Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Log


  • This topic is locked This topic is locked
1 reply to this topic

#1 mikimoo

mikimoo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 23 July 2008 - 10:14 AM

Hiya!

Need help here, thanks!
I am suspecting virus or spyware in my machine..
Need some advice on how to read the logs..

thanks!




ComboFix 08-07-22.4 - troytech 2008-07-23 21:35:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2318 [GMT 8:00]
Running from: C:\Documents and Settings\troytech\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\troytech\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\troytech\Application Data\Macrovision
2008-07-23 14:19 . 2008-07-23 14:19 <DIR> d-------- C:\Program Files\Vodafone
2008-07-23 14:19 . 2008-07-23 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-20 07:33 . 2008-07-20 07:33 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-07-20 07:33 . 2008-07-20 23:06 <DIR> d-------- C:\Documents and Settings\troytech\Application Data\Audacity
2008-07-16 23:26 . 2008-07-16 23:26 <DIR> d-------- C:\Program Files\Sun
2008-07-15 14:58 . 2008-07-15 14:58 546 --a------ C:\WINDOWS\vpd.properties
2008-07-14 18:23 . 2008-07-14 22:03 <DIR> d-------- C:\IBM
2008-07-14 03:18 . 2008-07-14 03:18 <DIR> d-------- C:\Documents and Settings\db2admin\Application Data\Intel
2008-07-14 02:37 . 2008-07-14 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-14 02:34 . 2008-07-14 02:34 <DIR> d-------- C:\Documents and Settings\db2admin
2008-07-14 02:34 . 2008-07-14 02:34 <DIR> d-------- C:\DB2
2008-07-14 02:33 . 2008-07-14 02:33 <DIR> d-------- C:\WINDOWS\cluster
2008-07-13 14:33 . 2008-07-13 14:33 <DIR> d-------- C:\Documents and Settings\troytech\Application Data\Sony
2008-07-13 14:33 . 2008-07-13 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-13 14:33 . 2008-07-13 14:33 1,024 --a------ C:\WINDOWS\system32\gncontent.cch
2008-07-13 14:24 . 2008-07-13 14:24 <DIR> d-------- C:\Program Files\Sony
2008-07-13 14:24 . 2008-07-13 14:24 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-07-13 14:20 . 2008-07-13 14:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-13 14:20 . 2008-07-13 14:20 <DIR> d-------- C:\2df1ae7fcd1e9efc352e5751b272
2008-07-13 14:19 . 2008-07-13 14:19 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-12 23:12 . 2008-07-12 23:12 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-12 23:12 . 2008-07-12 23:12 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-07-12 22:59 . 2008-07-12 22:59 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-12 22:59 . 2008-07-12 22:59 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-07-12 22:59 . 2008-07-12 22:59 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-07-10 23:04 . 2008-07-10 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-10 17:40 . 2008-07-10 17:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-10 16:52 . 2008-07-10 16:52 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-07-10 16:52 . 2008-07-10 16:52 <DIR> d-------- C:\Program Files\MSECACHE
2008-07-10 15:47 . 2008-07-10 15:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-10 13:24 . 2008-07-10 13:25 <DIR> d-------- C:\Program Files\PCDR5
2008-07-10 13:24 . 2008-07-10 13:24 <DIR> d-------- C:\Program Files\iLyrics
2008-07-10 13:24 . 2008-07-10 13:24 <DIR> d-------- C:\Program Files\Attachmate
2008-07-10 13:24 . 2008-07-10 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Attachmate
2008-07-10 13:16 . 2008-07-10 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-07-10 13:08 . 2008-07-10 13:08 <DIR> d-------- C:\Program Files\Bonjour
2008-07-10 13:05 . 2008-07-10 13:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-09 16:34 . 2008-07-10 13:24 <DIR> d-------- C:\RECYCLER(2)
2008-07-08 13:16 . 2008-07-10 13:25 <DIR> d-------- C:\Program Files\DynDNS Updater
2008-06-26 13:58 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-06-26 13:58 . 2007-07-03 16:59 86,824 --a------ C:\WINDOWS\system32\drivers\sscdserd.sys
2008-06-26 13:58 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-06-26 13:58 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-06-26 13:58 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-06-26 13:58 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-06-26 13:58 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-06-26 13:58 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-06-26 13:57 . 2008-06-26 13:57 <DIR> d-------- C:\Program Files\Samsung Electronics
2008-06-26 13:57 . 2008-06-26 14:02 <DIR> d-------- C:\Program Files\Samsung
2008-06-23 02:02 . 2008-06-23 02:02 8,394 --a------ C:\WINDOWS\system32\cbXPhhfC.dll
2008-06-23 01:02 . 2008-06-23 01:02 8,394 --a------ C:\WINDOWS\system32\cbXNGaYO.dll
2008-06-23 00:03 . 2008-07-13 14:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-23 00:02 . 2008-06-23 00:02 8,394 --a------ C:\WINDOWS\system32\cbXqpMCt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-23 13:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-07-23 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-07-23 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-16 15:26 --------- d-----w C:\Program Files\Java
2008-07-15 06:52 --------- d-----w C:\Program Files\ibm
2008-07-13 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\IBM
2008-07-13 18:43 --------- d-----w C:\Documents and Settings\troytech\Application Data\IBM
2008-07-13 18:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 06:24 --------- d-----w C:\Program Files\Sony Ericsson
2008-07-12 20:47 --------- d-----w C:\Documents and Settings\troytech\Application Data\uTorrent
2008-07-12 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-11 18:05 --------- d-----w C:\Documents and Settings\troytech\Application Data\Skype
2008-07-11 16:00 --------- d-----w C:\Documents and Settings\troytech\Application Data\skypePM
2008-07-10 09:41 --------- d-----w C:\Documents and Settings\troytech\Application Data\VMware
2008-07-10 09:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-10 05:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-10 05:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 05:20 --------- d-----w C:\Program Files\Microsoft Works
2008-07-09 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 05:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 14:29 --------- d-----w C:\Program Files\EvilLyrics
2008-06-22 10:21 8,394 ----a-w C:\WINDOWS\system32\urqPHyxV.dll
2008-06-22 09:21 8,394 ----a-w C:\WINDOWS\system32\xxywwtrr.dll
2008-06-22 08:21 8,394 ----a-w C:\WINDOWS\system32\geBuSMgH.dll
2008-06-22 07:21 8,394 ----a-w C:\WINDOWS\system32\jkkIYoPJ.dll
2008-06-21 15:59 8,394 ----a-w C:\WINDOWS\system32\byXPGApq.dll
2008-06-21 15:02 4,784 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 14:59 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-20 14:59 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-06-20 14:54 --------- d-----w C:\Program Files\ThinkPad
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 11:31 --------- d-----w C:\Program Files\themexp
2008-06-19 08:27 --------- d-----w C:\Program Files\Lavasoft
2008-06-16 16:32 24,575 ----a-w C:\WINDOWS\system32\Mwinapppiobas78.dll
2008-06-16 16:02 --------- d-----w C:\Program Files\Trend Micro
2008-06-16 03:23 --------- d-----w C:\Program Files\IconCool Software
2008-06-15 07:28 81,920 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 05:58 --------- d-----w C:\Documents and Settings\troytech\Application Data\vlc
2008-06-04 05:55 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 09:08 --------- d-----w C:\Documents and Settings\troytech\Application Data\FileZilla
2008-05-30 08:00 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-29 01:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-26 04:03 --------- d-----w C:\Program Files\PowerISO
2008-05-24 06:23 --------- d-----w C:\Program Files\Winamp
2008-05-23 10:21 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-18 13:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-10 02:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_ 2.56.54.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-07-10 09:40:15 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-07-10 09:40:15 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-07-13 18:37:03 753,664 ----a-w C:\WINDOWS\assembly\GAC\IBM.Data.DB2\9.0.0.1__7c307b91aa13d208\IBM.Data.DB2.dll
+ 2008-07-10 09:40:14 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-07-10 09:40:07 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-07-10 09:40:09 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-07-10 09:40:10 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-07-10 09:40:10 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-07-10 09:40:10 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-07-10 09:40:10 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-07-10 09:40:10 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-07-10 09:40:10 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-07-10 09:40:14 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-07-10 09:40:10 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-07-10 09:40:10 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-07-10 09:40:14 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-07-10 09:40:15 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-07-10 09:40:10 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-07-10 09:40:07 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-07-10 09:40:11 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-07-10 09:40:12 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-07-10 09:40:12 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-07-10 09:40:12 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-07-10 09:40:11 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-07-10 09:40:12 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-07-10 09:40:11 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-07-10 09:40:11 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-07-10 09:40:14 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-07-13 18:37:03 851,968 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IBM.Data.DB2\9.0.0.2__7c307b91aa13d208\IBM.Data.DB2.dll
+ 2008-07-13 06:24:47 7,741,440 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AppCommon\e5d275fce514d9a0e77d1d4ea8ef8f1f\AppCommon.ni.dll
+ 2008-07-13 06:24:58 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\825236bbd0fe679f832e7d4771edcf11\AxInterop.QTOControlLib.ni.dll
+ 2008-07-13 06:24:51 143,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\baeda6f2df7e404a19ffa9311143672e\AxInterop.SHDocVw.ni.dll
+ 2008-07-13 06:24:57 184,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\b1b7ffeb41e29f6cee1641fdbebff37d\AxInterop.WMPLib.ni.dll
+ 2008-07-13 06:24:54 221,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\GCPlayer\72263e28759cb6b4892c4c2cefafffc9\GCPlayer.ni.dll
+ 2008-07-13 06:24:55 31,232 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interfaces\8295bb43e8baaf830eba80e92aeddf6a\Interfaces.ni.dll
+ 2008-07-13 06:24:55 389,120 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\0412709bc0832476c19c6528cd5fd50b\Interop.CDDBCONTROLLibSMS.ni.dll
+ 2008-07-13 06:24:56 41,984 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\1c167e360ae718d85124c4298acbc19a\Interop.CDDBLINKLibSMS.ni.dll
+ 2008-07-13 06:25:04 35,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\65fa0ff4e84606ed66c0f27d9aa2de62\Interop.CDDBUICONTROLLibSMS.ni.dll
+ 2008-07-13 06:24:54 118,784 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\966663abd85cd1318f308e3f45b8e2d0\Interop.IWshRuntimeLibrary.ni.dll
+ 2008-07-13 06:24:55 90,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\2abaa9985cf42708e7f959c18f2af5bf\Interop.PortableDeviceApiLib.ni.dll
+ 2008-07-13 06:25:04 90,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\b263bd771c7153e0c2772ff5d9b948d2\Interop.PortableDeviceTypesLib.ni.dll
+ 2008-07-13 06:24:59 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\f80c337c14a77d99d2b0fdc6d7d55b80\Interop.QTOControlLib.ni.dll
+ 2008-07-13 06:25:03 221,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\ba264926bf0d545f670754b76f11a47f\Interop.QTOLibrary.ni.dll
+ 2008-07-13 06:24:52 344,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\8d2b98dfa38088677277157b71c72a41\Interop.SHDocVw.ni.dll
+ 2008-07-13 06:24:57 847,872 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\066e0092db7679225fe769f5e87f7d03\Interop.WMPLib.ni.dll
+ 2008-07-13 06:24:51 712,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\c46c3c4a0895936b7f63fbc7f86d49e0\log4net.ni.dll
+ 2008-07-13 06:24:56 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Lucene.Net\08faa46a8be84193979c718d661901c8\Lucene.Net.ni.dll
+ 2008-07-13 06:24:50 970,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\6d20802edcb4472aa4eb06f9856acea1\MediaManager.GUI.ni.dll
+ 2008-07-13 06:25:04 282,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\df1059b57ed1b76db6817484d32dae52\MediaManager.SplashScreen.ni.dll
+ 2008-07-13 06:24:54 147,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\91878a9ed086c222378eac8c0a0ba039\MediaManager.Utils.ni.dll
+ 2008-07-13 06:24:40 1,843,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager\de92575be231b02005f20c32c88d624d\MediaManager.ni.exe
+ 2008-07-13 06:24:48 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PerstNET\e89829b19e146b3a036179d4c01b678a\PerstNET.ni.dll
+ 2008-07-13 06:24:58 30,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\0228b351cadd6093d3683116ec9fd5c9\SFMARKETLib.ni.dll
+ 2008-07-13 06:24:53 1,032,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\0b5e3426722a7a352419310f7433ce9b\Sony.MediaSoftware.clrshared.ni.dll
+ 2008-07-13 06:25:03 44,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\0f3ca47693cb5d3cb7a9c17ad02c3853\stdole.ni.dll
+ 2007-07-22 12:03:12 22,016 ----a-w C:\WINDOWS\cluster\db2server.dll
+ 2006-06-30 03:00:06 29,616 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2006-06-30 03:00:14 201,648 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2007-03-01 04:25:38 488,368 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
- 2008-04-14 12:30:49 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2006-10-26 12:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-26 12:42:36 8,423,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 07:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
- 2008-02-29 16:40:11 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-07-10 10:25:12 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-07-10 09:10:45 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
- 2008-03-01 04:10:25 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-07-10 09:38:08 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-06-11 12:30:14 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-23 10:02:05 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-06-11 12:30:14 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-23 10:02:05 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2008-06-11 12:30:14 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-23 10:02:05 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-06-11 12:30:14 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-23 10:02:05 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-06-11 12:30:14 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-23 10:02:05 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-06-11 12:30:14 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-23 10:02:05 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2008-06-11 12:30:14 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-23 10:02:05 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-06-11 12:30:14 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-23 10:02:05 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-11 04:07:48 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
+ 2008-07-10 09:14:59 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
- 2008-03-11 04:07:49 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-07-10 09:14:59 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe
- 2008-03-11 04:07:49 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-07-10 09:14:59 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2008-03-11 04:07:49 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe
+ 2008-07-10 09:14:59 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe
- 2008-03-11 04:07:49 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-07-10 09:14:59 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2008-03-11 04:07:48 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-07-10 09:14:59 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-07-23 06:19:59 2,806 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\ARPPRODUCTICON.exe
+ 2008-07-23 06:19:59 65,536 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\NewShortcut1_5E3003BD8B2446E5BEDC66B4435E8637.exe
- 2008-02-29 16:39:16 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-07-10 10:24:51 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2008-03-04 14:11:34 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-07-10 09:10:37 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\CommandLineProcessor.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\CommandWindow.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\CommandWindow9X.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\DB2Syncronizer.exe
+ 2008-07-13 18:34:34 65,536 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2001-07-14 09:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2006-10-18 13:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 2008-04-14 00:11:50 286,720 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 13:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2008-04-14 00:11:50 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 13:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-04-14 00:11:50 286,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 13:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2008-04-14 12:30:49 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 11:05:51 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-04-14 00:11:50 159,232 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 13:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-06-20 17:46:57 147,968 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2008-04-14 00:12:57 695,808 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 13:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-04-14 00:11:56 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 13:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2008-04-14 00:12:24 103,936 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 12:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2008-04-14 00:11:57 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-18 13:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2008-04-14 00:11:57 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 13:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2008-04-14 00:11:57 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 13:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2008-04-14 00:12:55 259,072 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 13:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2008-04-14 00:12:00 52,224 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 13:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2008-04-14 00:12:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 13:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2008-04-14 00:12:56 356,352 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-18 13:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2008-04-14 00:12:01 245,760 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 13:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2008-06-20 17:46:57 245,248 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-06-20 11:51:12 361,600 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 11:08:27 225,856 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-04-14 00:12:09 408,064 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 13:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2008-04-14 00:12:09 670,720 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 13:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2008-04-14 00:12:09 230,912 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 09:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2008-04-14 00:12:09 27,136 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 13:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2008-04-14 00:12:09 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 13:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2008-04-14 00:12:09 151,552 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-18 13:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2008-04-14 00:12:09 1,053,184 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 13:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2008-04-14 00:12:09 759,296 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2008-04-14 00:12:09 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2008-04-14 00:12:09 485,376 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-18 13:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2008-04-14 00:12:10 897,024 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 13:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2008-04-14 00:12:58 2,109,440 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 13:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2008-04-14 00:12:10 809,984 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2008-04-14 00:12:10 1,001,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 00:11:52 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-10-18 13:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-11-01 23:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-01 23:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2006-10-18 12:00:00 38,528 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 10:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 11:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 12:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2008-04-14 00:12:57 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 13:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2008-07-12 14:59:13 13,352 -c--a-w C:\WINDOWS\system32\DRVSTORE\ggsemc_3EE1F6D8533CA8E2EB17526ACDA603248B4A39F8\x86\ggflt.sys
+ 2008-07-12 14:59:13 21,672 -c--a-w C:\WINDOWS\system32\DRVSTORE\ggsemc_3EE1F6D8533CA8E2EB17526ACDA603248B4A39F8\x86\ggsemc.sys
+ 2008-07-12 14:59:13 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ggsemc_3EE1F6D8533CA8E2EB17526ACDA603248B4A39F8\x86\wdfcoinstaller01005.dll
+ 2008-07-12 14:59:21 28,672 -c--a-w C:\WINDOWS\system32\DRVSTORE\semis06_DA67AFFFF2AEF16AC891730C125C417DD219A214\semis06.sys
+ 2008-07-12 14:59:19 83,200 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrbus.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrwhnt.sys
+ 2008-07-12 14:59:19 63,360 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrceb.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrwhnt.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 14,848 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdfl.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrmdmc.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 99,712 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrobex.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 91,264 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrsce.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
- 2008-05-13 14:39:56 4,498,072 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-14 19:10:37 4,496,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-21 17:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 17:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 17:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 17:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-21 18:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 18:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-14 00:11:56 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 13:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2008-04-14 00:12:24 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 12:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-02-20 08:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-02-20 08:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-10-18 13:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-18 13:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2008-04-14 00:11:57 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 13:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 13:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2008-04-14 00:11:57 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 13:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 13:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2008-04-14 00:11:57 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 13:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-14 00:12:55 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 13:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2008-04-14 00:12:00 52,224 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-18 13:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2008-04-14 00:12:00 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-10-18 13:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2008-04-14 00:12:56 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-10-18 13:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2007-12-12 07:41:50 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2008-04-14 00:12:01 245,760 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 13:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2008-06-22 18:42:41 68,430 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-13 18:37:07 86,210 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-22 18:42:41 433,180 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-13 18:37:07 482,768 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-18 13:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 13:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 13:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 13:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 13:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2008-04-14 00:12:03 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 13:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2008-06-19 11:32:51 519,824 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-07-10 05:26:47 83,315,156 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-27 08:39:36 13,536 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-04-14 00:12:03 728,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ps5ui.dll
+ 2003-05-05 08:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
- 2008-04-14 00:12:03 543,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pscript5.dll
+ 2003-05-05 08:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2007-05-10 15:13:07 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\AdReGP.dll
+ 2006-10-22 15:37:38 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADReGP.dll
- 2007-05-10 15:13:22 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.dll
+ 2006-10-22 15:37:52 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.DLL
+ 2006-10-18 13:58:00 8,704 ------w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-18 13:47:18 4,096 ------w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 13:58:00 8,704 ------w C:\WINDOWS\system32\wdfmgr.exe
- 2008-04-14 00:12:09 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 13:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2008-04-14 00:12:09 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 13:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2008-04-14 00:12:09 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 09:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2008-04-14 00:12:09 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-18 13:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2008-04-14 00:12:09 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 13:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 13:47:18 429,056 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-18 13:47:20 348,672 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 13:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2008-04-14 00:12:09 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 13:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2008-04-14 00:12:09 1,053,184 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 13:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2008-04-14 00:12:09 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2008-04-14 00:12:09 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2008-04-14 00:12:09 485,376 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 13:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2008-04-14 00:12:10 897,024 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 13:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2006-10-18 13:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-18 13:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2008-04-14 00:12:58 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 13:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 13:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2008-04-14 00:12:10 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2008-04-14 00:12:10 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 13:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 13:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 13:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 13:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-10-18 13:47:22 629,760 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 13:47:22 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 13:47:22 154,624 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 13:47:22 63,488 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 13:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 12:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-18 13:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 13:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-10-18 13:47:22 356,352 ------w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 12:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 10:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 10:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 10:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 10:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2008-07-23 13:28:17 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_8d8.dat
- 2006-10-26 05:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-12-12 07:40:54 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 01:30 294912]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 01:30 208896]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-15 15:07 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-15 15:07 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-15 15:07 137752]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 18:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 18:30 512000]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 10:21 66928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-08-25 19:25 3112960]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 03:06 59680]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"DB2COPY1 - db2systray.exe DB2"="C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe" [2007-07-23 02:49 79136]
"VodafoneVMCLiteLauncher"="C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2007-09-20 14:23 102400]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 15:58:10 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 16:36 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrSMFu]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NewShortcut1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NewShortcut1.lnk
backup=C:\WINDOWS\pss\NewShortcut1.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe]
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2007-03-29 15:41 222128 C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-12-11 10:11 1044480 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\ibm\\SDP70\\jdk\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\ibm\\SDP70\\runtimes\\base_v61\\java\\bin\\java.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"C:\\Program Files\\ibm\\Installation Manager\\eclipse\\jre_5.0.2.sr5_20070511\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-01-11 01:30]
R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2007-07-23 02:47]
R2 DB2NTSECSERVER_DB2COPY1;DB2 Security Server (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe [2007-07-23 02:48]
R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe [2007-07-23 02:48]
S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe [2007-07-23 02:45]
S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe [2007-07-23 02:46]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-12 22:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7727b1c2-e6ed-11dc-8faa-806d6172696f}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f01a1124-5880-11dd-883c-005056c00008}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f583b011-f3e9-11dc-87b9-005056c00008}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f882142e-fae6-11dc-87bf-005056c00008}]
\Shell\AutoRun\command - setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 01:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-23 13:29:34 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sg/ig?hl=en&source=iglk
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O16 -: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
C:\WINDOWS\Downloaded Program Files\acpir.inf
C:\WINDOWS\system32\capicom.dll
C:\WINDOWS\Downloaded Program Files\acpir2.dll

O16 -: {BA1C4B25-19D5-4F32-831D-BEAF1A402827} - hxxp://dl.bysoo.com/bysootb/nvwkanx1.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\nvwkanx1.inf
C:\WINDOWS\Downloaded Program Files\nvwkanx1.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\nvwkanx1.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 21:40:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 21:49:34
ComboFix-quarantined-files.txt 2008-07-23 13:48:59
ComboFix2.txt 2008-07-10 08:35:14
ComboFix3.txt 2008-07-09 08:20:03
ComboFix4.txt 2008-06-22 18:57:08

Pre-Run: 25,155,371,008 bytes free
Post-Run: 25,158,828,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

677 --- E O F --- 2008-07-23 10:02:08

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:34 AM

Posted 23 July 2008 - 01:45 PM

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users