updates\KB2183461-IE7\mstime.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 193024 c:\windows\ie7updates\KB2183461-IE7\msrating.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 477696 c:\windows\ie7updates\KB2183461-IE7\mshtmled.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 459264 c:\windows\ie7updates\KB2183461-IE7\msfeeds.dll

+ 2010-09-20 09:48 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2183461-IE7\iexplore.exe

+ 2010-09-20 09:48 . 2010-05-04 17:20 268288 c:\windows\ie7updates\KB2183461-IE7\iertutil.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 192512 c:\windows\ie7updates\KB2183461-IE7\iepeers.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 385024 c:\windows\ie7updates\KB2183461-IE7\iedkcs32.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 380928 c:\windows\ie7updates\KB2183461-IE7\ieapfltr.dll

+ 2010-09-20 09:48 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2183461-IE7\ieakui.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 230400 c:\windows\ie7updates\KB2183461-IE7\ieaksie.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 153088 c:\windows\ie7updates\KB2183461-IE7\ieakeng.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 133120 c:\windows\ie7updates\KB2183461-IE7\extmgr.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 214528 c:\windows\ie7updates\KB2183461-IE7\dxtrans.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 347136 c:\windows\ie7updates\KB2183461-IE7\dxtmsft.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 124928 c:\windows\ie7updates\KB2183461-IE7\advpack.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 321536

c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe

+ 2010-09-20 09:51 . 2010-09-20 09:51 240128

c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsInte

gration.ni.dll

+ 2010-09-20 09:50 . 2010-09-20 09:50 187904

c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.n

i.dll

+ 2010-09-20 09:50 . 2010-09-20 09:50 447488

c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient

.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 400896

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dl

l

+ 2010-09-20 10:09 . 2010-09-20 10:09 129536

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing

.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 202240

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.Regul

arExpressions.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 859648

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Exten

sions.Design.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 328704

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.n

i.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 301056

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entit

y.Design.ni.dll

+ 2010-09-20 10:09 . 2010-09-20 10:09 547328

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.Dynam

icData.ni.dll

+ 2010-09-20 10:09 . 2010-09-20 10:09 141312

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstr

actions.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 627200

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactio

ns.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 212992

c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServicePr

ocess.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 679936

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dl

l

+ 2010-09-20 09:55 . 2010-09-20 09:55 311296

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.S

erialization.Formatters.Soap.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 771584

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3de39eb60b9d32af46f32f6c7a88fc7f\System.Runtime.R

emoting.ni.dll

+ 2010-09-20 10:09 . 2010-09-20 10:09 621056

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll

+ 2010-09-20 09:58 . 2010-09-20 09:58 998400

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.n

i.dll

+ 2010-09-20 09:58 . 2010-09-20 09:58 330752

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Managemen

t.Instrumentation.ni.dll

+ 2010-09-20 09:52 . 2010-09-20 09:52 381440

c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 212992

c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityM

odel.Selectors.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 280064

c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.Enterpris

eServices.Wrapper.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 627712

c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.Enterpris

eServices.ni.dll

+ 2010-09-20 09:49 . 2010-09-20 09:49 208384

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.D

esign.ni.dll

+ 2010-09-20 09:58 . 2010-09-20 09:58 881152

c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.Directory

Services.AccountManagement.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 455680

c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.Directory

Services.Protocols.ni.dll

+ 2010-09-20 09:57 . 2010-09-20 09:57 354816

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Serv

ices.Design.ni.dll

+ 2010-09-20 09:57 . 2010-09-20 09:57 939008

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Serv

ices.Client.ni.dll

+ 2010-09-20 09:57 . 2010-09-20 09:57 756736

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Enti

ty.Design.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 135680

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.Data

SetExtensions.ni.dll

+ 2010-09-20 09:54 . 2010-09-20 09:54 971264

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configura

tion.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 141312

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configura

tion.Install.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 633856

c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 366080

c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe

+ 2010-09-20 09:53 . 2010-09-20 09:53 256000

c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 320512

c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.ex

e

+ 2010-09-20 09:47 . 2010-09-20 09:47 368128

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFram

ework.Aero.ni.dll

+ 2010-09-20 09:47 . 2010-09-20 09:47 258048

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFram

ework.Royale.ni.dll

+ 2010-09-20 09:47 . 2010-09-20 09:47 224768

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFram

ework.Classic.ni.dll

+ 2010-09-20 09:47 . 2010-09-20 09:47 539648

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFram

ework.Luna.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 600064

c:\windows\assembly\NativeImages_v2.0.50727_32\PerstNET\81080f1f25de228f22d90c3d1c0084f0\PerstNET.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 133632

c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe

+ 2010-09-20 09:53 . 2010-09-20 09:53 386560

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transa

ctions.Bridge.Dtc.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 144384

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.

Utilities.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 175104

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.

Utilities.v3.5.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 839680

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.

Engine.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 222720

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.

Conversion.v3.5.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 122368

c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\7ed065c1a8b344be987e2ceeb8b35a90\MediaManager.Utils

.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 261120

c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\ac9d9f6f9fc57d372f5937bfbcfdb9f3\MediaManager.Spl

ashScreen.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 950272

c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\edfa0df6134acb9aad40e2b2dad8e178\MediaManager.GUI.ni.

dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 856576

c:\windows\assembly\NativeImages_v2.0.50727_32\Lucene.Net\641ee86e2dbd2cab638e815d58ac360e\Lucene.Net.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 657920

c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\6814f2bbc309d055d1db65bc1c0742dc\log4net.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 812032

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\048a7a10a9e1437d3680f63a67892bdf\Interop.WMPLib.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 311808

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\7eb4d2a2ea9b5e30c73e0f243e4c5d74\Interop.SHDocVw.ni.dl

l

+ 2010-09-20 09:56 . 2010-09-20 09:56 204288

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\5165e18358a7d59dc204af8ac7ed63d6\Interop.QTOLibrary

.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 100864

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\6554e38c614344c3c80b3e41886d71b0\Interop.IWshRunt

imeLibrary.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 374784

c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\392564b681069f8135d262210e1173e9\Interop.CDDBCONT

ROLLibSMS.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 210432

c:\windows\assembly\NativeImages_v2.0.50727_32\GCPlayer\24f5dea6a49f79b86ede19c2096bb769\GCPlayer.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 220672

c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.

dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 410112

c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe

+ 2010-09-20 09:56 . 2010-09-20 09:56 151552

c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\9e8f82888c831016db77fa3d8b224cf7\AxInterop.WMPLib.ni.

dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 114176

c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\91b2321a4d85972a51bab334089ef957\AxInterop.SHDocVw.n

i.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 842240

c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 839680

c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 839680

c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 835584

c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 835584

c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 114688

c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 114688

c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 258048

c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 258048

c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 131072

c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Se

rialization.Formatters.Soap.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 131072

c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Se

rialization.Formatters.Soap.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 303104

c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 303104

c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 258048

c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 258048

c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 372736

c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 372736

c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 626688

c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 626688

c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 401408

c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 401408

c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 188416

c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Pr

otocols.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 188416

c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Pr

otocols.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 970752

c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 970752

c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 745472

c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 745472

c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 425984

c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 425984

c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 110592

c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 110592

c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 659456

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 659456

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 372736

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Comp

atibility.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 372736

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Comp

atibility.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 110592

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic

.Compatibility.Data.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 110592

c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic

.Compatibility.Data.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 749568

c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 749568

c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 655360

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 655360

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 348160

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 348160

c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 507904

c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 507904

c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 261632

c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 261632

c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 113664

c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 113664

c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 258048

c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 258048

c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 486400

c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 486400

c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2006-03-18 11:09 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll

+ 2006-03-18 11:09 . 2010-06-24 12:15 1168384 c:\windows\system32\urlmon.dll

+ 2004-08-04 10:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll

+ 2005-03-30 01:21 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe

- 2005-03-30 01:21 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe

- 2005-03-30 01:01 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe

+ 2005-03-30 01:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe

- 2004-08-04 10:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll

+ 2004-08-04 10:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll

+ 2006-03-23 17:32 . 2010-06-24 12:15 3600896 c:\windows\system32\mshtml.dll

- 2007-08-13 17:54 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll

+ 2007-08-13 17:54 . 2010-06-24 12:15 6067200 c:\windows\system32\ieframe.dll

+ 2009-08-14 13:21 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys

+ 2006-03-18 11:09 . 2010-06-24 12:15 1168384 c:\windows\system32\dllcache\urlmon.dll

- 2006-03-18 11:09 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll

+ 2010-03-15 12:37 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

- 2010-03-15 12:37 . 2010-02-17 08:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

- 2010-03-15 12:37 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2010-03-15 12:37 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2010-03-15 12:37 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2010-03-15 12:37 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2010-03-15 12:37 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2010-03-15 12:37 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2004-08-04 10:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2004-08-04 10:00 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2006-03-23 17:32 . 2010-06-24 12:15 3600896 c:\windows\system32\dllcache\mshtml.dll

- 2010-03-15 12:36 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe

+ 2010-03-15 12:36 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe

- 2008-06-03 09:09 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll

+ 2008-06-03 09:09 . 2010-06-24 12:15 6067200 c:\windows\system32\dllcache\ieframe.dll

+ 2009-11-07 00:06 . 2009-11-07 00:06 1130824 c:\windows\system32\dfshim.dll

- 2009-08-07 23:51 . 2009-08-07 23:51 5812560

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 5812560

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2010-05-11 05:40 . 2010-05-11 05:40 4550656

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2010-08-19 16:57 . 2010-08-19 16:57 3395584 c:\windows\Installer\1beb65.msp

+ 2010-07-10 19:14 . 2010-07-10 19:14 2850816 c:\windows\Installer\1beb34.msp

+ 2009-11-08 23:25 . 2009-11-08 23:25 1935360 c:\windows\Installer\1beb0b.msp

+ 2010-05-20 18:57 . 2010-05-20 18:57 4989952 c:\windows\Installer\1beaf0.msp

+ 2010-05-20 18:57 . 2010-05-20 18:57 5907456 c:\windows\Installer\1beaef.msp

+ 2008-04-08 14:17 . 2010-09-20 09:53 1172240

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 1172240

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-04-08 14:17 . 2010-09-20 09:53 1165584

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

- 2008-04-08 14:17 . 2010-06-11 14:54 1165584

c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-09-20 09:48 . 2010-05-04 17:20 1168384 c:\windows\ie7updates\KB2183461-IE7\urlmon.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 3600384 c:\windows\ie7updates\KB2183461-IE7\mshtml.dll

+ 2010-09-20 09:48 . 2010-05-04 17:20 6067200 c:\windows\ie7updates\KB2183461-IE7\ieframe.dll

+ 2010-03-15 12:37 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2010-03-15 12:37 . 2010-02-17 08:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2010-03-15 12:37 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2010-03-15 12:37 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2010-03-15 12:37 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2010-03-15 12:37 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2010-03-15 12:37 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2010-03-15 12:37 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-09-20 09:45 . 2010-09-20 09:45 3325440

c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll

+ 2010-09-20 09:50 . 2010-09-20 09:50 1049600

c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClie

ntsideProviders.ni.dll

+ 2010-09-20 09:45 . 2010-09-20 09:45 7949824

c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll

+ 2010-09-20 09:50 . 2010-09-20 09:50 5450752

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 1356288

c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowS

ervices.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 1908224

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.

Runtime.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 4514304

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.

ComponentModel.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 2992640

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.

Activities.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 1840640

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Servic

es.ni.dll

+ 2010-09-20 10:10 . 2010-09-20 10:10 2209280

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.n

i.dll

+ 2010-09-20 10:09 . 2010-09-20 10:09 2403328

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Exten

sions.ni.dll

+ 2010-09-20 09:50 . 2010-09-20 09:50 1917952

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll

+ 2010-09-20 10:09 . 2010-09-20 10:09 1706496

c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceMo

del.Web.ni.dll

+ 2010-09-20 09:52 . 2010-09-20 09:52 2345472

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.S

erialization.ni.dll

+ 2010-09-20 09:50 . 2010-09-20 09:50 1035776

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dl

l

+ 2010-09-20 09:52 . 2010-09-20 09:52 1070080

c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityM

odel.ni.dll

+ 2010-09-20 09:49 . 2010-09-20 09:49 1587200

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 1116672

c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.Directory

Services.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 1801216

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.n

i.dll

+ 2010-09-20 09:48 . 2010-09-20 09:48 6616576

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 2510336

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml

.ni.dll

+ 2010-09-20 09:57 . 2010-09-20 09:57 1328128

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Serv

ices.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 1115136

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\58202ed61096113d08815c0a78313b66\System.Data.Orac

leClient.ni.dll

+ 2010-09-20 09:49 . 2010-09-20 09:49 2516480

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.

dll

+ 2010-09-20 09:57 . 2010-09-20 09:57 9924096

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity

.ni.dll

+ 2010-09-20 09:48 . 2010-09-20 09:48 2295296

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 1005568

c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\49bd0e21f7287b808c5b25004c4a6b2b\Sony.MediaSoftwa

re.clrshared.ni.dll

+ 2010-09-20 09:48 . 2010-09-20 09:48 2128896

c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll

+ 2010-09-20 09:48 . 2010-09-20 09:48 1657856

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll

+ 2010-09-20 09:45 . 2010-09-20 09:45 1451008

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuil

dTasks.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 1712128

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.Visual

Basic.ni.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 1093120

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transa

ctions.Bridge.ni.dll

+ 2010-09-20 10:09 . 2010-09-20 10:09 2332160

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.n

i.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 1620992

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.

Tasks.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 1966080

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.

Tasks.v3.5.ni.dll

+ 2010-09-20 09:56 . 2010-09-20 09:56 1888768

c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.

Engine.ni.dll

+ 2010-09-20 09:54 . 2010-09-20 09:54 1490944

c:\windows\assembly\NativeImages_v2.0.50727_32\MediaManager\ef2b61869185f7cdbb18f00ba32b87c1\MediaManager.ni.exe

+ 2010-09-20 09:54 . 2010-09-20 09:54 7510016

c:\windows\assembly\NativeImages_v2.0.50727_32\AppCommon\ffefaca6b53c1f109c2d1d55961b02e4\AppCommon.ni.dll

+ 2010-09-20 09:36 . 2010-09-20 09:36 1249280

c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 3182592

c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 3182592

c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 2048000

c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 2048000

c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 5025792

c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 5025792

c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 5062656

c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 5062656

c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-09-20 09:36 . 2010-09-20 09:36 5279744

c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2010-06-11 14:43 . 2010-06-11 14:43 5242880

c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-09-20 09:41 . 2010-09-20 09:41 5242880

c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-06-11 14:44 . 2010-06-11 14:44 2933248

c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 2933248

c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-09-20 09:36 . 2010-09-20 09:36 4210688

c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2010-03-11 12:29 . 2010-03-11 12:29 4210688

c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2010-09-20 09:42 . 2010-09-20 09:42 4550656

c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-04-24 07:51 . 2010-09-10 13:34 35552200 c:\windows\system32\MRT.exe

+ 2010-09-20 09:50 . 2010-09-20 09:50 20303872 c:\windows\Installer\1beb53.msp

+ 2010-07-10 19:06 . 2010-07-10 19:06 10120192 c:\windows\Installer\1beb48.msp

+ 2010-05-19 12:08 . 2010-05-19 12:08 11408896 c:\windows\Installer\1beb21.msp

+ 2010-03-31 00:23 . 2010-03-31 00:23 15638528 c:\windows\Installer\1beb17.msp

+ 2010-05-20 18:58 . 2010-05-20 18:58 12114432 c:\windows\Installer\1bead3.msp

+ 2007-08-28 23:13 . 2007-08-28 23:13 10367352

c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6215\MSACCESS.EXE

+ 2010-09-20 09:50 . 2010-09-20 09:50 12430848

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.F

orms.ni.dll

+ 2010-09-20 09:55 . 2010-09-20 09:55 11798016

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll

+ 2010-09-20 09:53 . 2010-09-20 09:53 17403904

c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceMod

el.ni.dll

+ 2010-09-20 09:49 . 2010-09-20 09:49 10683392

c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\b307acf63075b997d02a97a7492d0d9c\System.Design.ni.dll

+ 2010-09-20 09:47 . 2010-09-20 09:47 14328320

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFram

ework.ni.dll

+ 2010-09-20 09:46 . 2010-09-20 09:46 12215808

c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.

dll

+ 2010-09-20 09:44 . 2010-09-20 09:44 11490816

c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"{E0A2501B-F1A1-65FB-2FEA-50C8FA682158}"="c:\documents and settings\***\Application Data\Adocty\nyba.exe" [2009-06-21

145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-09-09 860160]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-09-09 753664]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]

"SoloSentry"="c:\srnmic~1\SOLOSENT.EXE" [2010-09-20 135168]

"SoloSchedule"="c:\srnmic~1\SOLOCFG.EXE" [2010-09-20 360448]

"SoloSysCheck"="c:\srnmic~1\SYSCHECK.COM" [2010-03-27 237568]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

"nonep"="c:\program files\riv87\oops.exe" [2010-09-20 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\intel\wireless\bin\ifrmewrksrv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device

Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 13:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-07-14 16:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-07-14 16:07 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inini]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]

2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2009-11-10 09:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nonep]

2010-09-07 22:03 211456 ----a-w- c:\program files\syst32\oops.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-07 21:59 479232 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 09:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Common Files\\ProspectSoft Shared\\ASA\\Win32\\dbeng9.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 22:16 390528]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe

[01/07/2010 12:07 840936]

S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 0]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 0]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma

Software Group\SpyHunter\esgiguard.sys [?]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [06/08/2009 11:58 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [06/08/2009

11:58 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [06/08/2009 11:58

122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers

(WDM);c:\windows\system32\drivers\s1018mgmt.sys [06/08/2009 11:59 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys

[06/08/2009 11:59 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [06/08/2009

11:59 111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys

[06/08/2009 11:59 117544]

.

Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://downloadcenter.intel.com/detail_desc.aspx?DwnldID=8061&ProductID=1784

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-20 11:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(912)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(836)

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Kontiki\KService.exe

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Trusteer\Rapport\bin\RapportService.exe

.

**************************************************************************

.

Completion time: 2010-09-20 11:25:07 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-20 10:24

ComboFix2.txt 2010-09-15 16:18

ComboFix3.txt 2010-09-13 19:21

ComboFix4.txt 2010-09-09 08:18

Pre-Run: 66,321,362,944 bytes free

Post-Run: 65,431,805,952 bytes free

- - End Of File - - 4F54F5DC1120A70EC4EB942A81DB944D

Link to post
Share on other sites

I saved the log file before I removed everything. I did actually run another MWB log straight after the restart which from memory only contained the desktoplayer/userinit/trojan.agent entries,but I didn't try a subsequent removal. I then ran the Combofix procedure.

I can post the second logfile in the morning if needed.

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

File::
c:\program files\microsoft\desktoplayer.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Shortly after start of combofix scan, the following message came up and the computer rebooted:

"Combofix has detected the presence of rootkit activity and needs to reboot"

The computer seems to have slowed down again

Log details below

ComboFix 10-09-19.03 - *** 22/09/2010 16:10:35.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.694 [GMT 1:00]

Running from: c:\documents and settings\***\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\***\Desktop\CFScript.txt

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

* Created a new restore point

FILE ::

"c:\program files\microsoft\desktoplayer.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\***\Application Data\Adocty

c:\documents and settings\***\Application Data\Adocty\nyba.exe

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\microsoft\desktoplayer.exe

c:\program files\Microsoft\DesktopLayerSrv.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))

.

2010-09-20 09:21 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-09-15 18:03 . 2010-09-18 16:20 -------- d-----w- c:\program files\sys32

2010-09-09 12:39 . 2010-09-09 12:39 -------- d-----w- c:\program files\Trend Micro

2010-09-08 14:30 . 2010-09-20 10:15 -------- d-----w- c:\program files\riv87

2010-09-07 21:43 . 2010-09-07 21:43 -------- d-----w- c:\program files\syst32

2010-09-07 21:43 . 2010-09-22 15:17 -------- d-----w- c:\program files\Microsoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-22 15:17 . 2009-07-09 11:19 -------- d-----w- c:\documents and settings\All Users\Application

Data\Kontiki

2010-09-22 15:09 . 2008-04-08 15:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-09-22 14:56 . 2010-07-02 05:58 -------- d-----w- c:\documents and settings\***\Application Data\Keel

2010-09-20 09:59 . 2009-07-07 09:57 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-20 09:53 . 2008-04-08 14:12 -------- d-----w- c:\documents and settings\All Users\Application

Data\Microsoft Help

2010-09-20 08:52 . 2009-03-27 08:28 -------- d-----w- c:\documents and settings\***\Application Data\Raar

2010-09-20 07:58 . 2010-04-04 13:22 -------- d-----w- c:\documents and settings\***\Application Data\Nusy

2010-09-20 07:38 . 2010-07-19 10:46 120 ----a-w- c:\windows\Mmaci.dat

2010-09-20 07:38 . 2010-07-19 10:46 0 ----a-w- c:\windows\Wrejupukalegete.bin

2010-09-16 12:18 . 2009-06-16 08:40 -------- d-----w- c:\program files\Reali-Design

2010-09-09 10:50 . 2010-02-23 08:00 -------- d-----w- c:\documents and settings\***\Application Data\Uxmoez

2010-09-09 08:49 . 2008-09-11 11:27 -------- d-----w- c:\documents and settings\***\Application Data\Kaiz

2010-09-09 08:31 . 2009-10-07 14:59 -------- d-----w- c:\documents and settings\***\Application Data\Ydaz

2010-09-09 08:10 . 2008-04-30 02:42 -------- d-----w- c:\documents and settings\***\Application Data\Utakl

2010-09-09 08:04 . 2009-07-10 05:35 -------- d-----w- c:\documents and settings\***\Application Data\Qeca

2010-09-09 07:48 . 2010-05-07 10:07 -------- d-----w- c:\documents and settings\***\Application Data\Ogoton

2010-09-08 15:04 . 2008-09-29 02:51 -------- d-----w- c:\documents and settings\***\Application Data\Ewrahi

2010-09-08 14:40 . 2010-05-16 11:24 -------- d-----w- c:\documents and settings\***\Application Data\Oqid

2010-09-08 14:40 . 2010-01-21 11:30 -------- d-----w- c:\documents and settings\***\Application Data\Axyduc

2010-09-08 14:31 . 2008-09-22 14:26 -------- d-----w- c:\documents and settings\***\Application Data\Geope

2010-09-08 14:29 . 2009-01-19 14:21 29748924 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2010-09-07 22:13 . 2009-01-08 15:12 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-07 22:04 . 2009-08-11 19:27 217600 ----a-w- C:\UNWISE.EXE

2010-09-07 22:03 . 2008-07-12 09:38 -------- d-----w- c:\documents and settings\***\Application Data\Foacru

2010-09-07 21:45 . 2008-10-06 17:24 167936 ----a-w- c:\documents and settings\***\Application

Data\U3\temp\cleanup.exe

2010-09-07 21:45 . 2009-06-12 11:53 207872 ----a-w- c:\documents and settings\***\Application

Data\Sun\Java\jre1.6.0_14\lzma.dll

2010-09-07 21:45 . 2010-05-23 12:07 405504 ----a-w- c:\documents and settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-70c9cf9b-n\msvcr71.dll

2010-09-07 21:43 . 2010-07-01 11:07 491520 ----a-w- c:\documents and settings\All Users\Application

Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-09-07 21:43 . 2010-03-01 21:16 307200 ----a-w- c:\documents and settings\All Users\Application

Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll

2010-09-07 21:43 . 2010-09-08 15:02 170982 ----a-w-

c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2010-09-01 13:37 . 2010-03-16 18:36 -------- d-----w- c:\documents and settings\***\Application Data\Ofexug

2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-05 21:18 . 2010-08-05 21:18 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2010-07-26 12:44 . 2010-06-28 16:59 -------- d-----w- c:\program files\iTunes

2010-07-26 12:43 . 2010-07-26 12:43 -------- d-----w- c:\program files\iPod

2010-07-26 12:43 . 2008-04-08 15:47 -------- d-----w- c:\program files\Common Files\Apple

2010-07-26 12:36 . 2010-07-26 12:36 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple

Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-22 15:49 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2010-04-06 11:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-21 14:49 . 2010-07-21 14:49 0 ----a-w- c:\documents and settings\***\Application

Data\Trusteer\Rapport\RapportBukaExt.dll

2010-07-21 14:49 . 2010-07-21 14:49 339968 ----a-w- c:\windows\system32\RapportBuka.dll

2010-07-20 10:20 . 2010-07-20 10:20 38 ----a-w- c:\windows\SOLOSCAN.BAT

2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-09-20_10.15.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-22 15:09 . 2010-09-22 15:09 16384 c:\windows\Temp\Perflib_Perfdata_560.dat

+ 2010-09-22 15:07 . 2010-09-22 15:07 16384 c:\windows\Temp\Perflib_Perfdata_43c.dat

+ 2010-09-22 15:17 . 2010-09-22 15:17 16384 c:\windows\Temp\Perflib_Perfdata_27fc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-09-09 860160]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-09-09 753664]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]

"SoloSentry"="c:\srnmic~1\SOLOSENT.EXE" [2010-09-20 135168]

"SoloSchedule"="c:\srnmic~1\SOLOCFG.EXE" [2010-09-20 360448]

"SoloSysCheck"="c:\srnmic~1\SYSCHECK.COM" [2010-03-27 237568]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device

Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 13:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-07-14 16:08 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-07-14 16:07 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inini]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]

2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]

2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2009-11-10 09:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nonep]

2010-09-07 22:03 211456 ----a-w- c:\program files\syst32\oops.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-07 21:59 479232 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 09:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Common Files\\ProspectSoft Shared\\ASA\\Win32\\dbeng9.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [01/03/2010 22:16 390528]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010

12:07 840936]

S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 0]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 0]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma

Software Group\SpyHunter\esgiguard.sys [?]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [06/08/2009 11:58 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [06/08/2009 11:58

15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [06/08/2009 11:58 122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys

[06/08/2009 11:59 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [06/08/2009

11:59 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [06/08/2009 11:59

111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [06/08/2009

11:59 117544]

.

Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://downloadcenter.intel.com/detail_desc.aspx?DwnldID=8061&ProductID=1784

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-{E0A2501B-F1A1-65FB-2FEA-50C8FA682158} - c:\documents and settings\***\Application Data\Adocty\nyba.exe

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-09-22 16:19:49

ComboFix-quarantined-files.txt 2010-09-22 15:19

ComboFix2.txt 2010-09-20 10:25

ComboFix3.txt 2010-09-15 16:18

ComboFix4.txt 2010-09-13 19:21

ComboFix5.txt 2010-09-22 15:02

Pre-Run: 63,133,958,144 bytes free

Post-Run: 63,111,397,376 bytes free

- - End Of File - - 2F59CA22B1A74B265716868C0385F86D

Link to post
Share on other sites

Do this now:

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

After the above:

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

Link to post
Share on other sites

Sorry again about the delay in replying .

I did the clean up but a subsequent MWB scan shows the infection is still present.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4655

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

24/09/2010 14:11:53

mbam-log-2010-09-24 (14-11-53).txt

Scan type: Quick scan

Objects scanned: 142426

Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{e0a2501b-f1a1-65fb-2fea-50c8fa682158} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\srnmic~1\solocfgsrv.exe,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Peter\Application Data\Hehi\wigay.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

C:\Program Files\riv87\oops.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
    Kas-Savetxt.gif
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

Here's the results of the scan

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, September 27, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, September 27, 2010 04:28:57

Records in database: 4243143

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Objects scanned: 90075

Threats found: 4

Infected objects found: 524

Suspicious objects found: 0

Scan duration: 03:02:22

File name / Threat / Threats count

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe/C:\Program

Files\Intel\Wireless\bin\ZCfgSvc.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\PfMgrApi.dll/C:\Program

Files\Intel\Wireless\bin\PfMgrApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\TraceAPI.DLL/C:\Program

Files\Intel\Wireless\bin\TraceAPI.DLL Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\PsRegApi.dll/C:\Program

Files\Intel\Wireless\bin\PsRegApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\DbEngine.dll/C:\Program

Files\Intel\Wireless\bin\DbEngine.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll/C:\Program

Files\Intel\Wireless\bin\LIBEAY32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\IntStngs.dll/C:\Program

Files\Intel\Wireless\bin\IntStngs.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\MurocApi.dll/C:\Program

Files\Intel\Wireless\bin\MurocApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\bin\S24MUDLL.dll/C:\Program

Files\Intel\Wireless\bin\S24MUDLL.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe/C:\Program

Files\Intel\Wireless\Bin\ifrmewrk.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll/C:\Program

Files\Intel\Wireless\Bin\PsRegApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll/C:\Program

Files\Intel\Wireless\Bin\LIBEAY32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\IntStngs.dll/C:\Program

Files\Intel\Wireless\Bin\IntStngs.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL/C:\Program

Files\Intel\Wireless\Bin\TraceAPI.DLL Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\MurocApi.dll/C:\Program

Files\Intel\Wireless\Bin\MurocApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll/C:\Program

Files\Intel\Wireless\Bin\S24MUDLL.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll/C:\Program

Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll/C:\Program

Files\Intel\Wireless\Bin\PfMgrApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\DbEngine.dll/C:\Program

Files\Intel\Wireless\Bin\DbEngine.dll Infected: Virus.Win32.Nimnul.a 1

C:\SRNMIC~1\SOLOSENT.EXE/C:\SRNMIC~1\SOLOSENT.EXE Infected: Virus.Win32.Nimnul.a 1

C:\SRNMIC~1\SOLOCFG.EXE/C:\SRNMIC~1\SOLOCFG.EXE Infected: Virus.Win32.Nimnul.a 1

C:\PROGRA~1\Java\jre6\bin\client\jvm.dll/C:\PROGRA~1\Java\jre6\bin\client\jvm.dll

Infected: Virus.Win32.Nimnul.a 1

C:\PROGRA~1\Java\jre6\bin\java.dll/C:\PROGRA~1\Java\jre6\bin\java.dll Infected:

Virus.Win32.Nimnul.a 1

C:\PROGRA~1\Java\jre6\bin\hpi.dll/C:\PROGRA~1\Java\jre6\bin\hpi.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\deploy.dll/C:\Program Files\Java\jre6\bin\deploy.dll

Infected: Virus.Win32.Nimnul.a 2

C:\Program Files\Java\jre6\bin\net.dll/C:\Program Files\Java\jre6\bin\net.dll Infected:

Virus.Win32.Nimnul.a 2

C:\Program Files\Java\jre6\bin\regutils.dll/C:\Program Files\Java\jre6\bin\regutils.dll

Infected: Virus.Win32.Nimnul.a 2

C:\Program Files\Java\jre6\bin\client\jvm.dll/C:\Program

Files\Java\jre6\bin\client\jvm.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\java.dll/C:\Program Files\Java\jre6\bin\java.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\hpi.dll/C:\Program Files\Java\jre6\bin\hpi.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Local

Settings\temp\jkos-***\binaries\ScanningProcess.exe/C:\Documents and Settings\***\Local

Settings\temp\jkos-***\binaries\ScanningProcess.exe Infected: Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Local

Settings\temp\jkos-***\binaries\prloader.dll/C:\Documents and Settings\***\Local

Settings\temp\jkos-***\binaries\prloader.dll Infected: Virus.Win32.Nimnul.a 1

C:\a93c8b32d7142a059ad9\i386\filterpipelineprintproc.dll Infected:

Virus.Win32.Nimnul.a 1

C:\a93c8b32d7142a059ad9\i386\mxdwdrv.dll Infected: Virus.Win32.Nimnul.a 1

C:\a93c8b32d7142a059ad9\i386\xpssvcs.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R114079\CSVer.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R114079\Instngin.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R114079\Setup.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R118436\setup.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R118436\System32\ct32.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Instngin.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\PCIUtil.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Setup.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\hccutils.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\hkcmd.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\ialmcoin.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\ialmrem.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\ialmudlg.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxcfg.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxdev.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxdo.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxext.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxpers.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxpph.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxress.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxsrvc.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxtray.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igfxzoom.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\igldev32.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\iglicd32.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R135765\Win2000\oemdspif.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R138747\Setup.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R138747\XP\Apps\IA32\iProData\iconvrtr.exe Infected:

Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R138747\XP\Apps\IA32\iProInst.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R138747\XP\Drivers\iProdifx.EXE Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R138747\XP\Drivers\NETw2c32.DLL Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R138747\XP\Drivers\NETw3c32.DLL Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R144793\setup.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R144793\System32\ct32.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R171789\HDAQFE\win2k_xp\us\kb835221.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R171789\WDM\st325602.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R171789\WDM\stacapi.dll Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R171789\WDM\stacsv.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\drivers\R171789\WDM\suhlp.exe Infected: Virus.Win32.Nimnul.a 1

C:\DELL\UWAKEOFF.EXE Infected: Virus.Win32.Nimnul.a 1

C:\DELL\UWAKEON.EXE Infected: Virus.Win32.Nimnul.a 1

C:\Documents and Settings\All Users\Application

Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\All Users\Application

Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\NetworkService\Application

Data\Sun\Java\Deployment\cache\6.0\17\6aa5851-4ca1d886 Infected:

Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\NetworkService\Application

Data\Sun\Java\Deployment\cache\6.0\17\6aa5851-4ca1d886 Infected:

Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\NetworkService\Application

Data\Sun\Java\Deployment\cache\6.0\17\6aa5851-4ca1d886 Infected:

Trojan-Downloader.Java.Agent.fv 1

C:\Documents and Settings\NetworkService\Application

Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-79e50e04 Infected:

Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\NetworkService\Application

Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-79e50e04 Infected:

Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\NetworkService\Application

Data\Sun\Java\Deployment\cache\6.0\27\11dcc79b-79e50e04 Infected:

Trojan-Downloader.Java.Agent.fv 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-2ce58d77-n\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\18\3c732592-48142164 Infected:

Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\18\3c732592-48142164 Infected:

Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\18\3c732592-48142164 Infected:

Trojan-Downloader.Java.Agent.fv 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5e7f41ef-n\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-46a01e52-n\gluegen-rt.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-47fc5b68-n\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-70c9cf9b-n\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\54\1a209876-3e718673-n\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\54\1a209876-62b46975-n\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\57\135a9ff9-10ba14b6 Infected:

Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\57\135a9ff9-10ba14b6 Infected:

Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\57\135a9ff9-10ba14b6 Infected:

Trojan-Downloader.Java.Agent.fv 1

C:\Documents and Settings\***\Application

Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2b0928ca-n\jogl.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application Data\Sun\Java\jre1.6.0_14\lzma.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Application Data\U3\temp\cleanup.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Local Settings\temp\jkos-***\binaries\msvcr80.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Local Settings\temp\jkos-***\binaries\prLoader.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Local Settings\temp\jkos-***\binaries\prremote.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Documents and Settings\***\Local Settings\temp\jkos-***\binaries\ScanningProcess.exe

Infected: Virus.Win32.Nimnul.a 1

C:\Intel\Intel® PRO Wireless Network Connection ID Tool\IntelNCIDT.exe Infected:

Virus.Win32.Nimnul.a 1

C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\msvcr80.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Adobe\Reader 8.0\Esl\AiodLite.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Adobe\Reader 8.0\Reader\ACE.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Adobe\Reader 8.0\Reader\Acrofx32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Adobe\Reader 8.0\Reader\rt3d.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Avanquest update\CheckLiveUpdate.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Avanquest update\Engine\ISSetup.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Avanquest update\LiveUpdateLauncher.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Avanquest update\RunAs.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver2.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\iGdiCnv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IScrCnv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\ISRT.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IUserCnv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\iGdiCnv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IScrCnv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\ISRT.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IUserCnv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\IScript\IScript.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common

Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common

Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\DAO\dao350.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\ATL70.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\CMDDEF.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\Compsvcspkg.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\CSSPKG.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\HTMDLGS.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\HTMED.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\MSENV.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\MSVCR70.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\MSVCR71.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\TRIDSN.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS

Runtime\VisualStudioTeamCore.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\VSBROWSE.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\VSTLBINF.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\PROOF\MSTHES3.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1STAR.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\WTSP61MS.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqase18.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqase18s.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqase19.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqase19s.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqbas18.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqbas19.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqdb219.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqicu19.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqora18s.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqora19.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqora19s.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqutl18.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Drivers\wqutl19.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft

Shared\ASA\Mobilink\Redirector\isapi\iaredirect.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft

Shared\ASA\Mobilink\Redirector\nsapi\iaredirect.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmdnet9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmjava9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmlctr9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmlhttp9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmlmon.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmlsock9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmlsrv9.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmlstop.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmlsv9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmluser.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dbmsql9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\dnetodbc9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\KeyHH.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\ASA\Win32\mljodbc9.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\Html2Rtf.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\jre\bin\client\jvm.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\jre\bin\server\jvm.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\libjcc.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\pbdom90.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\pbejbclient90.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\pbsig90.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\PBXerces90.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\xerces-c_1_5_1.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder\xerces-c_2_1_0.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\atl71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\jre\bin\client\jvm.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\jre\bin\server\jvm.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\libjcc.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\libjutils.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_css.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_doc.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_htm.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_ic.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_obj.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_pdf.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_rtf.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_tls.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\tp13_wnd.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PowerBuilder115\xerces-c_2_6.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\ProspectSoft Shared\PSCore\Other\Html2Rtf.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Common Files\System\Ole DB\MSOLAP80.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Cricinfo Toolbar\RSSReader_plugin.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\libapsl.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\libccutils.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\libsdx2sdx.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\libsdxgrlib.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\libsdxviewutils.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\libspaceware.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\Microsoft.VC80.CRT\msvcr80.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\Microsoft.VC80.MFC\mfc80.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Delcam\PS-Exchange500606\sys\exec\Microsoft.VC80.MFC\mfc80u.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Free M4a to MP3 Converter\lame_enc.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Free M4a to MP3 Converter\m4atag.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Free M4a to MP3 Converter\m4a_converter.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Free M4a to MP3 Converter\m4a_menu.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\InstallShield Installation

Information\{0A649E72-DB35-4C54-968E-CECAECA7E293}\setup.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\InstallShield Installation

Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISSetup.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\InstallShield Installation

Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\ISSetup.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\acAuth.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\DbEngine.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\DrWiFi.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\Logview.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ManualDiag.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\ifrmewrkSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\ifrmewrksrvSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\IntStngs.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\iWrap.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\Libeay32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.DLL Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\MurocApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\pfQOSMgr.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\PfWizard.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\SsoGnENU.DLL Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\WiFiWMIP.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\ZCfgSvcSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Bin\zcfgsvcsrvSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Drivers\iProDifX.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Drivers\NETw2c32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Intel\Wireless\Drivers\NETw3c32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\axbridge.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\client\jvm.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\cmm.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\deploy.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\hpi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\hprof.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\instrument.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\j2pkcs11.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\java.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\javaSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jdwp.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jkernel.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jli.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jpicom.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jpiexp.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jpinscp.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jpioji.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\jpishare.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\management.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\net.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\new_plugin\msvcr71.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\npoji610.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\regutils.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\splashscreen.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\bin\wsdetect.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Java\jre6\lib\deploy\lzma.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\JawsSystems\Jaws PDF Creator\PDFCIS.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\JawsSystems\Jaws PDF Creator\ToPdf.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\LeapFrog\LeapFrog Connect\libeay32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\LeapFrog\LeapFrog Connect\QtNetwork4.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Microsoft Office\Office12\ADDINS\MSVCR71.DLL Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Microsoft Office\Office12\EXCHCSP.DLL Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Microsoft Silverlight\4.0.50826.0\coreclr.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\MSN\MSNCoreFiles\OOBE\obelog.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\MSN\MSNCoreFiles\OOBE\obepopc.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Navman\NavDesk 2008\shapelib.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Navman\NavDesk 2008\SQLite.Interop.DLL Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\O2CM-CE\O2 Connection Manager\loader.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\O2CM-CE\O2 Connection Manager\NwtGatewayDLL.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\PCLinq2 Hi-Speed USB Bridge Cable\linkliba.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\PCLinq2 Hi-Speed USB Bridge Cable\linklibu.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\PCLinq2 Hi-Speed USB Bridge Cable\pclinq2a.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\PCLinq2 Hi-Speed USB Bridge Cable\pclinq2u.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\PCLinq2 Hi-Speed USB Bridge Cable\Uninst.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\PictureViewer.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\Plugins\npqtplugin.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\Plugins\npqtplugin2.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\Plugins\npqtplugin3.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\Plugins\npqtplugin4.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\Plugins\npqtplugin5.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\Plugins\npqtplugin6.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\Plugins\npqtplugin7.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\ExportControllerPS.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\QTCF.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\QTJNative.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\QTMLClient.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program

Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLo

calized.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program

Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalize

d.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program

Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalize

d.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program

Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalize

d.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Registry Patrol\MemWarp.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\riv87\oops.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\riv87\oopsSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Safari\CFNetwork.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Safari\CoreFoundation.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Safari\pthreadVC2.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Safari\PubSubDLL.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Safari\SpellChecker.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Safari\SQLite3.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\PanelMgr\SPaddon.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\PanelMgr\SSMMgr.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\JobMon.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\msimg32.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\PSU\Data\PSU.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\PSU\Shared\msxml4.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\PSU\Shared\ssdevm.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\PSU\Shared\ssusbpn.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\PSU\Shared64\msxml4.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\PSU\Shared64\ssdevm.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\PSU\Shared64\ssusbpn.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\SecSNMPR.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\SMBalloon.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\SMOption.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\SPanel.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\spiomgr.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\ssmsrvc.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\Application\SPANEL\SPanel\UsbIO.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SetIP.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSDelAll.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSDIAG.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSFile.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSIcon.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSinst.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\ssinstAD.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSndii.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSNetMan.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSOpen.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSRun.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSTest.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\SSUtil.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\VECP\VISTA_64\sskinst.exe

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\data\wiainst.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\coinst.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\coinst.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvcm.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvdu.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvio.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvlf.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvn.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvo.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvu.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvu2.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_2000_VISTA_32\itdrvum.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855

Series\Install\PRINTER\SPL_PCL\WINXP_VISTA_64\coinst.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\SecSNMP.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\SetAlti.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Install\Ssres.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\JobMon.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\msimg32.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\PSU\psu.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\SecSNMPR.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\SMBalloon.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\SMOption.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\SPanel.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\spiomgr.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Samsung\Samsung ML-2855 Series\Spanel\UsbIO.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\HDAQFE\win2k_xp\us\kb835221.exe

Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\st325602.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacapi.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\suhlp.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\WDM\st325602.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\WDM\stacapi.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\SigmaTel\C-Major Audio\WDM\suhlp.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sky\VOD\svoddrm.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\atracplug\atracplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\aviplug\aviplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\dvrmsplg\dvrmsplg.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\fhgaacplug2\fhgaacplug2.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\flacplug\flacplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\m2tsplug\m2tsplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\m4visplug\aacadec.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\m4visplug\m4visplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\mcmp4plug\aacadec.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\mcmp4plug\mch264dec.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\mcmp4plug\mch264vout.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\mcmp4plug\mcmp4plug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\mcplug\mcplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\mp3plug2\mp3plug2.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\oggplug\oggplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\qt7plug\qt7plug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\sflgaplg\sflgaplg.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\sfpaplug\sfpaplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\wavplug\wavplug.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\FileIO

Plug-Ins\wmfplug3\wmfplug3.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\sfdvd.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\3GPPlayer.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\amrconv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\amrstreamconv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\AvqBTEnum.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\AvqBtSDK.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\BtDunCfg.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\BtPlatform.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\BVRP98.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\BvrpCtln.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\CAgdLNote.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\CAgdOutlook.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Calendar.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\CalEngine.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\CheckSumTool.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Codec.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Comm.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Contacts.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\File3GP.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\GrConv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\H263Decode.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\h263Encode.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdateClientTools.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\LogoEdit.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\LUKernel\_IsUser.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MelodyEdit.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Messaging.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MExplorer.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MMS3GP.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MMSEdit.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MmsKrnl.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MngDriver.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\ModemWiz.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MOSync.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MP4ACodec.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\MpegDecode.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PBKENGINE.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PbkLN.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PbkODBC.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PBKOE.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\pbkoutlk.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\PhoneUpdate.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\RasCnxMngr.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SyncEngine.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Toshiba.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\VistaCalendar.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\Wdpacn.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\WFP1N.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\wfp2n.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\WidComm.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\WinInetErrors.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\WmaConv.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\WUNPACLN.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\SopCast\SopCast.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\SopCast\StreamServer\msvcr71.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\SopCast\update\UNZIP.EXE Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Sports Interactive\Football Manager 2006\dbghelp.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\Sports Interactive\Football Manager 2006\msvcr71.dll Infected:

Virus.Win32.Nimnul.a 1

C:\Program Files\syst32\oops.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Windows Media Player\wmlaunch.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Windows Media Player\wmpnetwk.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Windows Media Player\wmpnscfg.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Windows Media Player\wmpnssci.dll Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\Windows Media Player\wmpshare.exe Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\WinZip\WZSEPE32.EXE Infected: Virus.Win32.Nimnul.a 1

C:\Program Files\ZoneAlarm\UNWISE.EXE Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\EMDISK.EXE Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\SOLOCFG.EXE Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\SOLOCFGSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\SOLOSCAN.DLL Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\SOLOSCAN.EXE Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\SOLOSENT.EXE Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\SOLOSENTSrv.exe Infected: Virus.Win32.Nimnul.a 1

C:\SRN Micro\temp\SOLOSCAN.DLL Infected: Virus.Win32.Nimnul.a 1

C:\UNWISE.EXE Infected: Virus.Win32.Nimnul.a 1

Selected area has been scanned.

Link to post
Share on other sites

That doesn't look too good.

Lets see if we can claen them.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the activex control to install

Click Start

Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.