| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92162 | 2008-07-31 07:35:00 | Combo Fix log analysis | Renmoo (66) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 693870 | 2008-07-31 07:35:00 | Dear all, It would be great if someone can please take a look at my Combo Fix log and see if there's anything wrong with it . Thanks! ComboFix 08-07-13 . 11 - username 2008-07-31 18:10:46 . 3 - FAT32x86 Microsoft Windows XP Professional 5 . 1 . 2600 . 2 . 1252 . 1 . 1033 . 18 . 1219 [GMT 12:00] Running from: C:\Documents and Settings\username\Desktop\ComboFix . exe * Created a new restore point . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))) . 2008-07-31 18:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl . cpl 2008-07-31 18:04 . 2008-07-31 18:04 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-31 16:10 . 2008-07-31 16:10 <DIR> d-------- C:\WINDOWS\LastGood 2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n . sys 2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n . sys 2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n . sys 2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n . sys 2008-07-30 18:28 . 2008-07-30 18:28 268 --ah----- C:\sqmdata05 . sqm 2008-07-30 18:28 . 2008-07-30 18:28 244 --ah----- C:\sqmnoopt05 . sqm 2008-07-30 18:27 . 2008-07-30 18:27 <DIR> d-------- C:\Program Files\Sygate 2008-07-30 18:27 . 2004-08-10 17:05 83,096 --a------ C:\WINDOWS\system32\SSSensor . dll 2008-07-30 18:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer . sys 2008-07-30 18:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt . sys 2008-07-30 18:12 . 2008-07-30 18:12 268 --ah----- C:\sqmdata04 . sqm 2008-07-30 18:12 . 2008-07-30 18:12 244 --ah----- C:\sqmnoopt04 . sqm 2008-07-30 15:45 . 2008-07-30 15:45 143,104 --a------ C:\WINDOWS\system32\guard32 . dll 2008-07-30 15:45 . 2008-07-30 15:45 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard . sys 2008-07-30 15:45 . 2008-07-30 15:45 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp . sys 2008-07-29 19:39 . 2008-07-29 19:48 157 --a------ C:\WINDOWS\matlab . ini 2008-07-29 19:38 . 2008-07-29 19:38 <DIR> d-------- C:\Documents and Settings\username\Application Data\MathWorks 2008-07-29 19:36 . 2008-07-29 19:36 645,120 --a------ C:\WINDOWS\system32\config . gms 2008-07-29 19:36 . 2004-03-01 21:05 407,104 --a------ C:\WINDOWS\system32\MSHFLXGD . OCX 2008-07-29 19:01 . 2008-07-29 19:01 <DIR> d-------- C:\Program Files\MATLAB 2008-07-23 20:59 . 2008-07-23 20:59 <DIR> d-------- C:\Program Files\CHM To PDF Converter PRO 2008-07-21 15:18 . 2008-07-21 15:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-19 11:39 . 2008-07-19 11:39 <DIR> d-------- C:\Program Files\TortoiseSVN 2008-07-19 11:39 . 2008-07-19 11:39 <DIR> d-------- C:\Program Files\Common Files\TortoiseOverlays 2008-07-19 10:22 . 2008-07-19 10:22 <DIR> d-------- C:\WINDOWS\ie8updates 2008-07-19 10:10 . 2008-06-14 01:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport . sys 2008-07-19 10:10 . 2008-06-14 01:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport . sys 2008-07-11 08:47 . 2008-07-11 08:47 <DIR> d--hs---- C:\FOUND . 002 2008-07-10 20:08 . 2008-07-10 20:08 <DIR> d-------- C:\Documents and Settings\username\Application Data\dvdcss 2008-06-28 01:05 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32 . exe 2008-06-27 19:54 . 2008-06-27 19:54 <DIR> d-------- C:\Program Files\Warcraft III 2008-06-25 11:32 . 2008-06-25 11:32 <DIR> d-------- C:\Program Files\TmNationsForever 2008-06-24 06:27 . 2008-06-24 06:27 38 --a------ C:\WINDOWS\avisplitter . INI 2008-06-16 16:34 . 2008-06-16 16:34 268 --ah----- C:\sqmdata03 . sqm 2008-06-16 16:34 . 2008-06-16 16:34 244 --ah----- C:\sqmnoopt03 . sqm 2008-06-15 16:51 . 2008-06-15 16:51 268 --ah----- C:\sqmdata02 . sqm 2008-06-15 16:51 . 2008-06-15 16:51 244 --ah----- C:\sqmnoopt02 . sqm 2008-06-08 16:45 . 2008-06-08 16:45 <DIR> d-------- C:\Program Files\Free FLV Converter 2008-06-08 16:45 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid . ocx 2008-06-08 16:45 . 2008-06-06 15:00 221,184 --a------ C:\WINDOWS\system32\TubeFinder . exe 2008-06-08 16:45 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics . tlb 2008-06-08 16:45 . 2008-06-04 18:42 141,312 --a------ C:\WINDOWS\system32\MSCMCFR . DLL 2008-06-08 16:45 . 2008-06-04 18:42 119,568 --a------ C:\WINDOWS\system32\VB6FR . DLL 2008-06-08 16:45 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32 . OCX 2008-06-08 16:45 . 2008-06-04 18:42 32,768 --a------ C:\WINDOWS\system32\CMDLGFR . DLL 2008-06-08 16:45 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX . ocx 2008-06-08 16:45 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR . DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock . dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock . dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi . dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip . sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip . sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd . sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd . sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6 . sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6 . sys 2008-06-04 06:42 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT . DLL 2008-06-04 06:42 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60 . dll 2008-05-28 10:06 --------- d-----w C:\Program Files\Unlocker 2008-05-28 02:31 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-05-15 23:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete . exe 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast . sys 2008-05-08 11:20 51,716 ----a-w C:\WINDOWS\system32\pdf995mon . dll 2008-05-08 11:20 249,856 ----a-w C:\WINDOWS\system32\pdfmona . dll 2008-05-08 04:50 830,464 ----a-w C:\WINDOWS\system32\wininet . dll 2008-05-08 04:50 830,464 ----a-w C:\WINDOWS\system32\dllcache\wininet . dll 2008-05-08 04:50 5,120,000 ----a-w C:\WINDOWS\system32\dllcache\mshtml . dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz . dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz . dll 2008-04-21 20:19 187,392 ----a-w C:\WINDOWS\system32\bzpdf . dll 2008-04-06 04:23 5,650,432 ----a-w C:\WINDOWS\system32\logonuiX . exe 2008-04-01 20:13 147,456 ----a-w C:\WINDOWS\system32\bzpdfc . dll 2008-03-01 01:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid . dat 2006-10-02 14:43 2,402,550 ----a-w C:\WINDOWS\inf\SET4D . tmp . ------- Sigcheck ------- 2007-06-13 23:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer . exe 2007-06-13 23:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer . exe 2007-06-14 00:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer . exe 2004-08-04 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\$NtUninstallKB938828$\explorer . exe . ((((((((((((((((((((((((((((( snapshot@2008-05-29_17 . 25 . 37 . 50 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-19 09:40:28 1,845,888 ------w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k . sys + 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB941693\spmsg . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB941693\spuninst . exe + 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom . dll + 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB941693\update\update . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi . dll + 2008-02-20 05:19:36 147,968 ------w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi . dll + 2008-02-20 18:49:36 45,568 ------w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr . dll + 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB945553\spmsg . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB945553\spuninst . exe + 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom . dll + 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB945553\update\update . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi . dll + 2008-02-20 06:52:44 282,624 ------w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32 . dll + 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB948590\spmsg . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB948590\spuninst . exe + 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom . dll + 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB948590\update\update . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi . dll + 2007-03-06 01:22:34 14,048 ------w C:\WINDOWS\$hf_mig$\KB948881\spmsg . dll + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$hf_mig$\KB948881\spuninst . exe + 2007-03-06 01:22:32 22,752 ------w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom . dll + 2007-03-06 01:22:56 716,000 ------w C:\WINDOWS\$hf_mig$\KB948881\update\update . exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi . dll + 2008-01-23 04:56:22 554,008 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360 . dll + 2007-12-10 12:41:12 518,944 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40 . dll + 2007-12-10 12:41:12 326,432 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40 . dll + 2007-12-10 12:41:12 1,516,568 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40 . dll + 2007-12-10 12:41:12 355,112 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1 . dll + 2008-03-27 07:39:14 151,583 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40 . dll + 2007-12-10 12:41:12 60,192 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40 . dll + 2007-12-10 12:41:12 248,608 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40 . dll + 2007-12-10 12:41:12 219,936 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40 . dll + 2007-12-10 12:41:12 355,104 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40 . dll + 2007-12-10 12:41:14 432,928 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40 . dll + 2007-12-10 12:41:14 322,336 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40 . dll + 2007-12-10 12:41:14 559,904 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40 . dll + 2007-12-10 12:41:14 264,992 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40 . dll + 2007-12-10 12:41:14 838,432 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10 . dll + 2007-12-10 12:41:14 621,344 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10 . dll + 2007-12-10 12:41:14 355,104 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40 . dll + 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB950749\spmsg . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB950749\spuninst . exe + 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom . dll + 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB950749\update\update . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi . dll + 2007-03-08 14:47:48 1,843,584 ------w C:\WINDOWS\$NtUninstallKB941693$\win32k . sys + 2006-06-26 18:37:10 148,480 ------w C:\WINDOWS\$NtUninstallKB945553$\dnsapi . dll + 2004-08-04 08:00:00 45,568 ------w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi . dll + 2007-06-19 14:31:20 282,112 ------w C:\WINDOWS\$NtUninstallKB948590$\gdi32 . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi . dll + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst . exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi . dll + 2004-08-04 08:00:00 561,179 ------w C:\WINDOWS\$NtUninstallKB950749$\dao360 . dll + 2004-08-04 08:00:00 512,029 ------w C:\WINDOWS\$NtUninstallKB950749$\msexch40 . dll + 2004-08-04 08:00:00 319,517 ------w C:\WINDOWS\$NtUninstallKB950749$\msexcl40 . dll + 2004-08-04 08:00:00 1,507,356 ------w C:\WINDOWS\$NtUninstallKB950749$\msjet40 . dll + 2004-08-04 08:00:00 358,976 ------w C:\WINDOWS\$NtUninstallKB950749$\msjetol1 . dll + 2004-08-04 08:00:00 358,976 ------w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40 . dll + 2004-08-04 08:00:00 151,583 ------w C:\WINDOWS\$NtUninstallKB950749$\msjint40 . dll + 2004-08-04 08:00:00 53,279 ------w C:\WINDOWS\$NtUninstallKB950749$\msjter40 . dll + 2004-08-04 08:00:00 241,693 ------w C:\WINDOWS\$NtUninstallKB950749$\msjtes40 . dll + 2004-08-04 08:00:00 213,023 ------w C:\WINDOWS\$NtUninstallKB950749$\msltus40 . dll + 2004-08-04 08:00:00 348,189 ------w C:\WINDOWS\$NtUninstallKB950749$\mspbde40 . dll + 2004-08-04 08:00:00 421,919 ------w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40 . dll + 2004-08-04 08:00:00 315,423 ------w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40 . dll + 2004-08-04 08:00:00 552,989 ------w C:\WINDOWS\$NtUninstallKB950749$\msrepl40 . dll + 2004-08-04 08:00:00 258,077 ------w C:\WINDOWS\$NtUninstallKB950749$\mstext40 . dll + 2004-08-04 08:00:00 831,519 ------w C:\WINDOWS\$NtUninstallKB950749$\mswdat10 . dll + 2004-08-04 08:00:00 614,429 ------w C:\WINDOWS\$NtUninstallKB950749$\mswstr10 . dll + 2004-08-04 08:00:00 348,189 ------w C:\WINDOWS\$NtUninstallKB950749$\msxbde40 . dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst . exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi . dll + 2008-07-29 07:36:36 73,728 ----a-w C:\WINDOWS\assembly\GAC_32\MWArray\2 . 0 . 0 . 0__e1d84a 0da19db86f\MWArray . dll + 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport . sys + 2008-03-03 08:01:22 5,120,000 ------w C:\WINDOWS\ie8updates\KB951804-IE8\mshtml . dll + 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\ie8updates\KB951804-IE8\spuninst\spuninst . exe + 2007-11-30 12:39:22 382,840 ------w C:\WINDOWS\ie8updates\KB951804-IE8\spuninst\updspapi . dll + 2008-03-03 08:01:22 830,464 ------w C:\WINDOWS\ie8updates\KB951804-IE8\wininet . dll + 2007-06-19 17:30:12 868,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\AEC . DLL + 2007-06-19 17:34:20 156,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\DWGCNV . DLL + 2007-06-19 17:30:30 2,098,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\DWGDP . DLL + 2007-06-19 17:29:44 484,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\MODELENG . DLL + 2007-06-19 17:30:18 1,001,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\ORGCHART . DLL + 2007-06-19 17:29:40 469,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\ORGCHWIZ . DLL + 2007-06-19 17:30:28 1,511,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\UML . DLL + 2007-06-19 17:29:52 554,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\UMLSYS . DLL + 2007-06-19 17:30:36 7,819,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\VISBRGR . DLL + 2007-06-19 17:34:38 190,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\VISIO . EXE + 2007-06-19 17:30:38 8,296,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\VISLIB . DLL + 2007-06-19 17:33:54 108,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11 . 0 . 8173\VISOCX . DLL + 2004-08-01 20:51:16 719,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\ANLYZTS . DLL + 2007-05-28 15:02:44 325,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\ATLCONV . DLL + 2007-05-28 13:48:24 354,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\MSWARP . DLL + 2007-05-28 15:02:44 951,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PJ11OD11 . DLL + 2007-05-28 13:48:18 280,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PJ11TM11 . DLL + 2006-01-17 03:48:06 146,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PJMSGMGR . DLL + 2006-01-17 03:48:06 167,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PJMSGSDR . DLL + 2007-05-28 13:48:30 4,323,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PJOLEDB . DLL + 2007-05-28 13:48:20 304,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PJRESC . DLL + 2007-05-28 13:48:14 223,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PJSPOOL . EXE + 2007-05-28 15:02:46 1,738,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\PRJRES . DLL + 2007-05-28 15:02:44 685,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\SERCONV . DLL + 2007-05-28 15:02:48 11,421,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11 . 0 . 8173\WINPROJ . EXE - 2008-04-23 04:51:08 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons . exe + 2008-07-18 22:24:52 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons . exe - 2008-04-23 04:51:08 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon . exe + 2008-07-18 22:24:52 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon . exe - 2008-04-23 04:51:08 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon . exe + 2008-07-18 22:24:52 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon . exe - 2008-04-23 04:51:08 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc . exe + 2008-07-18 22:24:52 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc . exe - 2008-04-23 04:51:08 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons . exe + 2008-07-18 22:24:52 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons . exe - 2008-04-23 04:51:08 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon . exe + 2008-07-18 22:24:52 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon . exe - 2008-04-23 04:51:08 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon . exe + 2008-07-18 22:24:52 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon . exe - 2008-04-23 04:51:08 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon . exe + 2008-07-18 22:24:52 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon . exe - 2008-04-23 04:51:08 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico . exe + 2008-07-18 22:24:52 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico . exe - 2008-04-23 04:51:08 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs . exe + 2008-07-18 22:24:52 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs . exe - 2008-04-23 04:51:08 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico . exe + 2008-07-18 22:24:52 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico . exe - 2008-04-23 04:51:06 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon . exe + 2008-07-18 22:24:50 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon . exe - 2008-04-23 04:51:06 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons . exe + 2008-07-18 22:24:50 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons . exe - 2008-03-17 02:40:26 135,168 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc . exe + 2008-06-03 01:33:40 135,168 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc . exe - 2008-03-17 02:40:26 4,096 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon . exe + 2008-06-03 01:33:40 4,096 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon . exe - 2008-03-17 02:40:26 147,456 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon . exe + 2008-06-03 01:33:40 147,456 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon . exe - 2008-03-29 21:48:16 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon . exe + 2008-06-03 01:34:12 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon . exe - 2008-03-29 21:48:16 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc . exe + 2008-06-03 01:34:12 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc . exe - 2008-03-29 21:48:16 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon . exe + 2008-06-03 01:34:12 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon . exe - 2008-03-29 21:48:16 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon . exe + 2008-06-03 01:34:12 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon . exe + 2008-07-30 06:28:24 4,608 ----a-r C:\WINDOWS\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247 . exe + 2008-05-06 23:31:16 106,368 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\Rtenicxp . sys - 2000-08-30 20:00:00 28,160 ----a-w C:\WINDOWS\Nircmd . exe + 2000-08-30 20:00:00 28,672 ----a-w C:\WINDOWS\Nircmd . exe - 2004-08-04 08:00:00 561,179 ----a-w C:\WINDOWS\system32\dllcache\dao360 . dll + 2008-03-25 04:50:26 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360 . dll - 2004-08-04 08:00:00 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr . dll + 2008-02-20 05:32:44 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr . dll - 2007-06-19 14:31:20 282,112 ----a-w C:\WINDOWS\system32\dllcache\gdi32 . dll + 2008-02-20 06:51:06 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32 . dll - 2004-08-04 08:00:00 512,029 ----a-w C:\WINDOWS\system32\dllcache\msexch40 . dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40 . dll - 2004-08-04 08:00:00 319,517 ----a-w C:\WINDOWS\system32\dllcache\msexcl40 . dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40 . dll - 2004-08-04 08:00:00 1,507,356 ----a-w C:\WINDOWS\system32\dllcache\msjet40 . dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40 . dll - 2004-08-04 08:00:00 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1 . dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1 . dll - 2004-08-04 08:00:00 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40 . dll + 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40 . dll - 2004-08-04 08:00:00 53,279 ----a-w C:\WINDOWS\system32\dllcache\msjter40 . dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40 . dll - 2004-08-04 08:00:00 241,693 ----a-w C:\WINDOWS\system32\dllcache\msjtes40 . dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40 . dll - 2004-08-04 08:00:00 213,023 ----a-w C:\WINDOWS\system32\dllcache\msltus40 . dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40 . dll - 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\mspbde40 . dll + 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40 . dll - 2004-08-04 08:00:00 421,919 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40 . dll + 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40 . dll - 2004-08-04 08:00:00 315,423 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40 . dll + 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40 . dll - 2004-08-04 08:00:00 552,989 ----a-w C:\WINDOWS\system32\dllcache\msrepl40 . dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40 . dll - 2004-08-04 08:00:00 258,077 ----a-w C:\WINDOWS\system32\dllcache\mstext40 . dll + 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40 . dll - 2004-08-04 08:00:00 831,519 ----a-w C:\WINDOWS\system32\dllcache\mswdat10 . dll + 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10 . dll - 2004-08-04 08:00:00 614,429 ----a-w C:\WINDOWS\system32\dllcache\mswstr10 . dll + 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10 . dll - 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\msxbde40 . dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40 . dll - 2007-03-08 14:47:48 1,843,584 ----a-w C:\WINDOWS\system32\dllcache\win32k . sys + 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k . sys - 2006-06-26 18:37:10 148,480 ----a-w C:\WINDOWS\system32\DNSAPI . DLL + 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi . dll - 2004-08-04 08:00:00 45,568 ----a-w C:\WINDOWS\system32\DNSRSLVR . DLL + 2008-02-20 05:32:44 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr . dll + 2008-04-28 23:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd . sys + 2008-04-28 23:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd . sys - 2007-12-02 22:59:06 74,616 ----a-w C:\WINDOWS\system32\drivers\inspect . sys + 2008-07-30 03:45:44 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect . sys + 2008-04-28 23:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver . sys - 2006-07-13 09:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\RMCast . sys + 2008-05-08 12:28:50 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast . sys - 2008-05-28 10:42:02 281,336 ----a-w C:\WINDOWS\system32\FNTCACHE . DAT + 2008-06-04 03:38:02 281,336 ----a-w C:\WINDOWS\system32\FNTCACHE . DAT + 2004-10-15 06:31:58 99,480 ----a-w C:\WINDOWS\system32\FwsVpn . dll - 2007-06-19 14:31:20 282,112 ----a-w C:\WINDOWS\system32\gdi32 . dll + 2008-02-20 06:51:06 282,624 ----a-w C:\WINDOWS\system32\gdi32 . dll - 2008-02-21 13:23:36 135,168 ----a-w C:\WINDOWS\system32\java . exe + 2008-06-09 13:21:02 135,168 ----a-w C:\WINDOWS\system32\java . exe - 2008-02-21 13:23:40 135,168 ----a-w C:\WINDOWS\system32\javaw . exe + 2008-06-09 13:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw . exe - 2008-02-21 14:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws . exe + 2008-06-09 14:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws . exe - 2008-04-05 10:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT . exe + 2008-06-24 21:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT . exe - 2004-08-04 08:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40 . dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40 . dll - 2004-08-04 08:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40 . dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40 . dll - 2008-03-03 08:01:22 5,120,000 ----a-w C:\WINDOWS\system32\mshtml . dll + 2008-05-08 04:50:54 5,120,000 ----a-w C:\WINDOWS\system32\mshtml . dll - 2004-08-04 08:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40 . dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40 . dll - 2004-08-04 08:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40 . dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40 . dll - 2004-08-04 08:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40 . dll + 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40 . dll - 2004-08-04 08:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40 . dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40 . dll - 2004-08-04 08:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40 . dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40 . dll - 2004-08-04 08:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40 . dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40 . dll - 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40 . dll + 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40 . dll - 2004-08-04 08:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40 . dll + 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40 . dll - 2004-08-04 08:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40 . dll + 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40 . dll - 2004-08-04 08:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40 . dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40 . dll - 2004-08-04 08:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40 . dll + 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40 . dll - 2004-08-04 08:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10 . dll + 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10 . dll - 2004-08-04 08:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10 . dll + 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10 . dll - 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40 . dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40 . dll - 2005-09-07 13:03:50 1,330,888 ----a-w C:\WINDOWS\system32\msxml6 . dll + 2007-05-15 03:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6 . dll - 2008-05-28 10:41:14 864,624 ----a-w C:\WINDOWS\system32\Restore\rstrlog . dat + 2008-07-30 05:49:36 44,640 ----a-w C:\WINDOWS\system32\Restore\rstrlog . dat + 2004-10-15 06:31:56 218,264 ----a-w C:\WINDOWS\system32\SetAid . dll - 2007-10-08 02:46:18 14,640 ------w C:\WINDOWS\system32\spmsg . dll + 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg . dll - 2007-03-08 14:47:48 1,843,584 ----a-w C:\WINDOWS\system32\WIN32K . SYS + 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k . sys + 2008-07-31 04:02:20 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_298 . dat + 2008-04-10 10:52:48 225,280 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . CRT_1fc8b3b9a 1e18e3b_9 . 0 . 30411 . 0_x-ww_71382c73\msvcm90 . dll + 2008-04-10 16:32:14 572,928 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . CRT_1fc8b3b9a 1e18e3b_9 . 0 . 30411 . 0_x-ww_71382c73\msvcp90 . dll + 2008-04-10 16:32:14 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . CRT_1fc8b3b9a 1e18e3b_9 . 0 . 30411 . 0_x-ww_71382c73\msvcr90 . dll + 2008-04-10 16:32:14 3,767,288 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFC_1fc8b3b9a 1e18e3b_9 . 0 . 30411 . 0_x-ww_421e9f78\mfc90 . dll + 2008-04-10 16:32:16 3,783,160 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFC_1fc8b3b9a 1e18e3b_9 . 0 . 30411 . 0_x-ww_421e9f78\mfc90u . dll + 2008-04-10 13:51:48 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFC_1fc8b3b9a 1e18e3b_9 . 0 . 30411 . 0_x-ww_421e9f78\mfcm90 . dll + 2008-04-10 13:51:48 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFC_1fc8b3b9a 1e18e3b_9 . 0 . 30411 . 0_x-ww_421e9f78\mfcm90u . dll + 2008-04-10 16:32:04 44,032 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90chs . dll + 2008-04-10 16:32:02 44,544 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90cht . dll + 2008-04-10 16:32:12 63,488 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90deu . dll + 2008-04-10 16:32:08 56,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90enu . dll + 2008-04-10 16:32:08 61,952 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90esn . dll + 2008-04-10 16:32:08 61,952 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90esp . dll + 2008-04-10 16:32:10 62,976 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90fra . dll + 2008-04-10 16:32:10 61,952 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90ita . dll + 2008-04-10 16:32:06 49,664 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90jpn . dll + 2008-04-10 16:32:02 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft . VC90 . MFCLOC_1fc8b3 b9a1e18e3b_9 . 0 . 30411 . 0_x-ww_b29f1338\mfc90kor . dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\8T ortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\9T ortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays . dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon . exe"="C:\WINDOWS\system32\ctfmon . exe" [2004-08-04 20:00 15360] "Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei . exe" [2007-06-10 18:02 40960] "FreeRAM XP"="D:\Program Backup\FreeRAM XP Pro 1 . 40 . exe" [2003-11-30 23:13 1354240] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr . Exe" [2008-02-10 13:56 5724184] "YahooWidget"="C:\Program Files\Yahoo!\Widgets\YahooWidgets . exe" [2007-11-21 08:14 3730472] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe" [2008-01-28 11:43 2097488] "SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar . exe" [2006-07-09 21:58 1777664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl . exe" [2006-04-17 02:24 110592] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl . dll" [2006-04-27 09:47 7573504] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray . dll" [2006-04-27 09:47 86016] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier . exe" [2005-10-17 17:09 987136] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh . exe" [2005-10-20 23:26 761945] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife . exe" [2006-03-06 17:13 86016] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon . exe" [2004-08-22 17:05 81920] "IMJPMIG8 . 1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG . EXE" [2004-08-04 20:00 208952] "IMEKRMIG6 . 1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG . EXE" [2004-08-04 20:00 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst . exe" [2004-08-04 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE" [2004-08-04 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE" [2004-08-04 20:00 455168] "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425 . exe" [2007-08-08 19:49 338432] "BootSkin Startup Jobs"="C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin . ex e" [2004-04-26 16:21 270336] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc . exe" [2004-10-15 19:40 2577632] "SunJavaUpdateSched"="C:\Program Files\Java\jre1 . 6 . 0_07\bin\jusched . exe" [2008-06-10 04:27 144784] "nwiz"="nwiz . exe" [2006-04-27 09:47 1519616 C:\WINDOWS\system32\nwiz . exe] "RTHDCPL"="RTHDCPL . EXE" [2005-12-18 23:52 15797248 C:\WINDOWS\RTHDCPL . exe] C:\Documents and Settings\username\Start Menu\Programs\Startup\ TransBar . lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\TransBar\TransBar . exe [2005-06-02 08:41:18 65536] Y'z Shadow . lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow . exe [2006-05-21 20:43:14 155648] RocketDock . lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock . exe [2007-03-19 11:05:02 630784] UberIcon . lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager . exe [2006-05-21 20:43:08 180224] BOINC Manager . lnk - C:\Program Files\BOINC\boincmgr . exe [2007-03-01 11:19:50 3604480] WordWeb . lnk - C:\Program Files\WordWeb\wweb32 . exe [2007-11-16 10:09:22 44384] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager . lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1 . exe [2005-06-16 11:11:42 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\system32\\logonuiX . exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\WINDOWS\system32\guard32 . dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc . asv2"= asusasv2 . dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch . lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer . lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS ChkMail . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS ChkMail . lnk backup=C:\WINDOWS\pss\ASUS ChkMail . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager . lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager . lnk backup=C:\WINDOWS\pss\Bluetooth Manager . lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^username^Start Menu^Programs^Startup^WordWeb . lnk] path=C:\Documents and Settings\username\Start Menu\Programs\Startup\WordWeb . lnk backup=C:\WINDOWS\pss\WordWeb . lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] --a------ 2006-02-21 15:20 180224 C:\Program Files\ASUS\ASUS Live Update\ALU . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-01-02 10:22 3739648 C:\Program Files\Google\Google Talk\googletalk . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-14 05:24 1694208 C:\Program Files\Messenger\msmsgs . exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2006-01-19 21:34 544768 C:\WINDOWS\sm56hlpr . exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "Zshutdown"=c:\sysprep\patch\sysprep . cmd [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr . exe"= "C:\\Program Files\\VoipStunt . com\\VoipStunt\\VoipStunt . exe"= "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr . Exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall . exe"= "%windir%\\Network Diagnostic\\xpnetdiag . exe"= "C:\\Program Files\\Skype\\Phone\\Skype . exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res . dll,-22009 R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP . sys [2008-05-16 11:20] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard . sys [2008-07-30 15:45] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp . sys [2008-07-30 15:45] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk . sys [2008-05-16 11:16] R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5 . SYS [2002-09-09 19:54] R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid . sys [2004-04-19 15:01] R3 SynMini;USB2 . 0 1 . 3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini . sys [2005-10-03 10:26] R3 SynScan;USB2 . 0 1 . 3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan . sys [2005-10-03 10:26] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3 . exe -a . Contents of the 'Scheduled Tasks' folder "2008-07-31 04:05:22 C:\WINDOWS\Tasks\MP Scheduled Scan . job" - C:\Program Files\Windows Defender\MpCmdRun . exe . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-COMODO Firewall Pro - C:\Program Files\Comodo\Firewall\cfp . exe MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr . exe ************************************************** ************************ catchme 0 . 3 . 1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-07-31 18:11:18 Windows 5 . 1 . 2600 Service Pack 2 FAT NTAPI scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\v sdatant] "ImagePath"="" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon . exe -> C:\WINDOWS\system32\guard32 . dll PROCESS: C:\WINDOWS\system32\lsass . exe -> C:\WINDOWS\system32\guard32 . dll PROCESS: C:\WINDOWS\explorer . exe -> C:\Program Files\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock . dll -> C:\Program Files\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon . dll . Completion time: 2008-07-31 18:13:56 ComboFix-quarantined-files . txt 2008-07-31 06:13:46 ComboFix4 . txt 2008-05-27 08:41:10 ComboFix3 . txt 2008-05-29 05:26:10 ComboFix2 . txt 2008-05-31 22:53:32 Pre-Run: 28,238,381,056 bytes free Post-Run: 28,423,684,096 bytes free 549 Cheers :) |
Renmoo (66) | ||
| 693871 | 2008-07-31 07:37:00 | Send an email to Pancake | Speedy Gonzales (78) | ||
| 693872 | 2008-08-01 00:28:00 | Ok . Not much . Just a small bit of malware to fix . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: File:: C:\sqmdata05 . sqm C:\sqmnoopt05 . sqm C:\sqmdata04 . sqm C:\sqmnoopt04 . sqm C:\sqmdata03 . sqm C:\sqmnoopt03 . sqm C:\sqmdata02 . sqm C:\sqmnoopt02 . sqm C:\WINDOWS\inf\SET4D . tmp Folder:: C:\FOUND . 002 Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your computer* |
Pancake (6359) | ||
| 693873 | 2008-08-01 06:24:00 | Awesome Pancake :) :) :D :thumbs: I will do that tonight |
Renmoo (66) | ||
| 1 | |||||