rctmarsh
2008-04-08, 21:55
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1183 [GMT 1:00]
Running from: C:\Users\JTickeR\Desktop\ComboFix.exe
* Created a new restore point
Other Deletions
C:\Windows\BMe7fdfbc2.xml
C:\Windows\pskt.ini
C:\Windows\system32\efcDSJDS.dll
C:\Windows\System32\SDJSDcfe.ini
C:\Windows\System32\SDJSDcfe.ini2
C:\Windows\System32\UBJQpYay.ini
C:\Windows\System32\UBJQpYay.ini2
.
Files Created from 2008-03-08 to 2008-04-08
.
2008-04-08 16:13 . 2008-04-08 16:32 524,288 --ahs---- C:\ntuser.dat{d8db1852-057b-11dd-a9f1-f763869ee008}.TMContainer00000000000000000002.regtrans-ms
2008-04-08 16:13 . 2008-04-08 17:11 524,288 --ahs---- C:\ntuser.dat{d8db1852-057b-11dd-a9f1-f763869ee008}.TMContainer00000000000000000001.regtrans-ms
2008-04-08 16:13 . 2008-04-08 17:11 65,536 --ahs---- C:\ntuser.dat{d8db1852-057b-11dd-a9f1-f763869ee008}.TM.blf
2008-04-08 16:12 . 2008-04-08 16:53 262,144 --a------ C:\ntuser.dat
2008-04-08 16:12 . 2008-04-08 16:53 5,120 --ah----- C:\ntuser.dat.LOG1
2008-04-08 16:12 . 2008-04-08 16:13 0 --ah----- C:\ntuser.dat.LOG2
2008-04-08 11:39 . 2008-04-08 11:39 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-08 09:40 . 2008-04-08 09:41 162,364,583 --a------ C:\Windows\MEMORY.DMP
2008-04-08 09:26 . 2008-04-08 09:26 <DIR> d-------- C:\VundoFix Backups
2008-04-08 08:33 . 2008-04-08 16:30 585 --a------ C:\Windows\wininit.ini
2008-04-08 08:18 . 2008-04-08 08:57 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-08 08:18 . 2008-04-08 08:57 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-08 08:18 . 2008-04-08 08:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-08 02:27 . 2008-04-08 08:12 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-08 01:01 . 2008-04-08 01:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-08 01:01 . 2008-04-08 01:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-07 23:24 . 2008-04-07 23:39 354 ---hs---- C:\Windows\System32\hwyqetrw.ini
2008-04-07 23:23 . 2008-04-07 23:33 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-07 20:58 . 2008-04-07 21:50 <DIR> d-------- C:\Windows\System32\svcdll
2008-04-07 18:26 . 2008-04-07 18:27 1,415,295 --a------ C:\SDFix.exe
2008-04-07 18:14 . 2008-04-07 20:23 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-07 17:06 . 2008-04-07 12:19 <DIR> d-------- C:\SDFix
2008-04-07 12:30 . 2008-04-07 12:30 <DIR> d-------- C:\Users\All Users\LightScribe
2008-04-07 12:30 . 2008-04-07 12:30 <DIR> d-------- C:\ProgramData\LightScribe
2008-04-07 09:30 . 2008-04-07 18:13 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-07 09:30 . 2008-04-07 18:13 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-07 09:30 . 2008-04-07 18:13 37,888 --a------ C:\Windows\System32\rar.exe
2008-04-07 09:21 . 2008-04-07 10:14 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\LimeWire
2008-04-07 09:19 . 2008-04-07 10:44 <DIR> d-------- C:\Program Files\Java
2008-04-07 09:17 . 2008-04-07 09:21 <DIR> d-------- C:\Program Files\LimeWire
2008-04-07 09:17 . 2008-04-07 09:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-07 09:09 . 2008-04-07 09:09 0 --a------ C:\d1.exe
2008-04-07 09:09 . 2008-04-07 09:09 0 --a------ C:\-456210191
2008-04-07 09:05 . 2008-04-07 09:05 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\FlashFXP
2008-04-07 09:04 . 2008-04-07 19:28 <DIR> d-------- C:\Program Files\FlashFXP
2008-04-06 16:01 . 2008-04-06 16:01 <DIR> d-------- C:\Program Files\LucasArts
2008-04-06 10:37 . 2008-04-06 10:37 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-04-06 10:37 . 2008-04-06 10:37 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-04-06 10:37 . 2008-04-06 10:37 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-04-06 10:13 . 2008-03-18 15:31 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-04-04 13:39 . 2008-04-04 13:39 <DIR> dr-h----- C:\Users\JTickeR\AppData\Roaming\SecuROM
2008-04-04 13:39 . 2008-04-04 13:44 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-04-04 13:39 . 2008-04-04 13:39 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-04-04 01:33 . 2008-04-04 01:33 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-04 01:14 . 2008-04-08 01:53 69 --a------ C:\Windows\NeroDigital.ini
2008-04-04 00:13 . 2008-04-04 00:13 921,632 --a------ C:\PA7302.DAT
2008-04-03 23:42 . 2008-04-03 23:42 <DIR> d-------- C:\Windows\PixArt
2008-04-03 23:42 . 2008-04-03 23:42 <DIR> d-------- C:\Windows\Downloaded Installations
2008-04-03 23:42 . 2008-04-03 23:42 <DIR> d-------- C:\Program Files\Common Files\PAC7302
2008-04-03 23:42 . 2005-04-03 20:56 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2008-04-03 23:42 . 2007-05-08 10:11 291 --a------ C:\Windows\System32\Remover.ini
2008-04-03 23:41 . 2008-04-03 23:41 <DIR> d-------- C:\Windows\Album
2008-04-03 23:41 . 2008-04-03 23:41 <DIR> d-------- C:\Program Files\KYE
2008-04-03 12:49 . 2008-04-07 08:18 <DIR> d-------- C:\Program Files\EA GAMES
2008-04-03 11:27 . 2008-04-03 11:27 <DIR> d-------- C:\Users\All Users\Uniblue
2008-04-03 11:27 . 2008-04-03 11:27 <DIR> d-------- C:\ProgramData\Uniblue
2008-04-03 11:19 . 2008-04-03 11:26 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Uniblue
2008-04-03 11:19 . 2008-04-03 11:26 <DIR> d-------- C:\Program Files\Uniblue
2008-04-03 11:09 . 2008-04-04 21:09 <DIR> d-------- C:\Program Files\Windows Live
2008-04-03 11:09 . 2008-04-03 11:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 11:08 . 2008-04-03 11:22 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\MessengerGadget
2008-04-03 10:56 . 2008-04-03 10:56 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-03 10:55 . 2008-04-07 12:32 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Ahead
2008-04-03 10:52 . 2008-04-03 10:52 <DIR> d-------- C:\Users\All Users\Nero
2008-04-03 10:52 . 2008-04-03 10:52 <DIR> d-------- C:\ProgramData\Nero
2008-04-03 10:52 . 2008-04-03 10:52 <DIR> d-------- C:\Program Files\Nero
2008-04-03 10:52 . 2008-04-03 10:56 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-03 10:39 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-04-03 10:26 . 2008-04-03 10:26 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-03 02:58 . 2008-04-03 02:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-03 00:50 . 2008-04-03 00:50 0 --a------ C:\Users\JTickeR\AppData\Roaming\wklnhst.dat
2008-04-03 00:40 . 2008-02-14 14:56 118,784 --a------ C:\Windows\System32\drivers\Rtlh86.sys
2008-04-03 00:39 . 2008-04-03 00:39 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\InstallShield
2008-04-03 00:39 . 2008-04-06 10:12 <DIR> d-------- C:\Program Files\Realtek
2008-04-03 00:38 . 2008-04-03 00:38 <DIR> d-------- C:\Windows\System32\Macromed
2008-04-02 23:08 . 2008-04-02 23:09 <DIR> d-------- C:\Users\All Users\Adobe
2008-04-02 23:08 . 2008-04-02 23:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-02 23:07 . 2008-04-02 23:07 <DIR> d-------- C:\Program Files\CCleaner
2008-04-02 23:00 . 2008-04-02 23:00 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\AdobeUM
2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\Users\All Users\PC Drivers Headquarters
2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\ProgramData\PC Drivers Headquarters
2008-04-02 22:31 . 2008-04-07 08:18 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-02 22:26 . 2008-04-07 21:55 <DIR> d-------- C:\Program Files\XAC
2008-04-02 22:23 . 2008-04-02 22:23 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\teamspeak2
2008-04-02 22:23 . 2008-04-02 22:23 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-02 22:23 . 2008-04-02 22:23 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-04-02 22:22 . 2008-04-04 21:06 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-02 22:22 . 2008-04-04 21:06 <DIR> d-------- C:\ProgramData\WLInstaller
2008-04-02 22:12 . 2008-01-03 15:26 360,448 --a------ C:\Windows\System32\nvudisp.exe
2008-04-02 22:05 . 2008-04-03 00:35 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-04-02 22:04 . 2008-04-08 19:04 <DIR> d-------- C:\Users\All Users\Symantec
2008-04-02 22:04 . 2008-04-08 19:04 <DIR> d-------- C:\ProgramData\Symantec
2008-04-02 22:04 . 2008-04-02 22:21 <DIR> d-------- C:\Program Files\Symantec
2008-04-02 22:04 . 2008-04-04 21:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 22:04 . 2008-04-02 22:21 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-04-02 22:04 . 2008-04-02 22:21 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-04-02 22:04 . 2008-04-02 22:21 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-04-02 22:01 . 2008-04-02 22:07 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Symantec
2008-04-02 20:39 . 2008-04-07 21:12 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Xfire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 09:12 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-03 22:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-03 10:34 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-03 10:32 --------- d-----w C:\Program Files\Microsoft Small Business
2008-04-03 10:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-03 10:08 --------- d-----w C:\Program Files\Microsoft Works
2008-04-03 10:04 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-04-03 02:04 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-02 23:35 --------- d-----w C:\ProgramData\NVIDIA
2008-03-26 17:35 2,103,512 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-03-26 12:21 5,369,856 ----a-w C:\Windows\RtHDVCpl.exe
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-05 17:07 520,192 ----a-w C:\Windows\RtlExUpd.dll
2008-03-05 11:33 --------- d-----w C:\Program Files\CONEXANT
2008-02-27 20:18 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-02-27 12:25 315,392 ----a-w C:\Windows\HideWin.exe
2008-02-27 12:24 --------- d-----w C:\Program Files\Intel
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
2008-01-21 02:24 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-21 02:24 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:24 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-21 02:24 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-21 02:24 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-21 02:24 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-21 02:24 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-21 02:24 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-21 02:24 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-21 02:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-21 02:24 134,656 ----a-w C:\Windows\regedit.exe
2008-01-21 02:24 13,312 ----a-w C:\Windows\fveupdate.exe
2008-01-21 02:23 151,040 ----a-w C:\Windows\notepad.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-02 22:20 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 03:23 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 03:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 03:25 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 11:01 319488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9A79D6CC-DC2A-4630-AA30-ABC9E9A89AF6}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{39056367-D59F-4246-8233-70C36DF24C2F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{996664F3-1004-4BCF-B51E-B3E44831BF9B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{31AC343A-C1EA-4BF1-AE6A-E1F8ACCF32F5}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{20EC4BDA-442D-428D-B378-4363CEEF83F4}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F110F3DD-70D2-437B-B3FA-B8945E88B341}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{F60E4134-188C-4A5B-BA16-7E8A38203F66}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080403.004\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 PAC7302;Eye 312;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-04-30 13:26]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
S2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 3xHybrid;3xHybrid service;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 06:34]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-06 19:58]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 03:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 03:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72565832-00e8-11dd-99b3-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 19:01:10 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - JTickeR.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-08 08:16:52 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-04-03 10:46:01 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-03 10:24:24 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-03 10:27:48 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-08 15:57:17 C:\Windows\Tasks\User_Feed_Synchronization-{43F9941E-4F64-45E9-A231-05B618ACB3C9}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-04-08 18:49:27 C:\Windows\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-08 07:09:26 C:\Windows\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 19:49:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2008-04-08 19:51:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-08 18:51:37
Pre-Run: 411,240,566,784 bytes free
Post-Run: 411,817,721,856 bytes free
.
2008-04-03 10:35:39 --- E O F ---
rctmarsh
2008-04-09, 23:19
heres teh latest combo fix log :)
ComboFix 08-04-08.4 - JTickeR 2008-04-09 10:28:58.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1168 [GMT 1:00]
Running from: C:\Users\JTickeR\Desktop\ComboFix.exe
Command switches used :: C:\Users\JTickeR\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\d1.exe
C:\Windows\System32\hwyqetrw.ini
E:\autorun.exe
.
TimedOut: Windir.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-456210191\
C:\d1.exe
C:\Windows\System32\hwyqetrw.ini
C:\Windows\System32\svcdll
C:\Windows\System32\svcdll\BCAHGIJCHHCIJ.dll
C:\Windows\System32\svcdll\BCAHGIJFICJIG.dll
C:\Windows\System32\svcdll\BCAHGIJIIIGJE.dll
C:\Windows\System32\svcdll\BCAHGJABJEDHJ.dll
C:\Windows\System32\svcdll\BCAHGJAFAAAII.dll
C:\Windows\System32\svcdll\BCAHGJAIAFHHG.dll
C:\Windows\System32\svcdll\BCAHGJBBBBEID.dll
C:\Windows\System32\svcdll\BCAHGJBEBHBHD.dll
C:\Windows\System32\svcdll\BCAHGJBHCCIHJ.dll
E:\autorun.exe . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.
2008-04-08 22:35 . 2008-02-29 08:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-08 22:35 . 2008-02-29 08:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-08 22:35 . 2008-02-22 06:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-08 22:35 . 2008-02-29 07:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-08 22:35 . 2008-02-29 05:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 22:35 . 2008-02-29 07:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-08 22:35 . 2008-02-29 07:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 22:35 . 2008-02-29 08:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 22:35 . 2008-02-29 05:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 22:35 . 2008-02-29 07:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 22:34 . 2008-02-29 05:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-08 22:34 . 2008-02-22 03:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-08 22:34 . 2008-02-22 06:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-08 22:34 . 2008-02-22 05:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-08 16:13 . 2008-04-08 16:32 524,288 --ahs---- C:\ntuser.dat{d8db1852-057b-11dd-a9f1-f763869ee008}.TMContainer00000000000000000002.regtrans-ms
2008-04-08 16:13 . 2008-04-08 17:11 524,288 --ahs---- C:\ntuser.dat{d8db1852-057b-11dd-a9f1-f763869ee008}.TMContainer00000000000000000001.regtrans-ms
2008-04-08 16:13 . 2008-04-08 17:11 65,536 --ahs---- C:\ntuser.dat{d8db1852-057b-11dd-a9f1-f763869ee008}.TM.blf
2008-04-08 16:12 . 2008-04-08 16:53 262,144 --a------ C:\ntuser.dat
2008-04-08 16:12 . 2008-04-08 16:53 5,120 --ah----- C:\ntuser.dat.LOG1
2008-04-08 16:12 . 2008-04-08 16:13 0 --ah----- C:\ntuser.dat.LOG2
2008-04-08 11:39 . 2008-04-08 11:39 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-08 09:40 . 2008-04-08 09:41 162,364,583 --a------ C:\Windows\MEMORY.DMP
2008-04-08 09:26 . 2008-04-08 09:26 <DIR> d-------- C:\VundoFix Backups
2008-04-08 08:33 . 2008-04-08 16:30 585 --a------ C:\Windows\wininit.ini
2008-04-08 08:18 . 2008-04-08 08:57 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-08 08:18 . 2008-04-08 08:57 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-08 08:18 . 2008-04-08 08:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-08 02:27 . 2008-04-08 08:12 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-08 01:01 . 2008-04-08 01:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-08 01:01 . 2008-04-08 01:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-07 23:23 . 2008-04-07 23:33 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-07 18:26 . 2008-04-07 18:27 1,415,295 --a------ C:\SDFix.exe
2008-04-07 18:14 . 2008-04-07 20:23 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-07 17:06 . 2008-04-07 12:19 <DIR> d-------- C:\SDFix
2008-04-07 12:30 . 2008-04-07 12:30 <DIR> d-------- C:\Users\All Users\LightScribe
2008-04-07 12:30 . 2008-04-07 12:30 <DIR> d-------- C:\ProgramData\LightScribe
2008-04-07 09:30 . 2008-04-07 18:13 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-07 09:30 . 2008-04-07 18:13 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-07 09:30 . 2008-04-07 18:13 37,888 --a------ C:\Windows\System32\rar.exe
2008-04-07 09:21 . 2008-04-07 10:14 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\LimeWire
2008-04-07 09:19 . 2008-04-07 10:44 <DIR> d-------- C:\Program Files\Java
2008-04-07 09:17 . 2008-04-07 09:21 <DIR> d-------- C:\Program Files\LimeWire
2008-04-07 09:17 . 2008-04-07 09:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-07 09:09 . 2008-04-07 09:09 0 --a------ C:\-456210191
2008-04-07 09:05 . 2008-04-07 09:05 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\FlashFXP
2008-04-07 09:04 . 2008-04-07 19:28 <DIR> d-------- C:\Program Files\FlashFXP
2008-04-06 16:01 . 2008-04-06 16:01 <DIR> d-------- C:\Program Files\LucasArts
2008-04-06 10:37 . 2008-04-06 10:37 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-04-06 10:37 . 2008-04-06 10:37 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-04-06 10:37 . 2008-04-06 10:37 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-04-06 10:13 . 2008-03-18 15:31 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-04-04 13:39 . 2008-04-04 13:39 <DIR> dr-h----- C:\Users\JTickeR\AppData\Roaming\SecuROM
2008-04-04 13:39 . 2008-04-04 13:44 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-04-04 13:39 . 2008-04-04 13:39 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-04-04 01:33 . 2008-04-04 01:33 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-04 01:14 . 2008-04-08 01:53 69 --a------ C:\Windows\NeroDigital.ini
2008-04-04 00:13 . 2008-04-04 00:13 921,632 --a------ C:\PA7302.DAT
2008-04-03 23:42 . 2008-04-03 23:42 <DIR> d-------- C:\Windows\PixArt
2008-04-03 23:42 . 2008-04-03 23:42 <DIR> d-------- C:\Windows\Downloaded Installations
2008-04-03 23:42 . 2008-04-03 23:42 <DIR> d-------- C:\Program Files\Common Files\PAC7302
2008-04-03 23:42 . 2005-04-03 20:56 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2008-04-03 23:42 . 2007-05-08 10:11 291 --a------ C:\Windows\System32\Remover.ini
2008-04-03 23:41 . 2008-04-03 23:41 <DIR> d-------- C:\Windows\Album
2008-04-03 23:41 . 2008-04-03 23:41 <DIR> d-------- C:\Program Files\KYE
2008-04-03 12:49 . 2008-04-07 08:18 <DIR> d-------- C:\Program Files\EA GAMES
2008-04-03 11:27 . 2008-04-03 11:27 <DIR> d-------- C:\Users\All Users\Uniblue
2008-04-03 11:27 . 2008-04-03 11:27 <DIR> d-------- C:\ProgramData\Uniblue
2008-04-03 11:19 . 2008-04-03 11:26 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Uniblue
2008-04-03 11:19 . 2008-04-03 11:26 <DIR> d-------- C:\Program Files\Uniblue
2008-04-03 11:09 . 2008-04-04 21:09 <DIR> d-------- C:\Program Files\Windows Live
2008-04-03 11:09 . 2008-04-03 11:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 11:08 . 2008-04-03 11:22 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\MessengerGadget
2008-04-03 10:56 . 2008-04-03 10:56 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-03 10:55 . 2008-04-07 12:32 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\Ahead
2008-04-03 10:52 . 2008-04-03 10:52 <DIR> d-------- C:\Users\All Users\Nero
2008-04-03 10:52 . 2008-04-03 10:52 <DIR> d-------- C:\ProgramData\Nero
2008-04-03 10:52 . 2008-04-03 10:52 <DIR> d-------- C:\Program Files\Nero
2008-04-03 10:52 . 2008-04-03 10:56 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-03 10:39 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-04-03 10:26 . 2008-04-03 10:26 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-03 02:58 . 2008-04-03 02:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-03 00:50 . 2008-04-03 00:50 0 --a------ C:\Users\JTickeR\AppData\Roaming\wklnhst.dat
2008-04-03 00:40 . 2008-02-14 14:56 118,784 --a------ C:\Windows\System32\drivers\Rtlh86.sys
2008-04-03 00:39 . 2008-04-03 00:39 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\InstallShield
2008-04-03 00:39 . 2008-04-06 10:12 <DIR> d-------- C:\Program Files\Realtek
2008-04-03 00:38 . 2008-04-03 00:38 <DIR> d-------- C:\Windows\System32\Macromed
2008-04-02 23:08 . 2008-04-02 23:09 <DIR> d-------- C:\Users\All Users\Adobe
2008-04-02 23:08 . 2008-04-02 23:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-02 23:07 . 2008-04-02 23:07 <DIR> d-------- C:\Program Files\CCleaner
2008-04-02 23:00 . 2008-04-02 23:00 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\AdobeUM
2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\Users\All Users\PC Drivers Headquarters
2008-04-02 22:31 . 2008-04-02 22:31 <DIR> d-------- C:\ProgramData\PC Drivers Headquarters
2008-04-02 22:31 . 2008-04-07 08:18 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-02 22:29 . 2008-04-02 22:29 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-02 22:26 . 2008-04-08 22:58 <DIR> d-------- C:\Program Files\XAC
2008-04-02 22:23 . 2008-04-02 22:23 <DIR> d-------- C:\Users\JTickeR\AppData\Roaming\teamspeak2
2008-04-02 22:23 . 2008-04-02 22:23 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-02 22:23 . 2008-04-02 22:23 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-04-02 22:22 . 2008-04-04 21:06 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-02 22:22 . 2008-04-04 21:06 <DIR> d-------- C:\ProgramData\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 22:04 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 09:12 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-03 22:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-03 10:34 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-03 10:32 --------- d-----w C:\Program Files\Microsoft Small Business
2008-04-03 10:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-03 10:08 --------- d-----w C:\Program Files\Microsoft Works
2008-04-03 10:04 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-04-03 02:04 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-02 23:35 --------- d-----w C:\ProgramData\NVIDIA
2008-03-26 17:35 2,103,512 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-03-26 12:21 5,369,856 ----a-w C:\Windows\RtHDVCpl.exe
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-05 17:07 520,192 ----a-w C:\Windows\RtlExUpd.dll
2008-03-05 11:33 --------- d-----w C:\Program Files\CONEXANT
2008-02-27 20:18 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-02-27 12:25 315,392 ----a-w C:\Windows\HideWin.exe
2008-02-27 12:24 --------- d-----w C:\Program Files\Intel
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
2008-01-21 02:24 58,880 ----a-w C:\Windows\bfsvc.exe
2008-01-21 02:24 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:24 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-21 02:24 498,176 ----a-w C:\Windows\HelpPane.exe
2008-01-21 02:24 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-21 02:24 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2008-01-21 02:24 237,568 ----a-w C:\Windows\AppPatch\AcRedir.dll
2008-01-21 02:24 2,927,104 ----a-w C:\Windows\explorer.exe
2008-01-21 02:24 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-21 02:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-21 02:24 134,656 ----a-w C:\Windows\regedit.exe
2008-01-21 02:24 13,312 ----a-w C:\Windows\fveupdate.exe
2008-01-21 02:23 151,040 ----a-w C:\Windows\notepad.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-08_19.51.11.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 18:48:41 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-09 09:33:18 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-09 09:28:49 6,189,056 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-01-21 02:32:28 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-04-08 22:04:25 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-04-06 09:13:12 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-08 22:04:35 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-04-06 09:13:11 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-08 22:04:35 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-04-06 09:13:12 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-08 22:04:24 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-04-08 01:38:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-08 22:01:40 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-08 18:49:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-09 09:33:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-09 09:33:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-08 02:07:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-08 22:02:20 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-08 18:49:32 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-09 09:33:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-01-21 02:24:28 986,680 ----a-w C:\Windows\System32\Boot\winload.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\System32\Boot\winload.exe
- 2008-01-21 02:24:28 926,776 ----a-w C:\Windows\System32\Boot\winresume.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\System32\Boot\winresume.exe
- 2008-04-08 18:03:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-09 09:10:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-08 18:03:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-09 09:10:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-08 18:03:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-09 09:10:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-07 09:07:35 379,456 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-09 08:52:37 379,456 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-01-21 02:24:37 28,160 ----a-w C:\Windows\System32\jsproxy.dll
+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\System32\jsproxy.dll
- 2008-01-21 02:24:37 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
- 2008-03-05 07:30:56 19,148,408 ----a-w C:\Windows\System32\mrt.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
- 2008-01-21 02:23:53 3,578,368 ----a-w C:\Windows\System32\mshtml.dll
+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\System32\mshtml.dll
- 2008-01-21 02:24:25 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\System32\mstime.dll
- 2008-04-08 15:57:57 105,448 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-09 08:57:59 105,448 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-08 15:57:57 599,942 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-09 08:57:59 599,942 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-05 18:38:14 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-09 09:32:15 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-01-21 02:24:50 1,165,824 ----a-w C:\Windows\System32\urlmon.dll
+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\System32\urlmon.dll
- 2008-04-08 15:53:31 5,636 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4171906258-2298637555-2548841629-1003_UserData.bin
+ 2008-04-09 09:26:49 6,106 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4171906258-2298637555-2548841629-1003_UserData.bin
- 2008-04-08 15:53:31 79,466 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-09 09:26:47 79,704 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-08 15:53:30 34,782 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-09 09:26:46 34,838 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-04 20:48:18 122,294 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-08 22:04:46 14,166,507 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll
+ 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll
+ 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe
+ 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll
+ 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll
+ 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll
+ 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
+ 2008-01-21 02:09:48 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe
+ 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
+ 2008-01-21 02:09:48 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll
+ 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll
+ 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll
+ 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll
+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll
+ 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
+ 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
+ 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll
+ 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
+ 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
+ 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
+ 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll
+ 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll
+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll
+ 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
+ 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll
+ 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll
+ 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll
+ 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
+ 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll
+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll
+ 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll
+ 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll
+ 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
+ 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll
+ 2008-01-21 02:24:21 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll
+ 2008-01-21 02:24:21 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat
+ 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll
+ 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll
+ 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll
+ 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
+ 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
+ 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll
+ 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
+ 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe
+ 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
+ 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe
+ 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll
+ 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll
+ 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe
+ 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll
+ 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll
+ 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll
+ 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll
+ 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll
+ 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll
+ 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe
+ 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe
+ 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe
+ 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe
+ 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat
+ 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat
+ 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat
+ 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
+ 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
+ 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
+ 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
+ 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
+ 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
+ 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
+ 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
+ 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
+ 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
+ 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
+ 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
+ 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
+ 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
+ 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
+ 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-02 22:20 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 03:23 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 03:25 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 03:25 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 11:01 319488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9A79D6CC-DC2A-4630-AA30-ABC9E9A89AF6}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{39056367-D59F-4246-8233-70C36DF24C2F}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{996664F3-1004-4BCF-B51E-B3E44831BF9B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{31AC343A-C1EA-4BF1-AE6A-E1F8ACCF32F5}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{20EC4BDA-442D-428D-B378-4363CEEF83F4}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F110F3DD-70D2-437B-B3FA-B8945E88B341}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{F60E4134-188C-4A5B-BA16-7E8A38203F66}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080407.003\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 PAC7302;Eye 312;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-04-30 13:26]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
S2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 3xHybrid;3xHybrid service;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 06:34]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-06 19:58]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 03:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 03:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72565832-00e8-11dd-99b3-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 19:01:10 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - JTickeR.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-08 08:16:52 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-04-03 10:46:01 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-03 10:24:24 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-03 10:27:48 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-09 09:30:26 C:\Windows\Tasks\User_Feed_Synchronization-{43F9941E-4F64-45E9-A231-05B618ACB3C9}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-04-09 09:33:32 C:\Windows\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-08 07:09:26 C:\Windows\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 10:33:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2008-04-09 10:35:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-09 09:35:31
ComboFix2.txt 2008-04-08 18:51:42
The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 411,182,948,352 bytes free
.
2008-04-08 22:03:26 --- E O F ---