Spyware removal help please!

Unknown

I would greatly appreciate some help with my spyware/trojan problem!

A spyware infection occurred a few days ago on my XP machine: ads popping up, software installing, etc. I unplugged the Ethernet cable and ran various spyware removal tools.

Now Ad-Aware, Spybot S&D, and WebRoot SpySweeper report my system being clean. Via HijackThis, I also found a nefarious Desktop Component called xuwue.html and deleted it. However, the system is still infected: periodically, the "No connection to the Internet is currently available... Do you want to Work Offline or Try Again" window appears, indicating that something is trying to access the net.

Just now, as I was trying to guess whether some of the processes listed by HijackThis are legit (I don't think they are), IE suddenly went crazy trying open hundreds of webpages (it couldn't, since the Ethernet is unplugged).

FWIW When I do plug it in, e.g., to try the Panda spyware search, the first piece of spyware that appears to arrive (found by several of the detectors) is "virtumonde" plus a bunch of tracking cookies. (Regarding that nwiz.exe process: I do have an NVidia graphics card, but the path for it is C:\NVIDIA).

Can anyone help? My HijackThis log is below.

Many thanks in advance!
Aaron

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:34 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [1cf6857c] "rundll32.exe" "C:\WINDOWS\system32\enbmlply.dll",b
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152820683875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9413 bytes

jpshortstuff

Hi, and Welcome to Icrontic

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

As I am still training, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.

jpshortstuff

jpshortstuff

Hi superbacana


We need to disable Webroot SpySweeper as it may interfere with our fixes.

To disable SpySweeper Shields

• Open SpySweeper.
• Click Shield Settings on the right
  (or Shields on the left, depending what screen you're on).
• Click Internet Explorer and uncheck all items.
• Click Windows System and uncheck all items.
• Click Hosts File and uncheck all items.
• Click Startup Programs and uncheck all items.
• Close SpySweeper. After all of the fixes are complete it is very important that you enable Real-time Protection again.

Next, please rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to scanner.exe.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.



Download ComboFix by sUBs from here or here

**Save it to your desktop**

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Thanks,

jpshortstuff

superbacana

Done. Here's the ComboFix log. Looks like it uncovered more sketchy stuff. The new HijackThis log will be in the next response.

ComboFix 07-12-12.3 - hertzman 2007-12-12 21:19:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2613 [GMT -5:00]
Running from: C:\Documents and Settings\hertzman\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\hertzman\ResErrors.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\efcbcyv.dll
C:\WINDOWS\system32\enbmlply.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\jesmvqya.dll
C:\WINDOWS\system32\nnnoppn.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\ylplmbne.ini
C:\WINDOWS\system32\yybeg.ini
C:\WINDOWS\system32\yybeg.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

---

\LEGACY_FMTR


((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-10 00:33 . 2007-12-10 00:42 <DIR> d

---

C:\WINDOWS\system32\ActiveScan
2007-12-10 00:33 . 2007-12-10 00:33 30,590 --a

---

C:\WINDOWS\system32\pavas.ico
2007-12-10 00:33 . 2007-12-10 00:33 2,550 --a

---

C:\WINDOWS\system32\Uninstall.ico
2007-12-10 00:33 . 2007-12-10 00:33 1,406 --a

---

C:\WINDOWS\system32\Help.ico
2007-12-10 00:03 . 2007-12-10 00:03 <DIR> d

---

C:\Program Files\Trend Micro
2007-12-09 04:19 . 2007-12-09 04:19 164 --a

---

C:\install.dat
2007-12-09 02:23 . 2007-12-09 02:23 <DIR> d

---

C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Program Files\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Documents and Settings\hertzman\Application Data\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-09 02:21 . 2007-10-01 16:40 1,526,072 --a

---

C:\WINDOWS\WRSetup.dll
2007-12-09 02:21 . 2007-10-01 16:24 163,640 --a

---

C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-09 02:21 . 2007-10-01 16:24 23,864 --a

---

C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-09 02:21 . 2007-10-01 16:24 21,816 --a

---

C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-09 02:21 . 2007-10-01 16:24 20,280 --a

---

C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-09 01:00 . 2007-12-10 19:21 0 --a

---

C:\WINDOWS\system32\mcrh.tmp
2007-12-07 22:37 . 2007-12-07 22:37 <DIR> d

---

C:\Documents and Settings\hertzman\Application Data\SpyGuardPro
2007-12-07 22:37 . 2001-03-08 18:30 24,064 --a

---

C:\WINDOWS\system32\msxml3a.dll
2007-12-07 22:34 . 2007-12-07 22:34 <DIR> d

---

C:\WINDOWS\system32\tdm2
2007-12-07 22:34 . 2007-12-08 00:21 <DIR> d

---

C:\WINDOWS\system32\pi3
2007-12-07 22:34 . 2007-12-07 22:34 <DIR> d

---

C:\WINDOWS\system32\eu1
2007-12-07 22:34 . 2007-12-07 22:34 <DIR> d

---

C:\WINDOWS\system32\daSgo01
2007-12-07 22:34 . 2007-12-12 21:23 <DIR> d

---

C:\Temp
2007-12-07 22:34 . 2007-12-07 22:34 35,840 --a

---

C:\WINDOWS\mrofinu572.exe.tmp
2007-12-07 21:05 . 2007-12-07 21:09 <DIR> d

---

C:\Program Files\Fold It!
2007-12-07 20:43 . 2007-12-07 20:43 <DIR> d--h

---

C:\WINDOWS\system32\GroupPolicy
2007-11-24 12:41 . 2007-11-24 12:41 <DIR> d

---

C:\Program Files\New York Times

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 02:26

---

d

---

w C:\Program Files\Steam
2007-11-15 23:37

---

d

---

w C:\Program Files\mIRC
2007-11-08 01:22

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 01:22

---

d

---

w C:\Program Files\Activision
2007-10-30 01:06

---

d

---

w C:\Program Files\Electronic Arts
2006-09-05 23:42 56 --sh--r C:\WINDOWS\system32\FD80301DD4.sys
2006-09-05 23:42 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFE0A244-51BD-4C7A-5086-6331AEA92E8B}]
C:\Program Files\Common Files\tena.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-12-07 01:38]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 15:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 22:00 C:\WINDOWS\stsystra.exe]
"Popup"="C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2006-04-20 16:56]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:33]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-08-19 08:14:44]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54]

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

.
Contents of the 'Scheduled Tasks' folder
"2007-11-04 00:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-10 07:00:05 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 21:26:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 21:27:44 - machine was rebooted
.
2007-11-14 07:23:12 --- E O F ---

superbacana

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:45 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 0 - {FFE0A244-51BD-4C7A-5086-6331AEA92E8B} - C:\Program Files\Common Files\tena.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152820683875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10048 bytes

superbacana

Hmm, there are some spurious spaces appearing in the posted logs, e.g.:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseSVN]


Those spaces are *not* in the log files; it seems to be appearing when I cut-and-paste into the text field. (Maybe because the fonts are different; I'm copying the logs to my MacBook and posting there).

jpshortstuff

Hi

Please click Start >> Control Panel >> Add or Remove Programs.
Look down the resulting list, and if you see this item:
SpyGuardPro
Click Remove. If not, don't worry.



1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\mrofinu572.exe.tmp
C:\Program Files\Common Files\tena.dll

Folder::
C:\Documents and Settings\hertzman\Application Data\SpyGuardPro
C:\WINDOWS\system32\tdm2
C:\WINDOWS\system32\pi3
C:\WINDOWS\system32\eu1
C:\WINDOWS\system32\daSgo01
C:\Temp

DirLook::
C:\Program Files\Fold It!
C:\WINDOWS\system32\GroupPolicy
C:\Program Files\New York Times

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFE0A244-51BD-4C7A-5086-6331AEA92E8B}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post Combofix.txt



Please do an online scan with Kaspersky WebScanner

Follow this link in Internet Explorer (Note: You must use Internet explorer to use Kaspersky): Kaspersky WebScanner

You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  o Scan Options:
  Scan Archives Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• The program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  o Now click on the Save as Text button:
• Save the file to your desktop.

Please post the results of the Kaspersky scan in your next reply, along with a fresh HijackThis log.

Also, describe how your computer is running at the moment.

Thanks,

jpshortstuff

superbacana

Thanks; I'll do this when I get home tonight. I want to mention, though, that Fold It! and New York Times are both programs that I installed myself within the last month.

jpshortstuff

Ok, thanks for the info

We're not deleting them with that script, just taking a look inside them, but cheers for the info. Was a bit suspicious as I couldn't find much on those folder names.

superbacana

In case you're interested: "New York Times" is the New York
Times Reader.

"Fold It!" is a protein-folding program written by some of my colleagues.

superbacana

Oh, and SpyGuardPro was the first thing that started installing (visibly) when the infestation began. So I guess I should delete that Application Data folder too.

Here's the result of ComboFix, part 1 (the whole thing is too long for a single post). Kaspersky is now installing.


ComboFix 07-12-12.3 - hertzman 2007-12-13 19:32:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2568 [GMT -5:00]
Running from: C:\Documents and Settings\hertzman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\hertzman\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Common Files\tena.dll
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\mcrh.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\hertzman\Application Data\SpyGuardPro
C:\Documents and Settings\hertzman\Application Data\SpyGuardPro\avtasks.dat
C:\Documents and Settings\hertzman\Application Data\SpyGuardPro\Logs\av.log
C:\Documents and Settings\hertzman\Application Data\SpyGuardPro\Logs\ga6Support.log
C:\Temp
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\daSgo01
C:\WINDOWS\system32\daSgo01\daSgo011065.exe
C:\WINDOWS\system32\eu1
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pi3
C:\WINDOWS\system32\tdm2
C:\WINDOWS\system32\tdm2\viodrivr3.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-10 00:33 . 2007-12-10 00:42 <DIR> d

---

C:\WINDOWS\system32\ActiveScan
2007-12-10 00:33 . 2007-12-10 00:33 30,590 --a

---

C:\WINDOWS\system32\pavas.ico
2007-12-10 00:33 . 2007-12-10 00:33 2,550 --a

---

C:\WINDOWS\system32\Uninstall.ico
2007-12-10 00:33 . 2007-12-10 00:33 1,406 --a

---

C:\WINDOWS\system32\Help.ico
2007-12-10 00:03 . 2007-12-10 00:03 <DIR> d

---

C:\Program Files\Trend Micro
2007-12-09 04:19 . 2007-12-09 04:19 164 --a

---

C:\install.dat
2007-12-09 02:23 . 2007-12-09 02:23 <DIR> d

---

C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Program Files\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Documents and Settings\hertzman\Application Data\Webroot
2007-12-09 02:21 . 2007-12-09 02:21 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-09 02:21 . 2007-10-01 16:40 1,526,072 --a

---

C:\WINDOWS\WRSetup.dll
2007-12-09 02:21 . 2007-10-01 16:24 163,640 --a

---

C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-09 02:21 . 2007-10-01 16:24 23,864 --a

---

C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-09 02:21 . 2007-10-01 16:24 21,816 --a

---

C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-09 02:21 . 2007-10-01 16:24 20,280 --a

---

C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-07 22:37 . 2001-03-08 18:30 24,064 --a

---

C:\WINDOWS\system32\msxml3a.dll
2007-12-07 21:05 . 2007-12-07 21:09 <DIR> d

---

C:\Program Files\Fold It!
2007-12-07 20:43 . 2007-12-07 20:43 <DIR> d--h

---

C:\WINDOWS\system32\GroupPolicy
2007-11-24 12:41 . 2007-11-24 12:41 <DIR> d

---

C:\Program Files\New York Times

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 00:31

---

d

---

w C:\Program Files\Steam
2007-11-15 23:37

---

d

---

w C:\Program Files\mIRC
2007-11-08 01:22

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 01:22

---

d

---

w C:\Program Files\Activision
2007-10-30 01:06

---

d

---

w C:\Program Files\Electronic Arts
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-09-17 06:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-09-17 06:10 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2 007-09-17 05:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-09-17 05:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 05:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2006-09-05 23:42 56 --sh--r C:\WINDOWS\system32\FD80301DD4.sys
2006-09-05 23:42 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

superbacana

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Fold It! ----

2007-12-08 21:11 98763 --a

---

C:\Program Files\Fold It!\0000028499.pdb
2007-12-08 21:11 65564 --a

---

C:\Program Files\Fold It!\0000028641.pdb
2007-12-08 21:11 502 --a

---

C:\Program Files\Fold It!\0000028641.ir_puzzle
2007-12-08 21:11 39245 --a

---

C:\Program Files\Fold It!\stdout.txt
2007-12-08 21:11 321 --a

---

C:\Program Files\Fold It!\0000028500.ir_puzzle
2007-12-08 21:11 304 --a

---

C:\Program Files\Fold It!\0000028499.ir_puzzle
2007-12-08 21:11 231 --a

---

C:\Program Files\Fold It!\stderr.txt
2007-12-08 21:11 121 --a

---

C:\Program Files\Fold It!\0000002959.ir_user
2007-12-08 21:11 110580 --a

---

C:\Program Files\Fold It!\0000028500.pdb
2007-12-07 21:09 32 --a

---

C:\Program Files\Fold It!\version-resources.txt
2007-12-07 21:09 32 --a

---

C:\Program Files\Fold It!\version-database.txt
2007-12-07 21:09 32 --a

---

C:\Program Files\Fold It!\version-binary.txt
2007-12-07 21:09 31632988 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\bbdep02.May.sortlib.bin
2007-12-07 21:05 0 --a

---

C:\Program Files\Fold It!\inital_run
2007-12-04 14:41 4190208 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\game_library.dll
2007-12-03 15:43 9860 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\env_log.txt
2007-12-03 15:43 984960 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\Paa_pp
2007-12-03 15:43 984960 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\P_AA_pp
2007-12-03 15:43 89 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\docking_cen.wts_patch
2007-12-03 15:43 888 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types.txt
2007-12-03 15:43 868 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\patches\CtermProteinFull.txt
2007-12-03 15:43 842 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types.txt
2007-12-03 15:43 842 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types.txt
2007-12-03 15:43 8320 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\VQ-DNA-128.rotlib
2007-12-03 15:43 826 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\patches\CtermProteinFull.txt
2007-12-03 15:43 826 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\patches\CtermProteinFull.txt
2007-12-03 15:43 81 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\interchain_cen.wts
2007-12-03 15:43 8083430 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\etable.twobead.lj.dat
2007-12-03 15:43 8083430 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\etable.twobead.dlj.dat
2007-12-03 15:43 76 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\atom_type_sets\fa_standard\extras.txt
2007-12-03 15:43 756 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_list.txt
2007-12-03 15:43 659 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\patches\NtermProtein.txt
2007-12-03 15:43 649 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\patches\protein_cutpoint_upper.txt
2007-12-03 15:43 643 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types.txt
2007-12-03 15:43 64 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\score4L.wts_patch
2007-12-03 15:43 632 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\patches\protein_cutpoint_lower.txt
2007-12-03 15:43 632 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\patches\protein_cutpoint_lower.txt
2007-12-03 15:43 6272 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\Paa_n
2007-12-03 15:43 626 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\patches\protein_cutpoint_upper.txt
2007-12-03 15:43 62208 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\phi.theta.36.HS.resmooth
2007-12-03 15:43 60 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\patches.txt
2007-12-03 15:43 60 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\patches.txt
2007-12-03 15:43 574 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\rsd_list.txt
2007-12-03 15:43 57 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\score12.wts_patch
2007-12-03 15:43 550 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\patches\CtermProtein.txt
2007-12-03 15:43 5057 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\interchain_pair_log.txt
2007-12-03 15:43 50417532 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\bbdep02.May.sortlib
2007-12-03 15:43 4760 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\P_AA_n
2007-12-03 15:43 476 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\score13.wts
2007-12-03 15:43 454 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\dna.wts
2007-12-03 15:43 4438 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\atom_type_sets\fa_standard\atom_properties.txt
2007-12-03 15:43 4354560 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\Rama_smooth_dyn.dat_ss_6.4
2007-12-03 15:43 431 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\standard.wts
2007-12-03 15:43 4288 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\GUA.params
2007-12-03 15:43 4266 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\GUA.params
2007-12-03 15:43 4266 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\GUA.params
2007-12-03 15:43 426 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\VRT.params
2007-12-03 15:43 426 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\VRT.params
2007-12-03 15:43 426 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\VRT.params
2007-12-03 15:43 4175 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\ADE.params
2007-12-03 15:43 417 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\smooth_etable.wts
2007-12-03 15:43 4161 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\THY.params
2007-12-03 15:43 4160 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\VQ-DNA-64.rotlib
2007-12-03 15:43 4153 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\ADE.params
2007-12-03 15:43 4153 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\ADE.params
2007-12-03 15:43 41472 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\phi.theta.36.SS.resmooth
2007-12-03 15:43 4139 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\THY.params
2007-12-03 15:43 4139 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\THY.params
2007-12-03 15:43 413 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\soft_rep_design.wts
2007-12-03 15:43 406 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\dna_no_gb.wts
2007-12-03 15:43 396 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\soft_rep.wts
2007-12-03 15:43 3931 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\CYT.params
2007-12-03 15:43 392 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\allfold_soft_rep.wts
2007-12-03 15:43 3909 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\CYT.params
2007-12-03 15:43 3909 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\CYT.params
2007-12-03 15:43 388 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\beta_soft_rep.wts
2007-12-03 15:43 385 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\ligand_soft_rep.wts
2007-12-03 15:43 384 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\soft_rep_gen_born.wts
2007-12-03 15:43 382 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\ligand_soft_rep_gen_born.wts
2007-12-03 15:43 364 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\Paa
2007-12-03 15:43 361 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\small_radii.wts
2007-12-03 15:43 361 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\gen_born.wts
2007-12-03 15:43 361 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\patches\LowerDNA.txt
2007-12-03 15:43 35786 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\dna_bs_bp.dat
2007-12-03 15:43 3562 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\cenpack_log.txt
2007-12-03 15:43 356 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\interface.wts
2007-12-03 15:43 356 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\ddg_monomer.wts
2007-12-03 15:43 35 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\cen_std.wts
2007-12-03 15:43 347 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\ligand.wts
2007-12-03 15:43 341 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\ligand_gen_born.wts
2007-12-03 15:43 3356 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\ARG.params
2007-12-03 15:43 3351 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\TRP.params
2007-12-03 15:43 3129 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\LYS.params
2007-12-03 15:43 3045 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\TYR.params
2007-12-03 15:43 2980 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\atom_type_sets\coarse_two_bead\atom_properties.txt
2007-12-03 15:43 2870 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\PHE.params
2007-12-03 15:43 285 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\opte.wts
2007-12-03 15:43 280000 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\pdbpairstats_fine
2007-12-03 15:43 280000 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\pdb_pair_stats_fine
2007-12-03 15:43 280 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\P_AA
2007-12-03 15:43 2689 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\ILE.params
2007-12-03 15:43 2688 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\LEU.params
2007-12-03 15:43 2582 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\patches\NtermProteinFull.txt
2007-12-03 15:43 25600 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\pair_log.txt
2007-12-03 15:43 255 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\scoring\weights\docking.wts_patch
2007-12-03 15:43 2545 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\patches\NtermProteinFull.txt
2007-12-03 15:43 2545 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\patches\NtermProteinFull.txt
2007-12-03 15:43 2521 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\GLN.params
2007-12-03 15:43 2508 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\MET.params
2007-12-03 15:43 2507 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\HIS.params
2007-12-03 15:43 2487 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\HIS_D.params
2007-12-03 15:43 242179 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\mm_atom_type_sets\fa_standard\par_all27_prot_na.prm
2007-12-03 15:43 2409 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\atom_type_sets\fa_standard\extras\gen_born_params.txt
2007-12-03 15:43 2326 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\VAL.params
2007-12-03 15:43 2309 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\GLU.params
2007-12-03 15:43 228 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\VRT1.params
2007-12-03 15:43 2150 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\THR.params
2007-12-03 15:43 2115 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\PRO.params
2007-12-03 15:43 2112 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\ASN.params
2007-12-03 15:43 19868 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\resolve_etable.twobead.txt
2007-12-03 15:43 194 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\patches\UpperDNA.txt
2007-12-03 15:43 1896 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\ASP.params
2007-12-03 15:43 1813 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\CYD.params
2007-12-03 15:43 1799 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\SER.params
2007-12-03 15:43 1749 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\atom_type_sets\centroid\atom_properties.txt
2007-12-03 15:43 1731 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\CYS.params
2007-12-03 15:43 171 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\patches.txt
2007-12-03 15:43 171 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\patches.txt
2007-12-03 15:43 1672 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\VAL.params
2007-12-03 15:43 16640 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\VQ-DNA-256.rotlib
2007-12-03 15:43 1581 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\ALA.params
2007-12-03 15:43 1441 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\GLU.params
2007-12-03 15:43 1441 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\GLU.params
2007-12-03 15:43 1427 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\ARG.params
2007-12-03 15:43 1427 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\ARG.params
2007-12-03 15:43 1424 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\LYS.params
2007-12-03 15:43 1424 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\LYS.params
2007-12-03 15:43 1421 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\PHE.params
2007-12-03 15:43 1421 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\PHE.params
2007-12-03 15:43 1418 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\HIS.params
2007-12-03 15:43 1418 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\HIS.params
2007-12-03 15:43 1416 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\TRP.params
2007-12-03 15:43 1416 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\TRP.params
2007-12-03 15:43 1415 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\GLN.params
2007-12-03 15:43 1415 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\GLN.params
2007-12-03 15:43 1414 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\TYR.params
2007-12-03 15:43 1414 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\TYR.params
2007-12-03 15:43 1412 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\MET.params
2007-12-03 15:43 1412 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\MET.params
2007-12-03 15:43 1401 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\HIS_D.params
2007-12-03 15:43 1401 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\ASP.params
2007-12-03 15:43 1401 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\HIS_D.params
2007-12-03 15:43 1401 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\ASP.params
2007-12-03 15:43 1391 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\CYS.params
2007-12-03 15:43 1391 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\CYS.params
2007-12-03 15:43 1388 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\ARG.params
2007-12-03 15:43 1387 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\SER.params
2007-12-03 15:43 1387 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\SER.params
2007-12-03 15:43 1386 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\VAL.params
2007-12-03 15:43 1386 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\VAL.params
2007-12-03 15:43 1384 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\THR.params
2007-12-03 15:43 1384 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\THR.params
2007-12-03 15:43 1383 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\TYR.params
2007-12-03 15:43 1383 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\TRP.params
2007-12-03 15:43 1380 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\ASN.params
2007-12-03 15:43 1380 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\ASN.params
2007-12-03 15:43 1375 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\LEU.params
2007-12-03 15:43 1375 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\LEU.params
2007-12-03 15:43 1371 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\ILE.params
2007-12-03 15:43 1371 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\ILE.params
2007-12-03 15:43 13613 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\SASA-angles.dat
2007-12-03 15:43 1340 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\interchain_env_log.txt
2007-12-03 15:43 131 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\mm_atom_type_sets\fa_standard\mm_atom_properties.txt
2007-12-03 15:43 1305 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\LYS.params
2007-12-03 15:43 1305 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\GLU.params
2007-12-03 15:43 1305 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\ASP.params
2007-12-03 15:43 1300 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\PHE.params
2007-12-03 15:43 1297 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\HIS.params
2007-12-03 15:43 1297 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\GLN.params
2007-12-03 15:43 1297 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\ASN.params
2007-12-03 15:43 1296 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\THR.params
2007-12-03 15:43 1296 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\SER.params
2007-12-03 15:43 1291 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\MET.params
2007-12-03 15:43 1291 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\LEU.params
2007-12-03 15:43 1291 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\ILE.params
2007-12-03 15:43 1291 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\CYS.params
2007-12-03 15:43 1291 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\ALA.params
2007-12-03 15:43 1261 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\GLY.params
2007-12-03 15:43 1261 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\GLY.params
2007-12-03 15:43 1261 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\GLY.params
2007-12-03 15:43 1256 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\fa_standard\residue_types\GB_AA_PLACEHOLDER.params
2007-12-03 15:43 1232 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\atom_type_sets\fa_standard\extras\soft_rep_params.txt
2007-12-03 15:43 1230 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\ALA.params
2007-12-03 15:43 1230 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\ALA.params
2007-12-03 15:43 120 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\patches.txt
2007-12-03 15:43 1175 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\PRO.params
2007-12-03 15:43 1175 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\centroid\residue_types\GLY.params
2007-12-03 15:43 1131 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\coarse_rsd_params\residue_types\PRO.params
2007-12-03 15:43 1131 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\residue_type_sets\coarse_two_bead\residue_types\PRO.params
2007-12-03 15:43 1107 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\cbeta_den.txt
2007-12-03 15:43 108889 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\mm_atom_type_sets\fa_standard\top_all27_prot_na.rtf
2007-12-03 15:43 1074560 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\SASA-masks.dat
2007-12-03 15:43 10435 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\mm_atom_type_sets\fa_standard\mm_torsion_params.txt
2007-12-03 15:43 1018 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\chemical\atom_type_sets\fa_standard\extras\sasa_radii.txt
2007-12-03 15:42 7682 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\atom_vdw.txt
2007-12-03 15:42 2980 --a

---

C:\Program Files\Fold It!\cmp-database-1eb79969ec7fb9be491d9edec4fe20e5\minirosetta_database\atom_properties_coarse.txt
2007-12-03 15:40 949 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\face-glasses.png
2007-12-03 15:40 937 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\applications-accessories.png
2007-12-03 15:40 935 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\system-search.png
2007-12-03 15:40 932 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\help-browser.png
2007-12-03 15:40 929 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\emblem-readonly-unlocked.png
2007-12-03 15:40 919 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\face-smile.png
2007-12-03 15:40 903 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\emblem-readonly.png
2007-12-03 15:40 8759 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\9901_pidgin_rowacid3_short.ogg
2007-12-03 15:40 82 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\readme.txt
2007-12-03 15:40 81813 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial6\S_00001_0001193_0.remove_h.pdb
2007-12-03 15:40 80793 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial6\S_00001_0001193_0.pdb
2007-12-03 15:40 807 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\edit-cut.png
2007-12-03 15:40 80270 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial4\splash.png
2007-12-03 15:40 79852 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\camera_rotate.ogg
2007-12-03 15:40 7958 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\rotamer_land_05.ogg
2007-12-03 15:40 7949 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\rotamer_land_00.ogg
2007-12-03 15:40 7947 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\rotamer_land_02.ogg
2007-12-03 15:40 7923 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\rotamer_land_04.ogg
2007-12-03 15:40 7923 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\rotamer_land_01.ogg
2007-12-03 15:40 76518 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\camera_click_translate.ogg
2007-12-03 15:40 76432 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial5\start-chopped.pdb
2007-12-03 15:40 76432 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial4\start-chopped.pdb
2007-12-03 15:40 76147 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\camera_zoom.ogg
2007-12-03 15:40 7608 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\rotamer_land_03.ogg
2007-12-03 15:40 75 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\sounds.txt
2007-12-03 15:40 74319 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial5\splash.png
2007-12-03 15:40 71635 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_disappear_01.ogg
2007-12-03 15:40 71368 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_disappear_03.ogg
2007-12-03 15:40 701 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\camera-video.png
2007-12-03 15:40 682 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\weather-clear.png
2007-12-03 15:40 67488 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\camera_click_zoom.ogg
2007-12-03 15:40 66293 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\camera_translate.ogg
2007-12-03 15:40 65932 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\fonts\Vera.ttf
2007-12-03 15:40 650 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\edit-undo.png
2007-12-03 15:40 64013 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_disappear_04.ogg
2007-12-03 15:40 61797 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_appear_00.ogg
2007-12-03 15:40 6121 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\VoidSphere32.png
2007-12-03 15:40 611 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\preferences-system.png
2007-12-03 15:40 56353 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_appear_01.ogg
2007-12-03 15:40 5630 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\transform-rotate.png
2007-12-03 15:40 5380 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\transform-scale.png
2007-12-03 15:40 5297 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\NoVoid.png
2007-12-03 15:40 5226 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\CPK.png
2007-12-03 15:40 518 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\emblem-unreadable.png
2007-12-03 15:40 50998 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_appear_02.ogg
2007-12-03 15:40 48845 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_disappear_02.ogg
2007-12-03 15:40 4807 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\HBond32.png
2007-12-03 15:40 47929 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\rotamer_done.ogg
2007-12-03 15:40 47929 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\camera_done.ogg
2007-12-03 15:40 4731 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\transform-move.png
2007-12-03 15:40 443 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\computer.png
2007-12-03 15:40 430 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\16x16\emblem-readonly.png
2007-12-03 15:40 422628 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\wiggle_tool_01.ogg
2007-12-03 15:40 408539 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\wiggle_tool_02.ogg
2007-12-03 15:40 40570 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\void_pop_00.ogg
2007-12-03 15:40 39879 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial5\hint.graffle
2007-12-03 15:40 39453 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial4\hint.graffle
2007-12-03 15:40 38984 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\void_pop_01.ogg
2007-12-03 15:40 3623 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\big\rosetta.png
2007-12-03 15:40 35777 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\void_pop_02.ogg
2007-12-03 15:40 353533 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\wiggle_tool_04.ogg
2007-12-03 15:40 343115 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\wiggle_tool_05.ogg
2007-12-03 15:40 33503 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\clash_disappear_00.ogg
2007-12-03 15:40 33275 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\void_pop_03.ogg
2007-12-03 15:40 32284 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\fonts\Fontin-Regular.ttf
2007-12-03 15:40 31423 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\9901_pidgin_rowacid3.ogg
2007-12-03 15:40 30916 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\fonts\Fontin-Bold.ttf
2007-12-03 15:40 30430 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\void_appear_00.ogg
2007-12-03 15:40 30260 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\void_pop_04.ogg
2007-12-03 15:40 29864 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\fonts\Fontin-Italic.ttf
2007-12-03 15:40 29816 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\fonts\Fontin-SmallCaps.ttf
2007-12-03 15:40 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial5\saved_pose.dat
2007-12-03 15:40 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial4\saved_pose.dat
2007-12-03 15:40 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial3\pose4.dat
2007-12-03 15:40 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial3\pose3.dat
2007-12-03 15:40 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial3\pose2.dat
2007-12-03 15:40 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial3\pose1.dat
2007-12-03 15:40 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial3\pose0.dat

superbacana

2007-12-03 15:40 295407 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\intro_welcome.ogg
2007-12-03 15:40 28303 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial4\splash.graffle
2007-12-03 15:40 27954 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial5\splash.graffle
2007-12-03 15:40 2353 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\shake-all.png
2007-12-03 15:40 23000 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\big\loading.png
2007-12-03 15:40 2292 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\wiggle-backbone.png
2007-12-03 15:40 2275 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\face-glasses.png
2007-12-03 15:40 2231 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\help-browser.png
2007-12-03 15:40 2223 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\applications-accessories.png
2007-12-03 15:40 213266 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\wiggle_tool_00.ogg
2007-12-03 15:40 2129 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\preferences-system.png
2007-12-03 15:40 2097 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\wiggle-all.png
2007-12-03 15:40 2087 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\edit-cut.png
2007-12-03 15:40 2024 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\view-refresh.png
2007-12-03 15:40 1982 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\face-angel.png
2007-12-03 15:40 197950 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\wiggle_tool_03.ogg
2007-12-03 15:40 1948 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\face-kiss.png
2007-12-03 15:40 1927 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\process-stop.png
2007-12-03 15:40 191398 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\rotamer_drag_background.ogg
2007-12-03 15:40 1895 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\face-smile.png
2007-12-03 15:40 1837 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\document-save-as.png
2007-12-03 15:40 174985 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\big\help-window.png
2007-12-03 15:40 173838 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\rotamer_click_rotamer.ogg
2007-12-03 15:40 1725 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\system-log-out.png
2007-12-03 15:40 1695 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\input-mouse.png
2007-12-03 15:40 1652 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\network-error.png
2007-12-03 15:40 1601 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\edit-undo.png
2007-12-03 15:40 154836 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial5\hint.png
2007-12-03 15:40 1502 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\edit-redo.png
2007-12-03 15:40 1501 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\auth\server.crt
2007-12-03 15:40 1491 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\go-jump.png
2007-12-03 15:40 1466 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\xiph.txt
2007-12-03 15:40 145262 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\big\splash.png
2007-12-03 15:40 1437 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\document-open.png
2007-12-03 15:40 1394 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\start-here.png
2007-12-03 15:40 134397 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial4\hint.png
2007-12-03 15:40 1324 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\emblem-unreadable.png
2007-12-03 15:40 1313 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\32x32\preferences-desktop-locale.png
2007-12-03 15:40 130766 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\camera_click_rotate.ogg
2007-12-03 15:40 115009 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\rotamer_drag_backbone.ogg
2007-12-03 15:40 114569 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\images\big\splash-title.png
2007-12-03 15:40 111080 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\rotamer_drag_sidechain.ogg
2007-12-03 15:40 1079609 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\organic_01\wiggle_tool_06.ogg
2007-12-03 15:40 104744 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\sounds\help\rotamer_select_sidechain.ogg
2007-12-03 15:40 100690 --a

---

C:\Program Files\Fold It!\cmp-resources-ab80ef86cb816e4eadc51718895e8be3\resources\trial6\S_00003_0002567_0.pdb
2007-11-29 18:17 3690496 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\game_library.dll
2007-11-28 16:28 295407 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\intro_welcome.ogg
2007-11-28 11:12 47929 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\rotamer_done.ogg
2007-11-28 11:07 189877 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\rotamer_drag_background.ogg
2007-11-28 11:06 115009 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\rotamer_drag_backbone.ogg
2007-11-28 11:05 111080 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\rotamer_drag_sidechain.ogg
2007-11-28 11:04 173838 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\rotamer_click_rotamer.ogg
2007-11-28 10:52 76147 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\camera_zoom.ogg
2007-11-28 10:52 47929 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\camera_done.ogg
2007-11-28 10:51 76518 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\camera_click_translate.ogg
2007-11-28 10:51 67488 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\camera_click_zoom.ogg
2007-11-28 10:50 66293 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\camera_translate.ogg
2007-11-28 10:49 79852 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\camera_rotate.ogg
2007-11-28 10:48 130766 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\help\camera_click_rotate.ogg
2007-11-27 15:00 2275 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\face-glasses.png
2007-11-25 13:13 518 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\emblem-unreadable.png
2007-11-20 20:02 949 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\face-glasses.png
2007-11-20 20:02 932 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\help-browser.png
2007-11-20 20:02 929 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\emblem-readonly-unlocked.png
2007-11-20 20:02 919 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\face-smile.png
2007-11-20 20:02 903 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\emblem-readonly.png
2007-11-20 20:02 682 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\weather-clear.png
2007-11-20 20:02 650 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\edit-undo.png
2007-11-20 20:02 611 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\preferences-system.png
2007-11-20 20:02 5630 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\transform-rotate.png
2007-11-20 20:02 5380 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\transform-scale.png
2007-11-20 20:02 4731 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\transform-move.png
2007-11-20 20:02 443 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\16x16\computer.png
2007-11-20 20:02 3623 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\big\rosetta.png
2007-11-20 20:02 2353 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\shake-all.png
2007-11-20 20:02 23000 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\big\loading.png
2007-11-20 20:02 2292 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\wiggle-backbone.png
2007-11-20 20:02 2231 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\help-browser.png
2007-11-20 20:02 2223 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\applications-accessories.png
2007-11-20 20:02 2129 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\preferences-system.png
2007-11-20 20:02 2097 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\wiggle-all.png
2007-11-20 20:02 2024 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\view-refresh.png
2007-11-20 20:02 1982 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\face-angel.png
2007-11-20 20:02 1948 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\face-kiss.png
2007-11-20 20:02 1927 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\process-stop.png
2007-11-20 20:02 1895 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\face-smile.png
2007-11-20 20:02 1837 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\document-save-as.png
2007-11-20 20:02 174985 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\big\help-window.png
2007-11-20 20:02 1725 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\system-log-out.png
2007-11-20 20:02 1695 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\input-mouse.png
2007-11-20 20:02 1652 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\network-error.png
2007-11-20 20:02 1601 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\edit-undo.png
2007-11-20 20:02 1502 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\edit-redo.png
2007-11-20 20:02 1491 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\go-jump.png
2007-11-20 20:02 145262 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\big\splash.png
2007-11-20 20:02 1437 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\document-open.png
2007-11-20 20:02 1394 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\start-here.png
2007-11-20 20:02 1324 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\emblem-unreadable.png
2007-11-20 20:02 1313 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\32x32\preferences-desktop-locale.png
2007-11-20 20:02 114569 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\images\big\splash-title.png
2007-11-20 15:02 36864 --a

---

C:\Program Files\Fold It!\Fold It!.exe
2007-11-14 21:03 60 --a

---

C:\Program Files\Fold It!\options.txt
2007-11-12 21:16 1501 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\auth\server.crt
2007-11-12 13:10 7958 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\rotamer_land_05.ogg
2007-11-12 13:10 7949 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\rotamer_land_00.ogg
2007-11-12 13:10 7947 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\rotamer_land_02.ogg
2007-11-12 13:10 7923 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\rotamer_land_04.ogg
2007-11-12 13:10 7923 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\rotamer_land_01.ogg
2007-11-12 13:10 7608 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\rotamer_land_03.ogg
2007-11-12 13:10 71635 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_disappear_01.ogg
2007-11-12 13:10 71368 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_disappear_03.ogg
2007-11-12 13:10 64013 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_disappear_04.ogg
2007-11-12 13:10 61797 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_appear_00.ogg
2007-11-12 13:10 56353 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_appear_01.ogg
2007-11-12 13:10 50998 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_appear_02.ogg
2007-11-12 13:10 48845 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_disappear_02.ogg
2007-11-12 13:10 422628 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\wiggle_tool_01.ogg
2007-11-12 13:10 408539 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\wiggle_tool_02.ogg
2007-11-12 13:10 40570 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\void_pop_00.ogg
2007-11-12 13:10 38984 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\void_pop_01.ogg
2007-11-12 13:10 35777 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\void_pop_02.ogg
2007-11-12 13:10 353533 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\wiggle_tool_04.ogg
2007-11-12 13:10 343115 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\wiggle_tool_05.ogg
2007-11-12 13:10 33503 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\clash_disappear_00.ogg
2007-11-12 13:10 33275 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\void_pop_03.ogg
2007-11-12 13:10 30430 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\void_appear_00.ogg
2007-11-12 13:10 30260 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\void_pop_04.ogg
2007-11-12 13:10 213266 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\wiggle_tool_00.ogg
2007-11-12 13:10 197950 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\wiggle_tool_03.ogg
2007-11-12 13:10 1079609 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\organic_01\wiggle_tool_06.ogg
2007-11-11 19:25 74319 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial5\splash.png
2007-11-11 19:25 27954 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial5\splash.graffle
2007-11-10 22:05 81813 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial6\S_00001_0001193_0.remove_h.pdb
2007-11-10 22:05 80793 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial6\S_00001_0001193_0.pdb
2007-11-10 22:05 100690 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial6\S_00003_0002567_0.pdb
2007-11-10 18:06 8759 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\9901_pidgin_rowacid3_short.ogg
2007-11-10 18:06 82 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\readme.txt
2007-11-10 18:06 80270 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial4\splash.png
2007-11-10 18:06 76432 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial5\start-chopped.pdb
2007-11-10 18:06 76432 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial4\start-chopped.pdb
2007-11-10 18:06 75 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\sounds.txt
2007-11-10 18:06 65932 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\fonts\Vera.ttf
2007-11-10 18:06 39879 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial5\hint.graffle
2007-11-10 18:06 39453 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial4\hint.graffle
2007-11-10 18:06 32284 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\fonts\Fontin-Regular.ttf
2007-11-10 18:06 31423 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\sounds\9901_pidgin_rowacid3.ogg
2007-11-10 18:06 30916 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\fonts\Fontin-Bold.ttf
2007-11-10 18:06 29864 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\fonts\Fontin-Italic.ttf
2007-11-10 18:06 29816 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\fonts\Fontin-SmallCaps.ttf
2007-11-10 18:06 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial5\saved_pose.dat
2007-11-10 18:06 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial4\saved_pose.dat
2007-11-10 18:06 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial3\pose4.dat
2007-11-10 18:06 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial3\pose3.dat
2007-11-10 18:06 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial3\pose2.dat
2007-11-10 18:06 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial3\pose1.dat
2007-11-10 18:06 2968 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial3\pose0.dat
2007-11-10 18:06 28303 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial4\splash.graffle
2007-11-10 18:06 154836 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial5\hint.png
2007-11-10 18:06 1466 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\xiph.txt
2007-11-10 18:06 134397 --a

---

C:\Program Files\Fold It!\cmp-resources-00000000000000000000000000000000\resources\trial4\hint.png
2007-10-12 14:02 413696 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\wrap_oal.dll
2007-10-12 14:02 413696 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\wrap_oal.dll
2007-10-12 10:05 110592 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\OpenAL32.dll
2007-10-12 10:05 110592 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\OpenAL32.dll
2007-10-01 15:05 5414 --a

---

C:\Program Files\Fold It!\icon.ico
2006-08-29 11:15 90112 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\libircclient.dll
2006-08-29 11:15 90112 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\libircclient.dll
2006-02-26 19:10 176128 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\libcurl.dll
2006-02-26 19:10 176128 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\libcurl.dll
2006-02-26 17:53 200704 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\ssleay32.dll
2006-02-26 17:53 200704 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\ssleay32.dll
2006-02-26 17:52 1064960 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\libeay32.dll
2006-02-26 17:52 1064960 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\libeay32.dll
2005-07-20 10:48 59904 --a

---

C:\Program Files\Fold It!\cmp-binary-1efb305b56292f957a80dcde359f345c\zlib1.dll
2005-07-20 10:48 59904 --a

---

C:\Program Files\Fold It!\cmp-binary-00000000000000000000000000000000\zlib1.dll

---- Directory of C:\Program Files\New York Times ----

2007-11-16 10:57 2764800 --a

---

C:\Program Files\New York Times\Times Reader\NewsClient.exe
2007-11-16 10:57 20480 --a

---

C:\Program Files\New York Times\Times Reader\TimesReaderCacheCleaner.exe
2007-11-05 17:40 5889 --a

---

C:\Program Files\New York Times\Times Reader\NewsClient.exe.config
2007-04-02 12:42 1316988 --a

---

C:\Program Files\New York Times\Times Reader\acl2setup.exe

---- Directory of C:\WINDOWS\system32\GroupPolicy ----

2007-12-07 20:44 190 --a

---

C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol
2007-12-07 20:44 154 --a

---

C:\WINDOWS\system32\GroupPolicy\gpt.ini
2007-12-07 20:43 81 --ah

---

C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini
2007-07-30 18:02 50726 --a

---

C:\WINDOWS\system32\GroupPolicy\Adm\wuau.adm
2006-10-03 01:43 2402550 --a

---

C:\WINDOWS\system32\GroupPolicy\Adm\inetres.adm
2004-08-04 05:00 67374 --a

---

C:\WINDOWS\system32\GroupPolicy\Adm\wmplayer.adm
2004-08-04 05:00 40282 --a

---

C:\WINDOWS\system32\GroupPolicy\Adm\conf.adm
2004-08-04 05:00 1744202 --a

---

C:\WINDOWS\system32\GroupPolicy\Adm\system.adm

superbacana

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2006-01-15 10:40 450560 --a

---

C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-12-07 01:38]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 15:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 22:00 C:\WINDOWS\stsystra.exe]
"Popup"="C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2006-04-20 16:56]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:33]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-08-19 08:14:44]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54]

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

.
Contents of the 'Scheduled Tasks' folder
"2007-11-04 00:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-10 07:00:05 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 19:36:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-13 19:36:40
C:\ComboFix2.txt ... 2007-12-12 21:27
.
2007-11-14 07:23:12 --- E O F ---

superbacana

---

KASPERSKY ONLINE SCANNER REPORT
Thursday, December 13, 2007 11:23:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/12/2007
Kaspersky Anti-Virus database records: 481915

---

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 235203
Number of viruses found: 8
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 03:25:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\hertzman\Application Data\Microsoft\Internet Explorer\Quick Launch\vnc-4_1_2-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\hertzman\Application Data\Webroot\Spy Sweeper\Logs\071213193031.ses Object is locked skipped
C:\Documents and Settings\hertzman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\hertzman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\hertzman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\hertzman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\hertzman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\hertzman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\hertzman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS00C78007-C5DE-4F05-9BAD-DE6C857AEAB5.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS030A3123-A85A-4230-B9B8-06D2BBFBC644.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0E763CAF-47A5-4075-9D0E-7D155D0D8621.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1009BB96-23E2-442D-822E-84DF5ADAB81E.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1152A70E-58AD-43EC-AB61-F3850D3284E7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D2E24A2-E281-4966-A4F8-96441827A7BC.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DE020B0-A2C1-41DF-91E8-4B24EDE1556C.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS20419885-239A-4A93-BDC0-BC6F57A149AF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS253D5AAC-4038-43E5-BBD4-772021CFCCBF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2981260D-0572-4734-B23D-231609A651A2.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E2EE8C3-A52F-46F7-B0D5-900C2E04786A.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2EA53AE1-E5AB-423B-86B9-3354468AF2BD.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2ECC1176-891C-4864-AF80-CD05F2874B5E.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2FB8973C-A2FB-4AFB-8589-1840E85E2FD0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33DFF553-2FC5-46E3-9647-70EFA67EC8C5.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS364809AE-1F54-4BDD-A774-80A90D298D82.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F5CF744-A446-4686-B959-E645AE997A9D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4126A920-D7A1-4198-9A02-9B2BE3394FB6.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS466A15A8-81AD-4923-A79C-E91395B5446D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS49D50D80-D85D-4F9F-9150-E7FB92F67E14.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS49EBFF31-482C-449C-9383-24423BE6EA60.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4AD1FE69-7A34-405D-B696-FD1FE417A9B0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4D9A065F-9CD7-4B10-8C97-338F47266AC3.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS57A7DE2B-68E6-4D2A-8E0C-901BDDA753A8.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS60BA39F3-D194-4438-AD52-A306EFA36BDC.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS610FB3C9-105F-4288-B0B1-A53109790512.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS63C19A46-53BF-4CAE-AD4B-77C599827466.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS69956EA3-78DA-4E04-882E-1AA8AE3930F0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6EC322F3-1060-40F2-84FE-3F2A5C4E3FD2.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7765B688-CD9B-489A-A237-D306469BCF2C.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS78AE32D5-6CAA-402D-ACD4-F119FC55A3F7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7E2EEC95-3551-421E-B93C-4633204787FE.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7E73372F-F3C3-47C5-ACCB-A8F9A8E3E4D5.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS809B07A8-0251-4237-91E0-FF4913F9B67B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS83A35FF6-4845-4E23-B28E-49060AF6A902.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8624EB7E-E90A-47C4-B943-CBFF74892A03.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS87272CF1-8824-48F5-85F1-B066F1454489.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8C0092B5-99E1-472F-95B5-E262FADA7B8E.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8D960FE1-223F-4DD6-8CFF-583C9E05AF82.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS94C34266-D6A6-4096-9E15-4EB23C7BAB41.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS954867D2-8266-4234-84C8-9CBCC0300D0D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS96749722-72EB-468D-8265-0459DA0A8EF4.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS98A27BC5-5130-49FE-858E-896E5DD20007.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9BD6BCC2-CD79-4290-B394-CD3CA6F535AF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9EDE9C85-24F3-4B6E-B027-9EDD6359292D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA1946592-4E25-4B07-8FF5-1C111177FD06.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA268AB81-7878-4E12-B454-FF9514C8C893.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3BC765C-F297-466E-B853-B1096F86648D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA7B8BEEE-EF8B-4111-8738-0273C049AD24.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA8AE2154-0E7D-4714-984D-4304B1041CAB.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAB1166C7-08E4-4BCC-92CA-B8C8BEB5322B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAD30C210-EE2F-40A1-BB18-EF97FFCC02CB.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB46ACC64-A12D-4165-A365-8F0D2AC56AB4.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB810400D-F6F8-4280-A286-BF45991506C7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB884D0D4-4478-4700-8247-723D9ED505CB.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9546D09-0DCA-4489-BB6F-56FA85C79A60.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBA09E6C3-E5AF-43D9-9A89-6FF142ED464F.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB412081-9B9D-44C8-9A95-B65F6B5520D2.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBBD1B8B0-4C69-4700-AFAA-3A2F0C9C71EA.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBD1D39C4-0DFB-4CFC-9A3C-87E78F723B66.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBDA257E0-C48D-46AE-9605-317F3C949375.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBDB49542-73BD-4ED2-AED6-653E593363D7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC12970AA-828D-4322-AFC7-85D6B0564523.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC25E1BB2-264F-4B7F-8D3C-1152A8935CC7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC298FA28-9251-4249-8B66-B90E818DDDEF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC406F3BE-72C9-4435-9D60-6247F6C1CCC2.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC7F75B7F-C4CD-4E72-B3EB-C31584D6258F.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC8CE8719-63FC-463B-96AD-9635C3077926.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCBDC715A-B1A6-486C-B4C3-CE6AEB29E1BA.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCD1EDE4-CB4D-4FB1-8D51-B8B69AB134CB.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCD7C49A2-4BE9-4952-9E08-C6053489FEFE.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF57959D-1AB0-40AD-AEB4-36E61A0F6AA0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD6946DD0-9BDB-41FC-89B3-C16DC81DF1BF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD9EBE142-410E-44A0-964E-A679E652D82A.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDAD3E20F-413C-4A2C-A98F-EF917E4A61B0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE56071B2-E3E6-4773-B257-8702ACE2CA34.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE8099410-3F92-4316-9829-3D6B52624B26.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEA2D59CD-A708-4D29-A1E3-0CE1A9D038E7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEDA527F5-B5B0-46AB-AF84-BABA7A690CE5.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFD9250D-AFD9-44B7-ABA5-7223053A0928.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF4A0004B-EA41-446A-9814-AAB481541454.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF5F5057B-5B24-48FC-8DAE-A42F51CBF5DF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6EEAE5F-A76A-45AF-9BE5-F41F50D75E74.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9F9B6AB-4BB3-46DF-9C1A-B3C2DBC21994.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFB5FF6BC-455F-436B-BC82-23E9EF85BB15.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC681FAB-6941-4AF7-846D-F268B568EE81.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFDA33142-3A31-4E32-B799-C73C3B975E3A.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFDA33B8F-E44A-4279-91C1-97E3FE8C68E7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFEDB7E9E-DABA-4942-A133-062651D42936.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_678.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Dell SAS RAID Storage Manager\Framework\start.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_675.trc Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.fuc skipped
C:\qoobox\Quarantine\C\WINDOWS\mrofinu572.exe.tmp.vir Infected: Trojan-Downloader.Win32.Agent.fuc skipped
C:\qoobox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.fuc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\enbmlply.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jesmvqya.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nnnoppn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjr skipped
C:\qoobox\Quarantine\catchme2007-12-12_212609.35.zip/efcbcyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjr skipped
C:\qoobox\Quarantine\catchme2007-12-12_212609.35.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP282\A0050660.exe Infected: Trojan-Downloader.Win32.Agent.fuc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP282\A0050773.dll Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286\A0051186.exe Infected: Trojan-Downloader.Win32.Agent.brq skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286\A0051189.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286\A0051189.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286\A0051189.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286\A0051189.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP286\A0051189.exe Inno: infected - 4 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0051308.exe Infected: Trojan-Downloader.Win32.Agent.fuc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0051309.exe Infected: Trojan-Downloader.Win32.Agent.fuc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0051310.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0051311.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0051312.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjr skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP290\A0051318.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjr skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP291\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0AED58A9-8036-463E-A024-DC5B7B208EBB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1180 Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

superbacana

Nowadays, when I reboot my computer, a "Windows Security Alert" appears; the Firewall is blocking a program called "popup" publisher unknown (and I click "Keep Blocking").

The system seems to be working normally aside from that, as far as I can tell so far.

Here's the current HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:15 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152820683875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10195 bytes

jpshortstuff

Hi


Just want to check something out before I make a judgement about that firewall alert.

We need to upload a file to Jotti

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.




Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.
• Close any programs you may have running - especially any web browsers.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u3-windowsi586.exe to install the newest version.

Reboot your computer, and then post another HijackThis log.

Are things still running ok?

Thanks,

jpshortstuff

superbacana

File: popup.exe Status: OK
MD5: d9611640a971eea06ff96b6ab446592f Packers detected: -
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 15 Dec 2007 20:29:29 (GMT) A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

jpshortstuff

OK, looks like you can allow this program that your firewall is blocking (but only if it is called "Popup" nothing else).

Can I see a new HijackThis log please?

superbacana

I have now uninstalled Java (I haven't reinstalled it yet). I've also installed the latest Windows patches that the system had auto-downloaded, and I also removed a few other old programs that I'm not using any more. Here's the latest HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:21 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152820683875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\Monitor.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9190 bytes

superbacana

Also, the Firewall message isn't appearing anymore... maybe the Firewall has decided to stop asking me about it. Anyways, I don't see any reason why my RAID controller should be accessing the internet (and this message was never appearing before, so I still think it's suspicious).

superbacana

Also, the system still seems to be performing normally... no funky windows appearing; zero CPU and networking utilization according to the task manager.

jpshortstuff

Hi superbacana


Perhaps the firewall alert was just a temporary side-effect of your infection. We'll leave this topic open for a few days so you can let me know if it comes back up. Other than that, glad to hear your system is running better. If it was the RAID controller for whatever reason - this controller had some Java components (C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe), so if these alerts stopped after you uninstalled Java this could be one explanation.


Log looks good


Click Start >> Run, and then type ComboFix /u and hit enter.

Remember to re-enable SpySweeper at this point.


Now that you appear to be clean, theres just a few steps I'd like you to take to prevent any future infections.

• Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.
  
  
• Use Mozilla Firefox or Opera as your internet browser.
  These are more secure than Internet Explorer and can be downloaded for free from here:
  Download Mozilla FireFox
  Download Opera
  
  
• Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.
  
  
• Some more programs that it would be useful to have:
  SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
  Freely available: Download SpywareBlaster
  
  Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff

superbacana

Things are still running fine.

Thank you very much for all your help!

It's all kind of amazing that this kind of help is available here, online, for free.

jpshortstuff

Glad we could be of assistance

Do you want to leave the thread open for a few days, or are you satisfied that you're all clean now?

superbacana

Go ahead and close it. One cannot be sure, but I see no reason to believe an infection remains.

Thanks again!

Trogan

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead (grin)

_______________________________

Have we helped you with any issues you have had with your PC's or other items? If so you can now help us by Joining Team 93 and fold for a cure.