Spyware guard 2009

2

Spyware guard 2009

offline
  • Gibli 
  • Zaslužni građanin
  • Pridružio: 04 Mar 2005
  • Poruke: 515
  • Gde živiš: Zemun

U dnu ekrana za update pise

Last start: Update files are corrupted

Mogu posle probati da ga reinstaliram.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8454
  • Gde živiš: Novi Beograd

Reinstaliraj ga.

offline
  • Gibli 
  • Zaslužni građanin
  • Pridružio: 04 Mar 2005
  • Poruke: 515
  • Gde živiš: Zemun

Probao sam da ga reinstaliram ali nije pomoglo.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8454
  • Gde živiš: Novi Beograd

Skini: ftp://ftp.symantec.com/public/english_us_canada/re.....l_Tool.exe

i pokreni ga, on bi trebalo da skloni sve ostatke Nortona.

Preporucujem ti da deinstaliras Spyhunter.

Iskljuci Antivirus ponovo.

Otvoriti Notepad i iskopirati sledeci tekst:

DirLook::
C:\d6f4b6fb4a6a2bca5a2139e925793b

Driver::
Usbeserts


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Gibli 
  • Zaslužni građanin
  • Pridružio: 04 Mar 2005
  • Poruke: 515
  • Gde živiš: Zemun

Moracemo da nastavimo prekosutra jer trenutno nemam pristup tom racunaru.

Dopuna: 26 Jan 2009 9:57

ComboFix mi je pre restart prijavio sledece:


Posto je ComboFix zavrsio posao onda sam se setio da deinstaliram SpyHunter, ali nece.

Evo i loga:
ComboFix 09-01-21.04 - Stanica1 2009-01-26 9:32:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.317 [GMT 1:00]
Running from: c:\uros\C-F.exe
Command switches used :: c:\uros\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\windows\system32\drivers\TDSSijso.sys
c:\windows\system32\TDSSckvy.dll
c:\windows\system32\TDSSedwn.dll
c:\windows\system32\TDSSeuaq.dll
c:\windows\system32\TDSSfhvv.log
c:\windows\system32\TDSShphc.dll
c:\windows\system32\TDSSierd.dat
c:\windows\system32\TDSSnhvw.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSurgi.dll
c:\windows\system32\TDSSuyka.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
-------\Service_Usbeserts


((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-26 09:17 . 2009-01-26 09:17 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-26 09:16 . 2009-01-26 09:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-24 13:34 . 2008-10-03 11:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-01-24 10:22 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-24 10:22 . 2008-06-24 17:23 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2009-01-24 10:21 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-24 10:21 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-24 10:21 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-24 10:21 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-24 10:20 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-24 10:20 . 2008-12-11 12:57 333,184 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-24 10:20 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-01-24 10:15 . 2008-12-12 18:33 3,060,224 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-01-24 10:14 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-24 10:14 . 2008-05-01 15:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-01-24 10:13 . 2008-09-04 17:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-01-24 10:12 . 2009-01-26 09:23 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-23 16:57 . 2008-01-10 06:20 257,024 -----c--- c:\windows\system32\dllcache\infocomm.dll
2009-01-23 16:56 . 2008-06-20 11:45 360,320 -----c--- c:\windows\system32\dllcache\tcpip.sys
2009-01-23 16:56 . 2008-06-20 18:41 245,248 -----c--- c:\windows\system32\dllcache\mswsock.dll
2009-01-23 16:56 . 2006-08-16 12:58 100,352 -----c--- c:\windows\system32\dllcache\6to4svc.dll
2009-01-23 16:28 . 2008-09-15 12:57 1,846,016 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-23 16:27 . 2008-08-14 10:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys
2009-01-23 16:01 . 2009-01-23 16:01 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-23 16:01 . 2009-01-23 16:01 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-23 16:00 . 2009-01-23 16:00 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-23 16:00 . 2009-01-26 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-23 16:00 . 2009-01-26 09:39 221,216 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-23 16:00 . 2009-01-26 09:38 1,836 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-23 16:00 . 2009-01-26 09:36 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-23 16:00 . 2009-01-26 09:36 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-23 15:58 . 2009-01-23 15:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-23 15:46 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-23 15:45 . 2004-08-04 00:56 239,616 --------- c:\windows\system32\wstrenderer.ax
2009-01-23 15:45 . 2004-08-04 00:56 164,352 --------- c:\windows\system32\wstpager.ax
2009-01-23 15:45 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll
2009-01-23 15:45 . 2004-08-04 00:56 53,248 --------- c:\windows\system32\vbicodec.ax
2009-01-23 15:45 . 2004-08-04 00:56 10,752 --------- c:\windows\system32\smtpapi.dll
2009-01-23 15:45 . 2004-08-04 00:56 9,728 --------- c:\windows\system32\rwnh.dll
2009-01-23 15:45 . 2004-08-03 22:59 9,728 --------- c:\windows\system32\comsdupd.exe
2009-01-23 15:37 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-01-23 15:36 . 2004-07-17 11:40 19,528 --a------ c:\windows\002447_.tmp
2009-01-23 15:35 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-01-23 15:26 . 2009-01-23 15:49 <DIR> d-------- C:\d6f4b6fb4a6a2bca5a2139e925793b
2009-01-20 11:11 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Skype
2009-01-20 10:24 . 2008-07-23 14:12 7,851,704 --a------ c:\temp\spyhunterS.exe
2009-01-20 10:24 . 2008-07-18 16:40 1,076,384 --a------ c:\temp\def.dat
2009-01-20 10:24 . 2008-07-18 17:20 643,072 --a------ c:\temp\Common.dll
2009-01-20 10:12 . 2009-01-26 09:32 <DIR> d-------- C:\uros
2009-01-20 08:39 . 2009-01-20 08:39 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-19 15:34 . 2009-01-20 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-15 17:22 . 2009-01-15 17:22 <DIR> d-------- c:\documents and settings\Stanica1\Application Data\skypePM
2009-01-15 17:22 . 2009-01-15 17:22 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-15 17:20 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Skype(2)
2009-01-15 17:20 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Google
2009-01-05 12:21 . 2009-01-05 12:21 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-05 12:04 . 2009-01-05 12:29 <DIR> d-------- c:\program files\NOS
2009-01-05 12:04 . 2009-01-05 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 08:39 --------- d-----w c:\documents and settings\Stanica1\Application Data\Skype
2009-01-26 08:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-23 14:56 --------- d-----w c:\program files\MSN Messenger
2009-01-23 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-01-23 14:19 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-23 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2009-01-15 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-05 11:13 --------- d-----w c:\program files\Common Files\Adobe
2008-12-24 14:54 --------- d-----w c:\documents and settings\Stanica1\Application Data\U3
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll
2006-04-11 10:42 44 -c--a-w c:\program files\launcher.ini
2006-04-11 10:42 23 -c--a-w c:\program files\QTW.TPR
2006-04-11 10:42 1,171 -c--a-w c:\program files\TPRTech.INI
2005-07-14 09:15 17,536 -c--a-w c:\documents and settings\Stanica1\Application Data\GDIPFONTCACHEV1.DAT
2004-11-07 11:57 41,571 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2004-11-07 11:57 48,221 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2004-11-07 11:57 158,821 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\d6f4b6fb4a6a2bca5a2139e925793b ----

2009-01-23 15:29 93 --a------ c:\d6f4b6fb4a6a2bca5a2139e925793b\i386\update\update.log


((((((((((((((((((((((((((((( snapshot@2009-01-24_12.16.09.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-18 14:32:13 450,560 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944338-v2\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944338-v2\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
- 2005-08-06 16:47:35 7,168 -c--a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-26 08:19:39 8,192 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2005-08-06 16:47:33 32,768 -c--a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-26 08:19:41 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2005-08-06 16:47:28 716,800 -c--a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-26 08:19:49 720,896 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2005-08-06 16:47:28 299,008 -c--a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-26 08:19:41 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2005-08-06 16:47:35 32,768 -c--a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-01-26 08:19:46 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2005-08-06 16:47:37 299,008 -c--a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-26 08:19:44 303,104 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2005-08-06 16:47:33 1,290,240 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-01-26 08:19:47 1,294,336 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2005-08-06 16:47:33 1,699,840 -c--a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-26 08:19:39 1,703,936 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2005-08-06 16:47:33 86,016 -c--a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-26 08:19:48 90,112 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2005-08-06 16:47:34 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-26 08:19:44 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2005-08-06 16:47:33 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-26 08:19:42 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2005-08-06 16:47:33 64,000 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-01-26 08:19:42 66,560 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2005-08-06 16:47:34 368,640 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-26 08:19:46 372,736 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2005-08-06 16:47:34 241,664 -c--a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-26 08:19:49 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2005-08-06 16:47:34 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-26 08:19:45 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2005-08-06 16:47:34 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-26 08:19:42 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-08-06 16:47:34 77,824 -c--a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-26 08:19:43 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2005-08-06 16:47:34 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-26 08:19:47 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2005-08-06 16:47:36 819,200 -c--a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-01-26 08:19:38 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2005-08-06 16:47:34 57,344 -c--a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-26 08:19:41 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2005-08-06 16:47:34 569,344 -c--a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-26 08:19:40 573,440 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2005-08-06 16:47:34 1,245,184 -c--a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-26 08:19:48 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2005-08-06 16:47:35 2,039,808 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-26 08:19:43 2,052,096 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2005-08-06 16:47:35 1,335,296 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2009-01-26 08:19:45 1,339,392 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2005-08-06 16:47:34 1,216,512 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-01-26 08:19:50 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-01-26 08:20:06 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9bbb5221\CustomMarshalers.dll
+ 2009-01-26 08:21:00 3,379,200 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_96515389\mscorlib.dll
+ 2009-01-26 08:20:44 1,466,368 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e4d060f5\System.Design.dll
+ 2009-01-26 08:20:09 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d7187441\System.Drawing.Design.dll
+ 2009-01-26 08:20:50 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cfae740f\System.Drawing.dll
+ 2009-01-26 08:20:23 3,014,656 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_45cc8fc3\System.Windows.Forms.dll
+ 2009-01-26 08:20:37 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_747003cf\System.Xml.dll
+ 2009-01-26 08:20:04 1,953,792 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e416bed1\System.dll
+ 2005-08-06 16:48:20 3,289,088 ------w c:\windows\assembly\temp\0HM7G9MN4H\mscorlib.dll
+ 2005-08-06 16:48:35 2,994,176 ------w c:\windows\assembly\temp\2ZKXMFCPIN\System.Windows.Forms.dll
+ 2005-08-06 16:47:34 1,216,512 ------w c:\windows\assembly\temp\ABGL2RG5QF\System.dll
+ 2005-08-06 16:47:34 466,944 ------w c:\windows\assembly\temp\EF0PARSHQJ\System.Drawing.dll
+ 2005-08-06 16:47:35 1,335,296 ------w c:\windows\assembly\temp\ENGPYNG9IR\System.Xml.dll
+ 2005-08-06 16:47:34 368,640 ------w c:\windows\assembly\temp\ING1AVCHIR\System.Management.dll
+ 2005-08-06 16:47:34 323,584 ------w c:\windows\assembly\temp\IVO5ENO5Q3\System.Runtime.Remoting.dll
+ 2005-08-06 16:47:34 131,072 ------w c:\windows\assembly\temp\IVSPQV4L6F\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-08-06 16:48:30 835,584 ------w c:\windows\assembly\temp\KLUJK9ER89\System.Drawing.dll
+ 2005-08-06 16:48:28 1,929,216 ------w c:\windows\assembly\temp\UBWPMB4XAF\System.dll
+ 2005-08-06 16:47:35 2,039,808 ------w c:\windows\assembly\temp\YJOXYJCXE7\System.Windows.Forms.dll
+ 2005-08-06 16:48:39 2,076,672 ------w c:\windows\assembly\temp\YN4HM7WH6V\System.Xml.dll
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-26 08:17:10 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2003-02-20 17:19:32 253,952 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-15 00:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 17:19:34 20,480 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 00:49:18 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 17:19:38 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 00:49:26 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 17:19:36 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 00:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 17:09:08 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 23:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 08:20:44 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 10:23:28 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 08:21:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 10:23:44 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 17:06:20 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 23:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 13:30:14 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 05:24:38 7,168 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 13:31:00 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 05:24:40 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 13:31:04 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 17:09:40 196,608 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 23:35:30 196,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 05:26:36 716,800 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 13:28:58 720,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 05:26:38 299,008 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 13:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 05:25:04 49,152 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 13:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 05:25:04 49,152 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 13:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 17:09:12 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 23:32:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 17:09:12 233,472 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 23:32:46 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 17:06:32 311,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 23:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 17:09:16 98,304 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 23:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 05:26:34 2,088,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 17:09:18 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 23:33:22 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 17:09:18 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 23:33:24 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 17:07:34 2,494,464 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 17:08:32 2,482,176 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 15:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 17:09:30 90,112 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 23:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 05:26:46 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 13:28:48 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-20 17:09:34 319,488 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 23:35:04 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 05:26:38 1,290,240 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 13:32:00 1,294,336 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 05:25:42 299,008 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 13:31:14 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 05:26:42 1,699,840 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 13:29:02 1,703,936 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 05:26:44 86,016 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 13:28:54 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 05:26:46 1,216,512 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 13:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 05:26:50 466,944 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 13:28:58 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 05:26:50 241,664 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 13:28:56 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 17:09:36 64,000 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 23:35:12 66,560 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 05:26:52 368,640 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 13:31:58 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 05:26:54 241,664 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 13:31:12 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 05:26:56 323,584 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 13:28:58 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 05:26:56 131,072 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 13:31:54 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 05:26:58 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 13:28:52 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 05:27:00 126,976 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 13:28:54 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 05:27:02 1,245,184 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 13:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 05:27:06 819,200 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 13:28:58 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 05:24:18 57,344 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 13:28:52 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 05:27:06 569,344 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 13:31:16 573,440 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 05:27:08 2,039,808 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 13:32:02 2,052,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 05:27:10 1,335,296 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 13:29:00 1,339,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 12:51:38 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 08:20:38 737,280 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 10:23:20 737,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 03:04:18 1,032,192 -c--a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 07:15:14 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 18:10:40 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 01:11:56 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2004-08-03 23:56:42 100,352 ----a-w c:\windows\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w c:\windows\system32\6to4svc.dll
- 2004-08-03 23:56:42 1,016,832 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\browseui.dll
- 2004-08-03 23:56:42 150,528 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2009-01-24 11:01:43 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-26 08:31:37 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-24 11:01:43 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-26 08:31:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-24 11:01:43 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-26 08:31:37 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-03 23:56:42 1,053,696 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:37:04 1,023,488 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:37:02 151,040 -c----w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:37:02 1,054,208 -c----w c:\windows\system32\dllcache\danim.dll
+ 2008-06-20 22:11:12 148,992 -c----w c:\windows\system32\dllcache\dnsapi.dll
+ 2008-10-16 10:37:02 357,888 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:37:02 205,312 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll
+ 2008-10-16 10:37:02 55,808 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-15 09:45:01 18,432 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-16 10:37:02 251,392 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:37:02 96,256 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c----w c:\windows\system32\dllcache\jscript.dll
+ 2008-10-16 10:37:03 16,384 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-06-10 00:31:06 103,936 -c----w c:\windows\system32\dllcache\logagent.exe
+ 2008-10-16 10:37:03 449,024 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:37:02 146,432 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:37:02 532,480 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:37:02 39,424 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w c:\windows\system32\dllcache\quartz.dll
- 2001-08-23 12:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-10-16 10:37:03 1,494,528 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:37:03 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-06-20 14:22:08 225,920 -c----w c:\windows\system32\dllcache\tcpip6.sys
+ 2008-10-16 10:37:04 615,936 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c----w c:\windows\system32\dllcache\vbscript.dll
+ 2008-10-16 10:37:03 659,456 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-10 17:18:18 1,053,696 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-11-07 17:32:20 2,109,440 -c----w c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-03 23:56:44 148,480 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 22:11:12 148,992 ----a-w c:\windows\system32\dnsapi.dll
- 2004-08-03 22:10:38 274,304 ------w c:\windows\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\system32\drivers\bthport.sys
- 2004-08-03 22:15:18 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2001-08-23 12:00:00 200,064 -c--a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2004-08-03 22:14:42 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2004-08-03 22:07:46 223,616 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 14:22:08 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2004-08-03 23:56:44 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2004-08-03 23:56:44 201,728 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2004-08-03 23:56:44 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2004-08-03 23:56:44 55,808 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ------w c:\windows\system32\extmgr.dll
- 2004-08-03 23:56:44 278,016 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2004-08-03 23:56:44 249,344 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-03 23:56:44 678,400 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2004-08-03 23:56:44 257,024 ----a-w c:\windows\system32\inetsrv\infocomm.dll
+ 2008-01-10 05:20:21 257,024 ----a-w c:\windows\system32\inetsrv\infocomm.dll
- 2009-01-24 11:15:04 171,422 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-01-26 08:35:50 171,422 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2004-08-03 23:56:44 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\inseng.dll
- 2004-08-03 23:56:44 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll
- 2004-08-03 23:56:44 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2004-08-03 23:56:52 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 00:31:06 103,936 ----a-w c:\windows\system32\logagent.exe
- 2004-08-03 23:56:44 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2003-02-20 17:06:24 155,648 ----a-w c:\windows\system32\mscoree.dll
+ 2004-07-14 23:24:50 155,648 ----a-w c:\windows\system32\mscoree.dll
- 2003-02-20 16:43:38 16,896 -c--a-w c:\windows\system32\mscorier.dll
+ 2004-07-14 22:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll
- 2004-08-03 23:56:44 3,003,392 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll
- 2004-08-03 23:56:44 448,512 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-03 23:56:44 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\msrating.dll
- 2004-08-03 23:56:44 530,432 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\mstime.dll
- 2004-08-03 23:56:46 245,248 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll
- 2004-08-03 23:56:46 1,236,480 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2002-02-04 00:52:54 1,230,336 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 15:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2004-08-03 23:56:46 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2004-08-03 21:59:02 2,015,232 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:18:32 2,148,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe
- 2009-01-23 15:44:15 64,106 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-26 08:19:25 64,106 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-23 15:44:15 410,476 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-26 08:19:25 410,476 ----a-w c:\windows\system32\perfh009.dat
- 2004-08-03 23:56:46 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2004-08-03 23:56:46 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
- 2004-08-03 23:56:46 1,483,264 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
- 2004-08-03 23:56:46 473,600 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 ----a-w c:\windows\system32\shlwapi.dll
- 2004-08-03 23:56:46 246,302 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2004-08-03 23:56:48 601,088 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-03 23:56:48 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll
- 2004-08-03 23:56:48 656,384 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 10:37:03 659,456 ----a-w c:\windows\system32\wininet.dll
- 2004-08-03 23:56:48 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2004-08-03 23:57:04 2,105,344 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-10-15 14:00:41 351,744 ------w c:\windows\system32\xpsp3res.dll
+ 2009-01-26 08:37:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1bc.dat
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 15:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 401496]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-08-25 17679400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-23 4841472]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-10-06 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2003-09-23 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"wave2"= vacumd.dll
"mixer1"= vacumd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon iR1200-1300 Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon iR1200-1300 Status Window.LNK
backup=c:\windows\pss\Canon iR1200-1300 Status Window.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2002-01-08 01:24 401496 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2005-10-06 17:03 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a------ 2008-07-24 16:07 363591 c:\program files\Plaxo\3.14.0.44\PlaxoHelper_en.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2005-10-16 16:01 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-08-25 22:00 17679400 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2002-04-24 04:02 12288 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a--c--- 2004-12-02 09:34 37888 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 VirtualAudioCable;Virtual Audio Cable;c:\windows\system32\drivers\vackmd.sys [2005-08-29 24064]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [2006-01-20 22497]
S4 RapidPortM2;RapidPortM2;\??\c:\windows\System32\Drivers\CAPM2LP.SYS --> c:\windows\System32\Drivers\CAPM2LP.SYS [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://www.eiss.biz/eRoomSetup/client.cab
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 09:38:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\vacumd.dll

- - - - - - - > 'lsass.exe'(1048-)
c:\windows\system32\vacumd.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-26 9:42:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-26 08:42:54
ComboFix2.txt 2009-01-24 11:17:33

Pre-Run: 3,642,183,680 bytes free
Post-Run: 3,618,541,568 bytes free

664 --- E O F --- 2009-01-26 08:23:30

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8454
  • Gde živiš: Novi Beograd

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Priloži dobijeni izveštaj uz poruku korišćenjem opcije Prikači fajl.

offline
  • Gibli 
  • Zaslužni građanin
  • Pridružio: 04 Mar 2005
  • Poruke: 515
  • Gde živiš: Zemun

Pri pokretanju javlja Error-invalid PR image found.

Evo i reporta:
https://www.mycity.rs/must-login.png

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/01/27 17:23
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDDA1000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B81000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC2CE000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\config\system.LOG
Status: Size mismatch (API: 20480, Raw: 24576)

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av1.tmp
Status: Allocation size mismatch (API: 5570560, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av211.tmp
Status: Allocation size mismatch (API: 17072128, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av5.tmp
Status: Allocation size mismatch (API: 5570560, Raw: 0)

Path: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\av5F.tmp
Status: Allocation size mismatch (API: 17244160, Raw: 0)

Path: C:\Documents and Settings\Stanica1\Local Settings\Application Data\Microsoft\Messenger\mika@refot.com\SharingMetadata\Logs\Dfsr00005.log
Status: Size mismatch (API: 346915, Raw: 346780)

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee021224

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0217f8

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee023234

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022be6

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02099a

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024bc6

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0215f8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020ddc

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020fdc

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022ef6

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0250ce

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0210f2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02115a

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022da8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02466a

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee022a42

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020afc

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0213fc

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024bf0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee021348

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0211c2

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020ec6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020ca4

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0248d2

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02061c

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee023abe

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02077e

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024fa0

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02041a

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0230d6

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0216f6

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024764

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024c1a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee020b52

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024cfe

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024e2a

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee024596

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee0214c8

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xee02153a

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8454
  • Gde živiš: Novi Beograd

Poslednji logovi su OK.

Uradi jos ovo:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


Poz

Ko je trenutno na forumu
 

Ukupno su 551 korisnika na forumu :: 9 registrovanih, 3 sakrivenih i 539 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Drug pukovnik, Gama, Georgius, HrcAk47, ladro, panzerwaffe, Trpe Grozni, vathra, zlaya011