Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got The Bagle Worm - Used The Combo Fix Seems Ok But...


  • Please log in to reply
1 reply to this topic

#1 ArkaPro

ArkaPro

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 08 July 2008 - 09:48 AM

Hi all!

Damn Win32/Bagle.PA!

I had all kind of errors: IE crashes, connection sharing failures and one time my nod32 just crashed and I couldn't make it work.
I came to the Combofix tool.

Ran it, and now things are working again - for time being. but I'm afraid that the other PC that I use on the same LAN maybe got infected too and will infect my first PC again.

The reason that I don't just run the COMBO FIX on the other PC is because its my work PC (I'm an editor) and I don't want to run something that may harm that PC. The combo fix clearly mentions that it is possible that the machine will not boot properly again - and I cant take that chance - with the Work PC.

By the way I think I found the damn file that got me infected.

File X:\Dloaded\Wondershare_PPT_to_Flash_Studio_2.9.8_[Key].zip is infected with worm Win32/Bagle.PA. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed.


I deleted it now...

By the way can you recommend on a good registry cleaner, and system optimizer.


Anyhow.. here is the LOG.TXT

Please tell me if I'm clean and what to do next - thanks guys

ComboFix 08-07-05.1 - Ariel 07/08/2008 4:21:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.791 [GMT 2:00]
Running from: C:\Documents and Settings\Ariel\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
.
---- Previous Run -------
.
C:\Documents and Settings\Ariel\Application Data\inst.exe
C:\Documents and Settings\Ariel\Application Data\m
C:\Documents and Settings\Ariel\Application Data\m\data.oct
C:\Documents and Settings\Ariel\Application Data\m\list.oct
C:\Documents and Settings\Ariel\Application Data\m\shared
C:\Documents and Settings\Ariel\Application Data\m\shared\Use Simulator Pre for Agenda Fusion 7 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UseBestMail Personal Edition 1.0.1.4.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USEC Radix 1.0.0.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UsedFonts 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Useful File Utilities 3.2.3.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Useful Launcher 7.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Useful Stuff 123 Toolbar 4.5.134.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Useful Stuff 123 Toolbar for Firefox 1.5.0.6.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UsefulRest (former Protector of Health) 2.7a Build 122.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UsefulRest 2.7a Build 122.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UsefulUtils CD&DVD Discs Studio 2.0.8.3750.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Usenet Explorer 1.9.7.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Usenet Junkie 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USENET Message Poster 2003 1.1.5.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Usenet Newsreader Benchmark 0.9.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Usenet Radio 1 build 25.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UsenetGrab! 3.8.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UseNeXT 4.34.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UseOffice .Net 1.0.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Account Manager 4.05.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Agent Switcher 0.6.10.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Commander 1.3 D.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Control 5.510.0.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Finder 2.2.0.44.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Management Resource Administrator 7.6 Build 1302.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Manager 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Manager Pro 6.52.060330.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Mode Process Dumper 8.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Monitor 2.10.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Password Saver 2.1.14.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Time Administrator 4.4.4.6.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Time Control Center 4.4.5.7.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\User Tracker 2.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Userbase - Software Sales Tracking 1.5.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserDump 2.02.00.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserFriendly Cartoon Viewer 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserGate 4.3.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserGate Proxy Server 4.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserHealth 1.3.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserInfoTip 0.7.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserLock 3.5.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserManagemeNT Lite 5.4 Build 1853.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserMonitor 1.7.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserName 1.0.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserQ 8.88.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserRights 1.01.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserSpace 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserSpace for Netware 1.3.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserTable 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserTime 1.2.005.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UserToolInfo 0.7.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UseShots Editor 0.5.0.53 Beta.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USFlagss1 Screen Saver 1.04.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USGS Earthquake RSS Feed Reader 1.0.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USGS.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Using System Restore 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\usingGuestBook 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Usingit Image Resizer 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UsingIT PHP Web Calendar 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UsingIT Web Content Management 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USIslandDoppler! 2.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USkin 2.2.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USMProLib 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Uspell 1.0.84.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPExpress Math Parser .NET 1.5.3.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPExpress Parser Pro 1.1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Address Validation Tool 1.27.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Address Verifier! 1.7.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Carrier Pickup Tool 1.25.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Customs Forms Tool 1.26.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Delivery Confirmation Tool 1.28.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Electronic Merchandise Return Tool 1.28.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Express Mail Tool 1.28.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Postnet Fonts 3.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Rating Tool 1.28.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Signature Confirmation Tool 1.32.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Time In Transit 1.27.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USPS Tracking Tool 1.32.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\usrStats 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\USS Monitor 0.0.7.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Uta Tiels Web Cam 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utah Jazz 2.0.2.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utah Jazz Schedule 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utah Traffic 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UtawaNET Utilities 2003.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UTC 1.1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UTC Clock 1.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Ute 1.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UTGrade 2.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utiliphoto Easy 2.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utilities for .NET (U4N) 1.2.0.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utility Demon 2.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utility Library 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utility Phone 1.5.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utility Ping 2.1.2.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utilize! 1.0.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UtilMind Startup Manager 1.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UTM for Windows 5.1.10-016.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UTool 1.10.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utopia Chat System 8.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utopia Clock Screensaver 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utopia Imp 0.14.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UtopiaClan toolbar for Firefox 1.5.0.3.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UtopiaClan toolbar for IE 4.5.132.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utore LottoCracker 1.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utralshareware Ultra PDF Printer 2.0.2008.322.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Utros Raduga 1.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\uTubeDownloader 1.0.0.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UU Timing Tasker 2.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UUID Vault 1.2.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UUMerge Freeware Edition 1.02.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UUPan 1.0.20061615.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UUWorker 1.0 Pre-Alpha.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UV Index 0.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UV Template Bitmap Exporter 1.0.3.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UVC 5.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\uViewIt 1.9.56.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\uvLayer.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UvLog 0.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\uvPlayer 2.1.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UvScreenCamera 2.5.0.46.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UVU Media Player Plugin 2 Beta.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\uvVisualizator 1.1.0.6.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\uWatchIt 1.50.0.153 Beta.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UWin Installer 3.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\uWinamp Notifier 1.28.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\Uxtheme Multi-patcher 6.0.zip
C:\Documents and Settings\Ariel\Application Data\m\shared\UxTheme Patch for Windows 7.zip
C:\Documents and Settings\Ariel\Application Data\m\srvlist.oct
C:\WINDOWS\17PHolmes2000206.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\14796390.exe
C:\WINDOWS\system32\drivers\downld\14797859.exe
C:\WINDOWS\system32\drivers\downld\14831765.exe
C:\WINDOWS\system32\drivers\downld\14995796.exe
C:\WINDOWS\system32\drivers\downld\14997656.exe
C:\WINDOWS\system32\drivers\downld\15014578.exe
C:\WINDOWS\system32\drivers\downld\15023937.exe
C:\WINDOWS\system32\drivers\downld\15030843.exe
C:\WINDOWS\system32\drivers\downld\15038312.exe
C:\WINDOWS\system32\drivers\downld\15040171.exe
C:\WINDOWS\system32\drivers\downld\15051359.exe
C:\WINDOWS\system32\drivers\downld\15064296.exe
C:\WINDOWS\system32\drivers\downld\15076359.exe
C:\WINDOWS\system32\drivers\downld\15078671.exe
C:\WINDOWS\system32\drivers\downld\15078859.exe
C:\WINDOWS\system32\drivers\downld\15090750.exe
C:\WINDOWS\system32\drivers\downld\15100203.exe
C:\WINDOWS\system32\drivers\downld\15151046.exe
C:\WINDOWS\system32\drivers\downld\15154703.exe
C:\WINDOWS\system32\drivers\downld\15168890.exe
C:\WINDOWS\system32\drivers\downld\15183390.exe
C:\WINDOWS\system32\drivers\downld\15202812.exe
C:\WINDOWS\system32\drivers\downld\209640.exe
C:\WINDOWS\system32\drivers\downld\210984.exe
C:\WINDOWS\system32\drivers\downld\216500.exe
C:\WINDOWS\system32\drivers\downld\219968.exe
C:\WINDOWS\system32\drivers\downld\221250.exe
C:\WINDOWS\system32\drivers\downld\233906.exe
C:\WINDOWS\system32\drivers\downld\234500.exe
C:\WINDOWS\system32\drivers\downld\241359.exe
C:\WINDOWS\system32\drivers\downld\245750.exe
C:\WINDOWS\system32\drivers\downld\261125.exe
C:\WINDOWS\system32\drivers\downld\261656.exe
C:\WINDOWS\system32\drivers\downld\265078.exe
C:\WINDOWS\system32\drivers\downld\295468.exe
C:\WINDOWS\system32\drivers\downld\330281.exe
C:\WINDOWS\system32\drivers\downld\354328.exe
C:\WINDOWS\system32\drivers\downld\368625.exe
C:\WINDOWS\system32\drivers\downld\370234.exe
C:\WINDOWS\system32\drivers\downld\385875.exe
C:\WINDOWS\system32\drivers\downld\387390.exe
C:\WINDOWS\system32\drivers\downld\423906.exe
C:\WINDOWS\system32\drivers\downld\433546.exe
C:\WINDOWS\system32\drivers\downld\440906.exe
C:\WINDOWS\system32\drivers\downld\450312.exe
C:\WINDOWS\system32\drivers\downld\458375.exe
C:\WINDOWS\system32\drivers\downld\470265.exe
C:\WINDOWS\system32\drivers\downld\473546.exe
C:\WINDOWS\system32\drivers\downld\488250.exe
C:\WINDOWS\system32\drivers\downld\492046.exe
C:\WINDOWS\system32\drivers\downld\517453.exe
C:\WINDOWS\system32\drivers\downld\536593.exe
C:\WINDOWS\system32\drivers\downld\547734.exe
C:\WINDOWS\system32\drivers\downld\570546.exe
C:\WINDOWS\system32\drivers\downld\589375.exe
C:\WINDOWS\system32\drivers\downld\589453.exe
C:\WINDOWS\system32\drivers\downld\601453.exe
C:\WINDOWS\system32\drivers\downld\617687.exe
C:\WINDOWS\system32\drivers\downld\632437.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wmodmos.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 02:31 --------- d-----w C:\Documents and Settings\Ariel\Application Data\Orbit
2008-07-08 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-07-08 01:35 --------- d-----w C:\Program Files\Orbitdownloader
2008-07-06 21:10 --------- d-----w C:\Documents and Settings\Ariel\Application Data\Skype
2008-06-30 22:15 --------- d-----w C:\Program Files\PPT2Flash Professional
2008-06-29 11:38 --------- d-----w C:\Program Files\ESET
2008-06-29 10:02 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-29 10:02 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-06-29 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-29 09:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-24 00:58 --------- d-----w C:\Program Files\WS_FTP Professional
2008-06-22 19:28 --------- d-----w C:\Program Files\PPT2FlashConverter
2008-06-22 11:17 --------- d-----w C:\Documents and Settings\Ariel\Application Data\Vso
2008-06-17 14:15 --------- d-----w C:\Documents and Settings\Ariel\Application Data\InternetCalls
2008-06-17 11:50 --------- d-----w C:\Documents and Settings\Ariel\Application Data\GrabPro
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 15:17 --------- d-----w C:\Program Files\Common Files\NSV
2008-06-04 09:57 --------- d-----w C:\Documents and Settings\Ariel\Application Data\uTorrent
2008-05-25 08:18 --------- d-----w C:\Program Files\Winamp
2008-05-21 14:39 --------- d-----w C:\Program Files\Last.fm
2008-05-21 14:02 --------- d-----w C:\Program Files\XSite Pro
2008-05-21 13:57 236,557 ----a-w C:\WINDOWS\XSite Pro Uninstaller.exe
2008-05-21 13:57 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-05-19 14:16 --------- d-----w C:\Program Files\Google
2008-05-18 22:49 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-18 22:49 47,360 ----a-w C:\Documents and Settings\Ariel\Application Data\pcouffin.sys
2008-05-18 22:49 --------- d-----w C:\Program Files\VSO
2008-05-14 21:07 --------- d-----w C:\Documents and Settings\Ariel\Application Data\U3
2008-05-12 17:41 --------- d-----w C:\Program Files\Super_DVD_Creator_9.5
2008-05-12 17:03 --------- d-----w C:\Program Files\DivX
2008-05-12 16:34 --------- d-----w C:\Program Files\dvdSanta
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2007-05-08 13:27 1,056 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

04/20/2006 02:18 PM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
10/30/2007 06:53 PM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
08/04/2004 02:00 PM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
04/20/2006 01:51 PM 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
02/04/2008 04:25 PM 360064 ef7834c1d9ddf4c7da697d8c24a03791 C:\WINDOWS\system32\dllcache\tcpip.sys
02/04/2008 04:25 PM 360064 ef7834c1d9ddf4c7da697d8c24a03791 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@Sun 06-29-2008_ 5.24.16.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-26 16:15:02 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-06-29 10:28:25 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2007-03-26 16:15:23 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2008-06-29 10:28:49 4,174,336 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2007-03-26 16:15:24 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2008-06-29 10:28:47 346,624 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2007-03-26 16:15:02 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2008-06-29 10:28:25 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2007-03-26 16:15:22 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2008-06-29 10:28:15 602,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2007-03-26 16:15:22 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2008-06-29 10:28:50 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2007-03-26 16:15:24 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2008-06-29 10:28:41 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2007-03-26 16:15:24 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2008-06-29 10:28:41 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2007-03-26 16:15:24 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2008-06-29 10:28:40 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2007-03-26 16:15:24 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2008-06-29 10:28:40 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2007-03-26 16:15:23 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2008-06-29 10:28:35 5,210,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2007-03-26 16:15:23 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2008-06-29 10:28:34 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2007-03-26 16:15:24 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2008-06-29 10:28:48 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2007-03-26 16:15:02 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2008-06-29 10:28:28 102,400 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2007-03-26 16:15:02 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2008-06-29 10:28:58 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2007-03-26 16:15:02 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2008-06-29 10:28:58 430,080 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2007-03-26 16:15:03 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2008-06-29 10:28:25 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2007-03-26 16:15:03 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2008-06-29 10:28:24 929,792 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2007-03-26 16:15:05 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2008-06-29 10:28:15 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2007-03-26 16:15:05 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2008-06-29 10:28:15 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2007-03-26 16:15:03 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2008-06-29 10:28:22 5,971,968 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2007-03-26 16:15:24 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2008-06-29 10:28:14 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2007-03-26 16:19:01 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2008-06-29 10:28:53 1,152,040 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
- 2007-03-26 16:19:01 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2008-06-29 10:28:53 1,635,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2007-03-26 16:19:01 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2008-06-29 10:28:53 578,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2007-03-26 16:15:23 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2008-06-29 10:28:13 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2007-03-26 16:15:23 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2008-06-29 10:28:13 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2007-03-26 16:15:23 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2008-06-29 10:28:47 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2007-03-26 16:15:23 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2008-06-29 10:28:47 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2007-03-26 16:15:22 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2008-06-29 10:28:46 1,204,224 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2007-03-26 16:15:24 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-06-29 10:28:13 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2008-06-29 11:50:03 503,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
+ 2008-06-29 11:50:07 1,232,896 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e3dce636e798c53ec2b44d1d4aadb850\Microsoft.Transactions.Bridge.ni.dll
+ 2008-06-29 11:50:10 401,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f3902a808549b40d648206c9303f2788\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-06-29 11:50:25 1,581,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\ab2b2664932688ae7c8e0bd9d10448ef\PresentationBuildTasks.ni.dll
+ 2008-06-29 10:35:43 40,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3df824565150953afd560ca20237b881\PresentationCFFRasterizer.ni.dll
+ 2008-06-29 10:35:36 12,570,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\011f8e31d197b4ccb6a61c2267a38e5c\PresentationCore.ni.dll
+ 2008-06-29 10:33:45 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
+ 2008-06-29 10:38:27 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36c6cfd5d4e80d5c548f823b2bbf5457\PresentationFramework.Aero.ni.dll
+ 2008-06-29 10:38:36 552,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3f18bff5107c9a8accae6c248fdf3c2e\PresentationFramework.Luna.ni.dll
+ 2008-06-29 10:37:51 15,036,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60421dda88800b14dc101ed9dca422fe\PresentationFramework.ni.dll
+ 2008-06-29 10:38:39 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\81d2540bc1c18190d0431d9a61bee65b\PresentationFramework.Royale.ni.dll
+ 2008-06-29 10:38:32 245,760 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9df61ec7aad39fe0bac82139cd84e5e5\PresentationFramework.Classic.ni.dll
+ 2008-06-29 10:38:10 2,035,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\6d2716a55eb8ce6fc4cbf83f3ab329e3\PresentationUI.ni.dll
+ 2008-06-29 10:38:18 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\840c64bba900a6ed333ca39e63a9ca3b\ReachFramework.ni.dll
+ 2008-06-29 11:50:12 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
+ 2008-06-29 11:50:14 299,008 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\169ba2fe1a4d87ede3ab8dd3d44d867e\SMDiagnostics.ni.dll
+ 2008-06-29 11:50:16 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
+ 2008-06-29 11:48:57 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\492d16599426c7ab35ad2c499a9d4ae6\System.IdentityModel.Selectors.ni.dll
+ 2008-06-29 11:10:25 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bdd94a4c46e4424787dfed9381196cb3\System.IdentityModel.ni.dll
+ 2008-06-29 11:49:01 417,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e1e6aa5272543f1d9dad98be897b693e\System.IO.Log.ni.dll
+ 2008-06-29 10:38:23 1,134,592 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\f94fbbe7d7c6e76d02cd9fb94ee8d910\System.Printing.ni.dll
+ 2008-06-29 11:49:09 2,445,312 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e27527e67611d8acc0d8dff6d286af23\System.Runtime.Serialization.ni.dll
+ 2008-06-29 11:50:00 18,071,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\350903c091629396c08742c996c1caba\System.ServiceModel.ni.dll
+ 2008-06-29 11:50:39 2,039,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d4147c99010667b5c547fcfc56ed7bd5\System.Speech.ni.dll
+ 2008-06-29 11:50:49 3,084,288 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9798b3ba448ba7d5f1dd70a8a1fb7562\System.Workflow.Activities.ni.dll
+ 2008-06-29 11:50:59 4,579,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\575dad1c0dc9d035acbab10846802ce0\System.Workflow.ComponentModel.ni.dll
+ 2008-06-29 11:51:05 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\9d89b57d703aefe4938b45f8b398d378\System.Workflow.Runtime.ni.dll
+ 2008-06-29 11:51:10 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2e5aa36c753a605bdefb97ab83e8806\UIAutomationClient.ni.dll
+ 2008-06-29 11:51:14 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ae395b4b568f0d71fec35e3902a46a99\UIAutomationClientsideProviders.ni.dll
+ 2008-06-29 10:35:38 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9e249f5c0ef3e391c5aec1f9da805519\UIAutomationProvider.ni.dll
+ 2008-06-29 10:35:40 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46e3ec015dd7b25d5ddc185534458122\UIAutomationTypes.ni.dll
+ 2008-06-29 10:34:14 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\0703021437c2ec71213a6b701771be86\WindowsBase.ni.dll
+ 2008-06-29 11:51:18 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b7c202147607f93463ead99e743c78b9\WindowsFormsIntegration.ni.dll
+ 2008-06-29 11:50:18 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
- 2008-06-29 03:15:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 02:28:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-10-30 01:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2007-10-11 07:55:14 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- 2006-10-30 01:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-11 07:55:10 864,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- 2006-10-30 01:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2007-10-11 07:55:12 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
- 2006-10-30 01:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-11 07:55:12 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
- 2006-10-30 01:34:02 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2007-10-11 07:55:14 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
- 2006-10-30 01:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2007-10-11 07:55:14 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- 2006-10-30 01:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2007-10-11 07:55:14 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
- 2006-10-30 01:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2007-10-11 07:55:14 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
- 2006-10-30 01:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2007-10-11 07:55:14 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- 2006-10-30 01:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2007-10-11 07:55:14 929,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2006-10-30 01:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2007-10-11 07:55:14 5,971,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2006-10-30 01:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2007-10-11 07:55:14 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
- 2006-10-30 01:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2007-10-11 07:55:14 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2006-10-30 01:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2007-10-11 07:55:14 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- 2006-07-25 19:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2007-10-06 01:18:12 16,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
- 2006-10-20 19:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2007-10-09 11:03:00 76,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
- 2006-10-20 19:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2007-10-09 10:58:12 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
- 2006-10-20 19:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2007-10-09 10:58:12 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2006-10-20 19:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2007-10-09 11:03:08 121,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
- 2006-10-20 19:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2007-10-09 10:58:14 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
- 2006-10-20 19:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2007-10-09 10:58:20 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2006-10-20 19:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2007-10-09 11:03:00 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
- 2006-10-20 19:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
+ 2007-10-09 11:03:12 493,080 ----a-w C:\WINDOWS\system32\evr.dll
- 2008-04-09 01:12:24 1,976,856 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-01 09:03:23 1,976,856 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-10-30 01:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
+ 2007-10-11 07:55:10 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
- 2006-10-30 01:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
+ 2007-10-11 07:55:10 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
- 2007-03-26 15:07:31 299,392 ----a-w C:\WINDOWS\system32\imon.dll
+ 2008-06-29 10:02:56 299,392 ----a-w C:\WINDOWS\system32\imon.dll
- 2008-06-29 03:16:34 229,350 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-08 02:29:03 229,350 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2006-10-30 01:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
+ 2007-10-11 07:55:10 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-10-20 19:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
+ 2007-10-09 11:03:14 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
- 2006-10-20 19:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2007-10-09 11:03:04 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
- 2006-10-20 19:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2007-10-09 11:03:08 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
- 2006-10-20 19:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2007-10-09 11:03:02 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
- 2006-10-20 19:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2007-10-09 11:03:12 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2007-10-09 10:58:20 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
- 2006-10-20 19:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
+ 2007-10-09 11:03:08 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2006-10-20 19:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-10-09 11:03:08 308,760 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Program Files\Orbitdownloader\GrabPro.dll" [06/10/2008 10:47 AM 457848]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Program Files\Orbitdownloader\GrabPro.dll" [06/10/2008 10:47 AM 457848]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [11/16/2006 06:04 PM 139264]
"AtiTrayTools"="C:\Program Files\ATI Tray Tools\atitray.exe" [05/22/2007 11:04 AM 521128]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [07/27/2004 01:48 PM 1388544]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [07/29/2004 04:41 AM 1122304]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [12/27/2003 08:43 PM 81920]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [03/31/2004 03:23 PM 823296]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [03/11/2008 09:23 AM 3551456]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 02:40 PM 155648]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [01/14/2004 03:10 AM 409600]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" [05/02/2005 08:21 PM 32768]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 03:40 PM 1884160]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 12:20 PM 227328]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [11/22/2006 08:10 PM 151552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM 40048]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [04/12/2006 02:15 PM 1261475]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 02:03 PM 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [07/12/2007 10:57 AM 179288]
"MDGetStarted.exe"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [06/13/2007 01:23 PM 139264]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [03/26/2007 05:45 PM 389120]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM 267048]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 11:48 PM 479232]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [06/29/2008 12:02 PM 950664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 02:00 PM 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/27/2007 02:58 PM 1744896]

C:\Documents and Settings\Ariel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 11:21:34 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-12-20 19:45:38 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
11/22/2007 07:08 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
04/27/2007 12:10 PM 18744 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDVC"= cdvccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CDV5"= cdv5codc.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Adobe Premiere Pro.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\WS_FTP Professional\\wsftpgui.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"\\\\Arik-comp\\c\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\WS_FTP Professional\\ftpfind.exe"=
"C:\\Program Files\\InternetCalls.com\\InternetCalls\\internetcalls.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"Y:\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"64642:TCP"= 64642:TCP:Torrent
"47091:TCP"= 47091:TCP:utorrent
"47091:UDP"= 47091:UDP:uTorrent
"43371:TCP"= 43371:TCP:uTorrent
"43371:UDP"= 43371:UDP:UTORRENT UDP 43371
"5900:TCP"= 5900:TCP:VNC
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [12/27/2003 08:42 PM]
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [12/27/2003 02:38 AM]
R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [09/05/2007 03:01 PM]
R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [02/28/2007 11:15 AM]
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [07/29/2004 03:33 AM]
R1 atitray;atitray;C:\Program Files\ATI Tray Tools\atitray.sys [05/22/2007 11:04 AM]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [07/29/2004 04:13 AM]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [04/17/2007 02:00 PM]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [04/05/2007 11:55 AM]
R2 MacDriveService;MacDriveService;C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe [05/01/2007 02:55 PM]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Super_DVD_Creator_9.5\NMSAccessU.exe [10/12/2007 08:34 AM]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [02/27/2007 07:14 AM]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [08/02/2005 11:10 PM]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 09:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
HKCU-Run-StartCCC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HKLM-Run-MacDrive7.0.9TimeOutPatch - \TimeOutPatch.EXE
HKLM-Run-POINTER - point32.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 04:29:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ATI Tray Tools\raphook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\StuffIt\MXTask.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe
C:\PROGRA~1\StuffIt\MXTask.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 07/08/2008 4:37:23 - machine was rebooted [Ariel]
ComboFix-quarantined-files.txt 2008-07-08 02:36:59

Pre-Run: 22,255,214,592 bytes free
Post-Run: 22,316,503,040 bytes free

622 --- E O F --- 2008-06-22 01:01:27



BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:56 AM

Posted 02 August 2008 - 06:03 AM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users