segue log combofix
+ 2010-06-11 08:19 . 2010-06-11 08:19 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-11 08:24 . 2010-06-11 08:24 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-11 08:24 . 2010-06-11 08:24 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-11 08:24 . 2010-06-11 08:24 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-08-17 00:53 . 2009-08-17 00:53 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-05-12 20:46 . 2009-05-26 11:41 402296 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-12 20:46 . 2009-05-26 11:41 233848 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-12 20:46 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-05-12 20:46 . 2009-05-26 11:41 402296 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-12 20:46 . 2009-05-26 11:41 763768 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-12 20:46 . 2009-05-26 11:41 233848 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:54 . 2010-01-29 14:54 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
- 2007-08-10 06:14 . 2005-02-24 17:35 726240 c:\windows\$hf_mig$\KB890859\update\update.exe
+ 2007-08-10 06:14 . 2010-06-13 07:56 726240 c:\windows\$hf_mig$\KB890859\update\update.exe
- 2007-08-12 09:40 . 2005-02-24 18:35 726240 c:\windows\$hf_mig$\KB890046\update\update.exe
+ 2007-08-12 09:40 . 2010-06-13 07:56 726240 c:\windows\$hf_mig$\KB890046\update\update.exe
+ 2007-08-10 06:18 . 2010-06-13 07:56 662528 c:\windows\$hf_mig$\KB888302\update\update.exe
- 2007-08-10 06:18 . 2004-11-30 12:47 662528 c:\windows\$hf_mig$\KB888302\update\update.exe
- 2007-08-12 09:44 . 2004-10-14 09:35 662528 c:\windows\$hf_mig$\KB887472\update\update.exe
+ 2007-08-12 09:44 . 2010-06-13 07:56 662528 c:\windows\$hf_mig$\KB887472\update\update.exe
+ 2007-08-10 06:17 . 2010-06-13 07:56 662528 c:\windows\$hf_mig$\KB886185\update\update.exe
- 2007-08-10 06:17 . 2004-10-14 18:35 662528 c:\windows\$hf_mig$\KB886185\update\update.exe
+ 2007-08-12 09:47 . 2010-06-13 07:56 662528 c:\windows\$hf_mig$\KB885836\update\update.exe
- 2007-08-12 09:47 . 2004-10-14 09:35 662528 c:\windows\$hf_mig$\KB885836\update\update.exe
+ 2007-08-12 09:47 . 2010-06-13 07:56 662528 c:\windows\$hf_mig$\KB885835\update\update.exe
- 2007-08-12 09:47 . 2004-10-14 09:35 662528 c:\windows\$hf_mig$\KB885835\update\update.exe
+ 2007-08-13 05:55 . 2010-06-13 07:56 662528 c:\windows\$hf_mig$\KB873339\update\update.exe
- 2007-08-13 05:55 . 2004-10-14 08:35 662528 c:\windows\$hf_mig$\KB873339\update\update.exe
+ 2004-08-19 12:00 . 2010-04-06 02:52 2462720 c:\windows\system32\WMVCore.dll
+ 2004-08-19 12:00 . 2010-05-06 10:32 1209344 c:\windows\system32\urlmon.dll
- 2004-08-19 12:00 . 2010-02-25 06:16 1209344 c:\windows\system32\urlmon.dll
- 2004-08-19 12:00 . 2009-11-27 17:12 1296896 c:\windows\system32\quartz.dll
+ 2004-08-19 12:00 . 2010-02-05 18:25 1296896 c:\windows\system32\quartz.dll
+ 2004-08-19 12:00 . 2010-05-06 10:32 5950976 c:\windows\system32\mshtml.dll
- 2007-08-13 16:34 . 2010-02-25 06:16 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2010-05-06 10:32 1985536 c:\windows\system32\iertutil.dll
+ 2010-05-19 11:52 . 2010-03-12 16:41 2074480 c:\windows\system32\DRVSTORE\VX6000_9648EB73F22649513FDB41D9DBE93A30CFBB20BE\VX6000Xp.sys
+ 2010-05-19 11:52 . 2010-03-12 16:41 1961328 c:\windows\system32\DRVSTORE\VX3000_A17A82730C7D038541072034CDAF4B2504049C63\VX3000.sys
+ 2010-05-19 11:52 . 2010-03-12 16:41 1961072 c:\windows\system32\DRVSTORE\VX1000_BCE047AC83D5D72E7E25B0A5BCCBA21F4DB8D4F4\VX1000.sys
+ 2010-03-12 10:15 . 2010-03-12 16:41 1961328 c:\windows\system32\drivers\VX3000.sys
+ 2004-08-19 12:00 . 2010-04-06 02:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-16 08:26 . 2010-05-02 08:06 1851264 c:\windows\system32\dllcache\win32k.sys
- 2004-08-19 12:00 . 2010-02-25 06:16 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-19 12:00 . 2010-05-06 10:32 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:10 . 2010-02-05 18:25 1296896 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:10 . 2009-11-27 17:12 1296896 c:\windows\system32\dllcache\quartz.dll
+ 2009-08-12 07:23 . 2010-01-29 14:59 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-08-12 07:23 . 2009-07-10 13:26 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-19 12:00 . 2010-05-06 10:32 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2008-09-08 10:30 . 2010-05-06 10:32 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2008-09-08 10:30 . 2010-02-25 06:16 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-07 21:48 . 2010-04-07 21:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 02:59 . 2008-11-25 02:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 03:32 . 2010-03-23 03:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2010-05-03 14:27 . 2010-05-03 14:27 6825472 c:\windows\Installer\cb75e0.msp
+ 2010-05-03 14:11 . 2010-05-03 14:11 4149760 c:\windows\Installer\cb75c1.msp
+ 2010-05-04 20:25 . 2010-05-04 20:25 7681024 c:\windows\Installer\cb75ab.msp
+ 2010-05-10 15:17 . 2010-05-10 15:17 5520896 c:\windows\Installer\cb7595.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 2607104 c:\windows\Installer\a9a266.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 4210688 c:\windows\Installer\a9a265.msp
+ 2010-04-24 15:10 . 2010-04-24 15:10 8486400 c:\windows\Installer\a9a24c.msp
+ 2010-05-03 14:06 . 2010-05-03 14:06 5053952 c:\windows\Installer\a9a243.msp
+ 2010-03-30 10:34 . 2010-03-30 10:34 3826688 c:\windows\Installer\a9a219.msp
+ 2009-10-16 16:07 . 2009-10-16 16:07 6115328 c:\windows\Installer\317f8ed.msp
+ 2010-04-21 15:46 . 2010-04-21 15:46 5522432 c:\windows\Installer\317f8d8.msp
+ 2010-01-11 14:35 . 2010-01-11 14:35 4480000 c:\windows\Installer\317f8c3.msp
+ 2010-06-11 08:36 . 2010-02-25 06:16 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-11 08:36 . 2010-02-25 06:16 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-11 08:36 . 2010-02-25 06:16 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-05-19 11:21 . 2010-05-19 11:21 9119744 c:\windows\Downloaded Installations\{E03ED1B9-D31F-45DA-9AFE-37FE4F66818C}\Trust WB-3400T Webcam .msi
+ 2010-05-19 10:56 . 2010-05-19 11:08 9002496 c:\windows\Downloaded Installations\{DBCF2F52-0F1D-4B7E-B44B-614EB4584E11}\Trust WB-1400T Webcam.msi
+ 2010-03-08 22:02 . 2010-05-19 10:30 5919744 c:\windows\Downloaded Installations\{523D1AB7-1C5C-4699-A2EC-3D62EBBE1C5D}\Trust WB-1400T Webcam.msi
- 2010-03-08 22:02 . 2010-03-08 22:02 5919744 c:\windows\Downloaded Installations\{523D1AB7-1C5C-4699-A2EC-3D62EBBE1C5D}\Trust WB-1400T Webcam.msi
+ 2010-06-11 08:25 . 2010-06-11 08:25 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-11 08:31 . 2010-06-11 08:31 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-11 08:24 . 2010-06-11 08:24 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-11 08:31 . 2010-06-11 08:31 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-11 10:09 . 2010-06-11 10:09 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-11 10:09 . 2010-06-11 10:09 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-11 10:09 . 2010-06-11 10:09 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-11 10:09 . 2010-06-11 10:09 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-11 08:45 . 2010-06-11 08:45 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-11 10:09 . 2010-06-11 10:09 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-11 10:09 . 2010-06-11 10:09 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-11 08:30 . 2010-06-11 08:30 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-11 10:08 . 2010-06-11 10:08 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-11 08:33 . 2010-06-11 08:33 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-11 08:30 . 2010-06-11 08:30 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-11 08:33 . 2010-06-11 08:33 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-11 08:29 . 2010-06-11 08:29 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-11 08:45 . 2010-06-11 08:45 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-11 08:40 . 2010-06-11 08:40 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-11 08:28 . 2010-06-11 08:28 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-11 08:39 . 2010-06-11 08:39 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-11 09:20 . 2010-06-11 09:20 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-11 08:28 . 2010-06-11 08:28 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-11 09:20 . 2010-06-11 09:20 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-11 08:28 . 2010-06-11 08:28 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-11 08:28 . 2010-06-11 08:28 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-11 08:27 . 2010-06-11 08:28 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-11 08:24 . 2010-06-11 08:24 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 3152384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\a28e232a40e060a7bc93b771aa63974a\Microsoft.Windows.Design.Markup.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 2855424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6a4843f089d5fa2bc1c99f2d6749e1a7\Microsoft.Windows.Design.Developer.ni.dll
+ 2010-06-11 08:50 . 2010-06-11 08:50 2383360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e56be6c9d9a709c552beb85ba9fd0cd3\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.ni.dll
+ 2010-06-11 08:49 . 2010-06-11 08:49 1873920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cc6ef7803f17d585ae9409520c14bb29\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2010-06-11 08:49 . 2010-06-11 08:49 1515008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\57b4974d90892019ad4684002bb71aae\Microsoft.VisualStudio.Modeling.Sdk.ni.dll
+ 2010-06-11 08:49 . 2010-06-11 08:49 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-11 08:36 . 2010-06-11 08:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-11 09:46 . 2010-06-11 09:46 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-11 08:47 . 2010-06-11 08:47 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-11 08:47 . 2010-06-11 08:47 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-11 08:46 . 2010-06-11 08:46 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-11 08:21 . 2010-06-11 08:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-14 22:00 . 2009-10-14 22:00 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-11 08:24 . 2010-06-11 08:24 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-11 08:19 . 2010-06-11 08:19 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-11 08:20 . 2010-06-11 08:20 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-14 21:59 . 2009-10-14 21:59 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-05-12 20:46 . 2009-07-10 13:26 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-01-29 14:54 . 2010-01-29 14:54 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2008-01-17 21:29 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2007-08-13 16:54 . 2010-05-06 10:32 11076096 c:\windows\system32\ieframe.dll
+ 2008-09-08 10:30 . 2010-05-06 10:32 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-05-11 09:30 . 2010-05-11 09:30 11194880 c:\windows\Installer\cb75f6.msp
+ 2010-04-24 15:09 . 2010-04-24 15:09 11750912 c:\windows\Installer\cb75ca.msp
+ 2010-04-11 20:17 . 2010-04-11 20:17 14599680 c:\windows\Installer\a9a275.msp
+ 2010-04-15 19:34 . 2010-04-15 19:34 17510912 c:\windows\Installer\a9a22d.msp
+ 2010-06-11 08:36 . 2010-02-25 09:46 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-11 08:30 . 2010-06-11 08:30 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-11 08:44 . 2010-06-11 08:44 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-11 08:35 . 2010-06-11 08:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-11 08:29 . 2010-06-11 08:29 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-11 08:27 . 2010-06-11 08:27 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-11 08:26 . 2010-06-11 08:26 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-18 5562368]
"nwiz"="nwiz.exe" [2005-05-18 1495040]
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-05-15 185896]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"SoundMan"="SOUNDMAN.EXE" [2005-05-03 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 2805248]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ConnMonitor"="c:\programmi\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-03-10 16:43 688218 -c--a-w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-03-10 16:44 98394 -c--a-w- c:\programmi\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-05-15 10:28 185896 ----a-w- c:\programmi\File comuni\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2001-04-30 20:57 10752 -c--a-w- c:\programmi\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\art-lantis 4.5\\Art-lantis.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/03/2008 9.56.42 12424]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/03/2008 9.56.40 75272]
R3 CIR;Hid Device;c:\windows\system32\drivers\CIR.sys [20/05/2005 9.01.20 5120]
R3 kbd;Keyboard;c:\windows\system32\drivers\kbd.sys [20/05/2005 9.31.12 21504]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [05/01/2005 2.48.42 226768]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/03/2008 9.53.40 22528]
S3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\drivers\pmx3gmdm.sys [13/05/2010 16.44.36 103552]
S3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\drivers\pmx3gnet.sys [13/05/2010 16.45.02 117120]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVIPBB
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
2010-06-15 c:\windows\Tasks\User_Feed_Synchronization-{C2E02079-801F-478B-AA25-291E05B4BAEA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.michelepalamara.it/uSearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearchAssistant =
hxxp://www.google.comIE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {0C5F37CF-C043-4D5F-AB56-D0FE58E124C6} = 85.37.17.50 85.38.28.76
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\6pc9wcar.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js: browser.startup.homepage -
hxxp://search.babylon.com/home/?ai=13054FF - prefs.js: keyword.URL -
hxxp://www.bing.com/search?FORM=IEFM1&q=FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - component: c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\6pc9wcar.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}\components\susfox3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-15 13:56
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(228)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-06-15 14:01:58
ComboFix-quarantined-files.txt 2010-06-15 12:01
ComboFix2.txt 2010-06-13 20:14
ComboFix3.txt 2010-05-01 19:21
ComboFix4.txt 2010-04-24 17:09
ComboFix5.txt 2010-06-15 11:43
Pre-Run: 3.433.566.208 byte disponibili
Post-Run: 3.453.112.320 byte disponibili
- - End Of File - - 70399B137C09386C296B86C5402241DF