cruelfeline
2008-12-06, 00:37
Hello,
Here's the Combofix log:
ComboFix 08-12-05.02 - Sylvia Pawlinski 2008-12-05 17:30:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.427 [GMT -5:00]
Running from: d:\documents and settings\Sylvia Pawlinski\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Sylvia Pawlinski\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DC++
c:\program files\DC++\ADLSearch.xml
c:\program files\DC++\changelog.txt
c:\program files\DC++\dbghelp.dll
c:\program files\DC++\DCPlusPlus.chm
c:\program files\DC++\DCPlusPlus.exe
c:\program files\DC++\DCPlusPlus.pdb
c:\program files\DC++\DCPlusPlus.xml
c:\program files\DC++\dcppboot.xml
c:\program files\DC++\Example.xml
c:\program files\DC++\Favorites.xml
c:\program files\DC++\GeoIPCountryWhois.csv
c:\program files\DC++\HashData.dat
c:\program files\DC++\HashIndex.xml
c:\program files\DC++\HubLists\http___dchublist.com_hublist.xml.bz2
c:\program files\DC++\LICENSE-GeoIP.txt
c:\program files\DC++\License.txt
c:\program files\DC++\magnet.exe
c:\program files\DC++\Queue.xml
c:\program files\DC++\unicows.dll
c:\program files\DC++\unicows.pdb
c:\program files\DC++\uninstall.exe
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.2.exe
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\Incomplete\T-1200288-Tchaikovsky - The Nutcracker Suite - 6 - Chinese Dance.mp3
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\dht.dat
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\dht.dat.old
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\Doctor Who S04E12 The Stolen Earth [MM].avi.torrent
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\resume.dat
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\resume.dat.old
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\Samson and Sally (Danish with Slovene subs).VOB.torrent
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\Season 2.torrent
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\settings.dat
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\settings.dat.old
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\simsafari.zip.torrent
d:\documents and settings\Sylvia Pawlinski\Application Data\BitTorrent\Tr0phy Hunt3r 2003.nrg.torrent
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\certificate\limewire.keystore
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\createtimes.cache
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\downloads.dat
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\fileurns.bak
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\fileurns.cache
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\filters.props
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\gnutella.net
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\installation.props
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\library.dat
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\limewire.props
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\mojito.props
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\promotion\promodb.backup
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\promotion\promodb.data
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\promotion\promodb.properties
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\promotion\promodb.script
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\questions.props
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\responses.cache
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\simpp.xml
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\spam.dat
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\tables.props
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme.lwtp
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\01_star.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\02_star.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\03_star.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\04_star.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\05_star.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\chat.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\forward_up.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\kill.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\kill_on.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\logo.png
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\notsearching.png
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\pause_up.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\play_dn.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\play_up.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\question.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\searching.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\stop_up.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\theme.txt
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\version.txt
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\themes\windows_theme\warning.gif
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\ttrees.cache
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\ttroot.cache
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\version.xml
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\versions.props
d:\documents and settings\Sylvia Pawlinski\Application Data\LimeWire\xml\data\audio.sxml2
d:\documents and settings\Sylvia Pawlinski\Application Data\NI.GSCNS
d:\documents and settings\Sylvia Pawlinski\Application Data\NI.GSCNS\dl.ini
d:\documents and settings\Sylvia Pawlinski\Application Data\NI.GSCNS\settings.ini
d:\program files\BitTorrent
d:\program files\BitTorrent\bittorrent.exe
d:\program files\BitTorrent\BitTorrentIE.2.dll
d:\program files\BitTorrent\uninst.exe
d:\program files\DNA
d:\program files\DNA\btdna.exe
d:\program files\DNA\DNAcpl.cpl
d:\program files\DNA\plugins\npbtdna.dll
d:\windows\system32\~.exe
d:\windows\system32\d
d:\windows\system32\hdx
d:\windows\system32\ip
d:\windows\system32\vim
.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.
2008-12-02 02:33 . 2008-12-02 23:01 <DIR> d-------- d:\windows\system32\CatRoot_bak
2008-11-28 23:57 . 2008-11-28 23:57 <DIR> d-------- d:\program files\Trend Micro
2008-11-28 04:52 . 2008-11-28 04:51 410,976 --a------ d:\windows\system32\deploytk.dll
2008-11-28 01:19 . 2008-11-28 03:10 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2008-11-28 01:19 . 2008-12-02 02:14 <DIR> d-------- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 00:26 . 2008-11-29 23:13 <DIR> d-------- d:\program files\Common Files\PC Tools
2008-11-26 04:09 . 2008-11-26 04:09 <DIR> d-------- D:\VundoFix Backups
2008-11-26 03:24 . 2008-11-26 03:24 <DIR> d-------- d:\documents and settings\Sylvia Pawlinski\Application Data\Malwarebytes
2008-11-26 03:23 . 2008-11-28 01:18 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2008-11-26 03:23 . 2008-11-26 03:23 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 16:37 . 2008-11-23 16:37 <DIR> d-------- d:\program files\Viewpoint
2008-11-23 16:37 . 2008-11-23 16:37 <DIR> d-------- d:\documents and settings\All Users\Application Data\acccore
2008-11-23 16:36 . 2008-11-23 16:36 <DIR> d-------- d:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-17 20:45 . 2008-11-17 20:45 4,096 --a------ d:\windows\d3dx.dat
2008-11-17 19:00 . 2008-11-29 23:13 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
2008-11-12 04:09 . 2008-11-12 04:09 <DIR> d-------- d:\program files\Cornell University
2008-11-10 19:31 . 2008-11-10 19:31 <DIR> d-------- d:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 22:32 --------- d-----w d:\documents and settings\Sylvia Pawlinski\Application Data\Skype
2008-12-05 21:18 --------- d-----w d:\program files\Electronic Arts
2008-12-05 16:30 --------- d-----w d:\program files\Symantec AntiVirus
2008-12-05 16:30 --------- d-----w d:\documents and settings\Sylvia Pawlinski\Application Data\skypePM
2008-12-04 22:37 --------- d--h--w d:\program files\InstallShield Installation Information
2008-12-04 08:36 --------- d-----w d:\documents and settings\Sylvia Pawlinski\Application Data\IGN_DLM
2008-12-04 05:51 98,304 ----a-w d:\windows\system32\CmdLineExt.dll
2008-12-03 21:56 --------- d-----w d:\program files\Java
2008-11-23 21:37 --------- d-----w d:\program files\AIM6
2008-11-23 21:37 --------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint
2008-11-05 04:57 --------- d-----w d:\program files\Deer Hunter Tournament
2008-10-29 06:27 --------- d-----w d:\program files\TAMU
2008-10-26 17:48 --------- d-----w d:\documents and settings\Deer Hunter Server\Application Data\ATI
2008-10-25 06:38 --------- d-----w d:\documents and settings\Sylvia Pawlinski\Application Data\gtk-2.0
2008-10-24 11:10 453,632 ----a-w d:\windows\system32\drivers\mrxsmb.sys
2008-10-22 06:38 --------- d-----w d:\program files\SystemRequirementsLab
2008-10-22 06:38 --------- d-----w d:\documents and settings\Sylvia Pawlinski\Application Data\SystemRequirementsLab
2008-10-22 05:39 --------- d-----w d:\documents and settings\Sylvia Pawlinski\Application Data\QuosaDDM
2008-10-20 21:54 --------- d-----w d:\program files\Infogrames
2008-10-18 06:22 --------- d-----w d:\program files\ATI Technologies
2008-10-17 19:42 --------- d-----w d:\program files\iTunes
2008-10-17 19:42 --------- d-----w d:\program files\iPod
2008-10-17 19:42 --------- d-----w d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 19:41 --------- d-----w d:\program files\QuickTime
2008-10-17 19:41 --------- d-----w d:\program files\Bonjour
2008-10-17 04:06 --------- d-----w d:\documents and settings\Sylvia Pawlinski\Application Data\SPORE
2008-10-16 19:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w d:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w d:\windows\system32\muweb.dll
2008-10-15 03:53 --------- d-----w d:\program files\RXL
2008-10-07 05:14 --------- d-----w d:\program files\Deer Hunter 5 Demo
2008-10-07 04:48 --------- d-----w d:\program files\Download Manager
2008-09-30 21:43 1,286,152 ----a-w d:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w d:\windows\system32\win32k.sys
2008-09-07 21:22 5,208 ----a-w d:\windows\system32\ealregsnapshot1.reg
2007-07-26 20:01 114,688 ----a-w d:\program files\internet explorer\plugins\ChimeShim.dll
1999-06-24 23:06 53,248 ----a-r d:\program files\internet explorer\plugins\MSIMG32.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-12-02_ 2.34.27.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w d:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w d:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w d:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w d:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w d:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w d:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w d:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w d:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w d:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w d:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w d:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w d:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w d:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w d:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w d:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w d:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w d:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w d:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w d:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w d:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w d:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w d:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w d:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w d:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w d:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w d:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w d:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w d:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w d:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w d:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
- 2006-05-05 09:41:45 453,120 ------w d:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w d:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:53:04 2,137,600 ------w d:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ------w d:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 ------w d:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ------w d:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 ------w d:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ------w d:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 ------w d:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ------w d:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-04-23 04:16:28 124,928 -c----w d:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w d:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w d:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w d:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w d:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w d:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w d:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w d:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w d:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w d:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w d:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w d:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w d:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w d:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w d:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w d:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w d:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w d:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w d:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-04-24 02:16:30 3,591,680 -c----w d:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w d:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w d:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w d:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w d:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w d:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w d:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w d:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w d:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w d:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-04-23 04:16:30 233,472 -c----w d:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w d:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2006-10-27 01:12:56 396,592 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MOC.EXE
+ 2007-05-08 16:10:18 16,874,376 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\MSO.DLL
+ 2007-03-21 23:56:50 8,425,856 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OARTCONV.DLL
+ 2006-10-27 20:18:34 1,658,152 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OGL.DLL
+ 2007-05-10 14:04:28 846,248 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\OICE.EXE
+ 2007-05-10 15:11:42 1,767,256 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2007-03-22 00:00:06 72,096 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
+ 2007-03-21 23:58:40 4,145,520 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CNV.DLL
+ 2007-03-21 23:58:46 24,416 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12EXE.EXE
+ 2007-05-10 15:25:40 14,677,368 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
+ 2007-09-15 02:45:58 16,901,168 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-29 05:19:24 1,654,648 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 10:00:34 1,767,768 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PPCNV.DLL
+ 2007-08-24 10:00:48 72,096 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\PXBCOM.EXE
+ 2007-10-03 01:00:06 14,708,760 ----a-r d:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-04-19 17:09:30 167,256 ----a-r d:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-05-31 17:35:22 6,420,320 ----a-r d:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2008-12-03 06:53:14 32,768 ----a-r d:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-07-09 14:48:17 593,920 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-12-03 06:55:20 593,920 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-07-09 14:48:17 12,288 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-03 06:55:20 12,288 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-09 14:48:17 86,016 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-12-03 06:55:20 86,016 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-07-09 14:48:17 135,168 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-03 06:55:20 135,168 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-09 14:48:18 11,264 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-03 06:55:20 11,264 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-09 14:48:18 27,136 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-03 06:55:20 27,136 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-09 14:48:18 4,096 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-03 06:55:20 4,096 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-09 14:48:18 794,624 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-03 06:55:20 794,624 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-09 14:48:17 249,856 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-03 06:55:20 249,856 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-09 14:48:17 61,440 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-12-03 06:55:20 61,440 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-09 14:48:18 23,040 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-03 06:55:20 23,040 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-09 14:48:17 286,720 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-03 06:55:20 286,720 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-09 14:48:17 409,600 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-03 06:55:20 409,600 ----a-r d:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-11-11 00:32:24 38,240 ----a-r d:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-03 06:57:57 38,240 ----a-r d:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-04-23 04:16:28 124,928 ----a-w d:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w d:\windows\system32\advpack.dll
- 2008-04-23 04:16:28 124,928 -c----w d:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w d:\windows\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 -c--a-w d:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w d:\windows\system32\dllcache\afd.sys
- 2007-07-31 00:19:20 92,504 -c--a-w d:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w d:\windows\system32\dllcache\cdm.dll
- 2008-04-23 04:16:28 347,136 -c--a-w d:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c--a-w d:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c----w d:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w d:\windows\system32\dllcache\dxtrans.dll
- 2005-07-26 04:39:45 243,200 -c--a-w d:\windows\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 -c--a-w d:\windows\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 -c----w d:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c----w d:\windows\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 -c----w d:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w d:\windows\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 -c----w d:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c----w d:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c----w d:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c----w d:\windows\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c----w d:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c----w d:\windows\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c----w d:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w d:\windows\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 -c----w d:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w d:\windows\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 -c----w d:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c----w d:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 -c----w d:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w d:\windows\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 -c----w d:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c----w d:\windows\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 -c----w d:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w d:\windows\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 -c----w d:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w d:\windows\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 -c----w d:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w d:\windows\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c--a-w d:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w d:\windows\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 -c----w d:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c----w d:\windows\system32\dllcache\jsproxy.dll
- 2006-05-05 09:41:45 453,120 -c----w d:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w d:\windows\system32\dllcache\mrxsmb.sys
- 2004-08-04 10:00:00 331,776 -c--a-w d:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w d:\windows\system32\dllcache\msadce.dll
- 2005-06-29 01:46:00 74,240 -c--a-w d:\windows\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 -c--a-w d:\windows\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 -c----w d:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w d:\windows\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 -c----w d:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w d:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-24 02:16:30 3,591,680 -c----w d:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w d:\windows\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c----w d:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w d:\windows\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 -c----w d:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c----w d:\windows\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c----w d:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c----w d:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 -c--a-w d:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c--a-w d:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c--a-w d:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w d:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:53:04 2,137,600 -c----w d:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 -c----w d:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 -c----w d:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 -c----w d:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 -c----w d:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 -c----w d:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 -c----w d:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 -c----w d:\windows\system32\dllcache\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 -c----w d:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c----w d:\windows\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c--a-w d:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c--a-w d:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c--a-w d:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w d:\windows\system32\dllcache\srv.sys
- 2008-04-23 04:16:28 105,984 -c----w d:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w d:\windows\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c----w d:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w d:\windows\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 -c----w d:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w d:\windows\system32\dllcache\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 -c--a-w d:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c--a-w d:\windows\system32\dllcache\win32k.sys
- 2008-04-23 04:16:29 826,368 -c----w d:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w d:\windows\system32\dllcache\wininet.dll
- 2007-07-31 00:19:36 549,720 -c--a-w d:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w d:\windows\system32\dllcache\wuapi.dll
- 2007-07-31 00:19:16 53,080 -c--a-w d:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w d:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 -c--a-w d:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w d:\windows\system32\dllcache\wuaueng.dll
- 2007-07-31 00:19:32 325,976 -c--a-w d:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w d:\windows\system32\dllcache\wucltui.dll
- 2007-07-31 00:18:40 33,624 -c--a-w d:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w d:\windows\system32\dllcache\wups.dll
- 2007-07-31 00:19:46 203,096 -c--a-w d:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w d:\windows\system32\dllcache\wuweb.dll
- 2008-06-20 10:44:38 138,368 ----a-w d:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w d:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 ----a-w d:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w d:\windows\system32\drivers\srv.sys
- 2008-04-23 04:16:28 347,136 ----a-w d:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w d:\windows\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w d:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w d:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w d:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w d:\windows\system32\es.dll
- 2008-04-23 04:16:28 133,120 ------w d:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ------w d:\windows\system32\extmgr.dll
- 2008-11-11 16:46:27 141,240 ----a-w d:\windows\system32\FNTCACHE.DAT
+ 2008-12-02 22:07:52 141,240 ----a-w d:\windows\system32\FNTCACHE.DAT
- 2008-04-23 04:16:28 63,488 ----a-w d:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w d:\windows\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ------w d:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ------w d:\windows\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ------w d:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w d:\windows\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w d:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w d:\windows\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ------w d:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w d:\windows\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w d:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w d:\windows\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w d:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w d:\windows\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w d:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w d:\windows\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w d:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w d:\windows\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w d:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w d:\windows\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w d:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w d:\windows\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w d:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w d:\windows\system32\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ------w d:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ------w d:\windows\system32\jsproxy.dll
+ 2008-11-04 00:10:25 17,318,336 ----a-w d:\windows\system32\MRT.exe
- 2005-06-29 01:46:00 74,240 ----a-w d:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w d:\windows\system32\mscms.dll
- 2008-04-23 04:16:28 459,264 ----a-w d:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w d:\windows\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w d:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w d:\windows\system32\msfeedsbs.dll
- 2008-04-24 02:16:30 3,591,680 ----a-w d:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w d:\windows\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w d:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w d:\windows\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ------w d:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ------w d:\windows\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ------w d:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ------w d:\windows\system32\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w d:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w d:\windows\system32\msxml3.dll
- 2007-05-15 20:43:10 1,320,800 ----a-w d:\windows\system32\msxml6.dll
+ 2008-08-30 01:06:44 1,350,664 ----a-w d:\windows\system32\msxml6.dll
- 2006-08-17 12:28:27 332,288 ----a-w d:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w d:\windows\system32\netapi32.dll
- 2007-02-28 09:16:00 2,017,280 ----a-w d:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w d:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:53:04 2,137,600 ----a-w d:\windows\system32\ntoskrnl.exe
+ 2008-08-14 09:55:01 2,142,720 ----a-w d:\windows\system32\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 ------w d:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w d:\windows\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w d:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w d:\windows\system32\pngfilt.dll
+ 2008-07-19 03:10:20 36,552 ----a-w d:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w d:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 03:10:40 45,768 ----a-w d:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w d:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 12:39:22 17,272 ------w d:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w d:\windows\system32\spmsg.dll
- 2008-12-02 07:29:35 15,820 ----a-w d:\windows\system32\tablet.dat
+ 2008-12-05 16:29:46 15,820 ----a-w d:\windows\system32\tablet.dat
- 2007-11-13 11:31:11 60,416 ------w d:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w d:\windows\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w d:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w d:\windows\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w d:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w d:\windows\system32\urlmon.dll
- 2008-04-23 04:16:30 233,472 ----a-w d:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w d:\windows\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w d:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w d:\windows\system32\wininet.dll
- 2006-10-19 01:47:20 295,936 ------w d:\windows\system32\wmpeffects.dll
+ 2008-06-24 22:12:58 295,936 ------w d:\windows\system32\wmpeffects.dll
+ 2008-12-05 16:29:35 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w d:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w d:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2006-12-02 03:56:00 96,256 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:08:00 40,960 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w d:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w d:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 39,792 2007-10-11 00:51:56 d:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-12 03:16:38 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
----a-w 52,840 2006-11-21 22:38:28 d:\program files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 52,840 2006-11-21 22:38:28 d:\program files\Common Files\Symantec Shared\ccApp.exe
----a-w 267,048 2007-12-11 17:10:26 d:\program files\iTunes\bak\iTunesHelper.exe
----a-w 289,576 2008-10-01 22:57:12 d:\program files\iTunes\iTunesHelper.exe
----a-w 132,496 2007-09-25 06:11:35 d:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 286,720 2007-12-11 15:56:54 d:\program files\QuickTime\bak\QTTask.exe
----a-w 413,696 2008-09-06 19:09:14 d:\program files\QuickTime\QTTask.exe
----a-w 125,632 2007-03-15 00:49:02 d:\program files\Symantec AntiVirus\bak\VPTray.exe
----a-w 125,632 2007-03-15 00:49:02 d:\program files\Symantec AntiVirus\VPTray.exe
----a-w 15,360 2004-08-04 10:00:00 d:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 10:00:00 d:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"igndlm.exe"="d:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"Aim6"="" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"SigmatelSysTrayApp"="d:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ISUSPM"="d:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ATICCC"="d:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - d:\windows\system32\WTablet\TabUserW.exe [2008-01-10 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-21 13:07 2752512 d:\program files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
d:\program files\LClock\LClock.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
d:\program files\ViOrb\ViOrb.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
d:\program files\Vista Sidebar\sidebar.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
d:\program files\ViStart\ViStart.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Games\\Viva Pinata\\Viva Pinata.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Atari\\Deer Hunter 2005\\DH2005.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Deer Hunter Tournament\\DHT.exe"=
"d:\\Program Files\\Deer Hunter Tournament\\Updater.exe"=
"d:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"d:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"23460:TCP"= 23460:TCP:DHT TCP
"23460:UDP"= 23460:UDP:DHT UDP
R2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" [2008-11-23 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-16 99376]
S1 atitray;atitray;\??\d:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
S3 SavRoam;SAVRoam;"d:\program files\Symantec AntiVirus\SavRoam.exe" [2007-03-14 116416]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba86f6e8-291d-11dd-8f05-001302a93faf}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2008-11-28 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uportal.cornell.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
d:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
d:\windows\Downloaded Program Files\SysReqLab3.osd
O16 -: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
d:\windows\Downloaded Program Files\scanner.inf
FireFox -: Profile - d:\documents and settings\Sylvia Pawlinski\Application Data\Mozilla\Firefox\Profiles\bx9cqs1j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://uportal.cornell.edu/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 17:32:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(896)
d:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-05 17:33:38
ComboFix-quarantined-files.txt 2008-12-05 22:33:36
ComboFix2.txt 2008-12-02 07:36:21
Pre-Run: 5,992,226,816 bytes free
Post-Run: 5,925,064,704 bytes free
733 --- E O F --- 2008-12-03 06:57:59
Thanks,
CF