Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 mikimoo

mikimoo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 23 July 2008 - 10:36 AM

Hiya!

Need some help here. I am suspecting there are some virus or spyware in my machine.

Thanks alot for the help!

ComboFix 08-07-22.4 - troytech 2008-07-23 21:35:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2318 [GMT 8:00]
Running from: C:\Documents and Settings\troytech\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\troytech\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\troytech\Application Data\Macrovision
2008-07-23 14:19 . 2008-07-23 14:19 <DIR> d-------- C:\Program Files\Vodafone
2008-07-23 14:19 . 2008-07-23 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-20 07:33 . 2008-07-20 07:33 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-07-20 07:33 . 2008-07-20 23:06 <DIR> d-------- C:\Documents and Settings\troytech\Application Data\Audacity
2008-07-16 23:26 . 2008-07-16 23:26 <DIR> d-------- C:\Program Files\Sun
2008-07-15 14:58 . 2008-07-15 14:58 546 --a------ C:\WINDOWS\vpd.properties
2008-07-14 18:23 . 2008-07-14 22:03 <DIR> d-------- C:\IBM
2008-07-14 03:18 . 2008-07-14 03:18 <DIR> d-------- C:\Documents and Settings\db2admin\Application Data\Intel
2008-07-14 02:37 . 2008-07-14 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-14 02:34 . 2008-07-14 02:34 <DIR> d-------- C:\Documents and Settings\db2admin
2008-07-14 02:34 . 2008-07-14 02:34 <DIR> d-------- C:\DB2
2008-07-14 02:33 . 2008-07-14 02:33 <DIR> d-------- C:\WINDOWS\cluster
2008-07-13 14:33 . 2008-07-13 14:33 <DIR> d-------- C:\Documents and Settings\troytech\Application Data\Sony
2008-07-13 14:33 . 2008-07-13 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-13 14:33 . 2008-07-13 14:33 1,024 --a------ C:\WINDOWS\system32\gncontent.cch
2008-07-13 14:24 . 2008-07-13 14:24 <DIR> d-------- C:\Program Files\Sony
2008-07-13 14:24 . 2008-07-13 14:24 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-07-13 14:20 . 2008-07-13 14:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-13 14:20 . 2008-07-13 14:20 <DIR> d-------- C:\2df1ae7fcd1e9efc352e5751b272
2008-07-13 14:19 . 2008-07-13 14:19 <DIR> d-------- C:\Program Files\Sony Setup
2008-07-12 23:12 . 2008-07-12 23:12 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-12 23:12 . 2008-07-12 23:12 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-07-12 22:59 . 2008-07-12 22:59 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-12 22:59 . 2008-07-12 22:59 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-07-12 22:59 . 2008-07-12 22:59 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-07-10 23:04 . 2008-07-10 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-10 17:40 . 2008-07-10 17:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-10 16:52 . 2008-07-10 16:52 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-07-10 16:52 . 2008-07-10 16:52 <DIR> d-------- C:\Program Files\MSECACHE
2008-07-10 15:47 . 2008-07-10 15:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-10 13:24 . 2008-07-10 13:25 <DIR> d-------- C:\Program Files\PCDR5
2008-07-10 13:24 . 2008-07-10 13:24 <DIR> d-------- C:\Program Files\iLyrics
2008-07-10 13:24 . 2008-07-10 13:24 <DIR> d-------- C:\Program Files\Attachmate
2008-07-10 13:24 . 2008-07-10 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Attachmate
2008-07-10 13:16 . 2008-07-10 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-07-10 13:08 . 2008-07-10 13:08 <DIR> d-------- C:\Program Files\Bonjour
2008-07-10 13:05 . 2008-07-10 13:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-09 16:34 . 2008-07-10 13:24 <DIR> d-------- C:\RECYCLER(2)
2008-07-08 13:16 . 2008-07-10 13:25 <DIR> d-------- C:\Program Files\DynDNS Updater
2008-06-26 13:58 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-06-26 13:58 . 2007-07-03 16:59 86,824 --a------ C:\WINDOWS\system32\drivers\sscdserd.sys
2008-06-26 13:58 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-06-26 13:58 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-06-26 13:58 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-06-26 13:58 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-06-26 13:58 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-06-26 13:58 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-06-26 13:57 . 2008-06-26 13:57 <DIR> d-------- C:\Program Files\Samsung Electronics
2008-06-26 13:57 . 2008-06-26 14:02 <DIR> d-------- C:\Program Files\Samsung
2008-06-23 02:02 . 2008-06-23 02:02 8,394 --a------ C:\WINDOWS\system32\cbXPhhfC.dll
2008-06-23 01:02 . 2008-06-23 01:02 8,394 --a------ C:\WINDOWS\system32\cbXNGaYO.dll
2008-06-23 00:03 . 2008-07-13 14:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-23 00:02 . 2008-06-23 00:02 8,394 --a------ C:\WINDOWS\system32\cbXqpMCt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-23 13:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-07-23 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-07-23 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-16 15:26 --------- d-----w C:\Program Files\Java
2008-07-15 06:52 --------- d-----w C:\Program Files\ibm
2008-07-13 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\IBM
2008-07-13 18:43 --------- d-----w C:\Documents and Settings\troytech\Application Data\IBM
2008-07-13 18:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 06:24 --------- d-----w C:\Program Files\Sony Ericsson
2008-07-12 20:47 --------- d-----w C:\Documents and Settings\troytech\Application Data\uTorrent
2008-07-12 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-11 18:05 --------- d-----w C:\Documents and Settings\troytech\Application Data\Skype
2008-07-11 16:00 --------- d-----w C:\Documents and Settings\troytech\Application Data\skypePM
2008-07-10 09:41 --------- d-----w C:\Documents and Settings\troytech\Application Data\VMware
2008-07-10 09:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-10 05:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-10 05:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 05:20 --------- d-----w C:\Program Files\Microsoft Works
2008-07-09 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 05:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 14:29 --------- d-----w C:\Program Files\EvilLyrics
2008-06-22 10:21 8,394 ----a-w C:\WINDOWS\system32\urqPHyxV.dll
2008-06-22 09:21 8,394 ----a-w C:\WINDOWS\system32\xxywwtrr.dll
2008-06-22 08:21 8,394 ----a-w C:\WINDOWS\system32\geBuSMgH.dll
2008-06-22 07:21 8,394 ----a-w C:\WINDOWS\system32\jkkIYoPJ.dll
2008-06-21 15:59 8,394 ----a-w C:\WINDOWS\system32\byXPGApq.dll
2008-06-21 15:02 4,784 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 14:59 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-20 14:59 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-06-20 14:54 --------- d-----w C:\Program Files\ThinkPad
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 11:31 --------- d-----w C:\Program Files\themexp
2008-06-19 08:27 --------- d-----w C:\Program Files\Lavasoft
2008-06-16 16:32 24,575 ----a-w C:\WINDOWS\system32\Mwinapppiobas78.dll
2008-06-16 16:02 --------- d-----w C:\Program Files\Trend Micro
2008-06-16 03:23 --------- d-----w C:\Program Files\IconCool Software
2008-06-15 07:28 81,920 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 05:58 --------- d-----w C:\Documents and Settings\troytech\Application Data\vlc
2008-06-04 05:55 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 09:08 --------- d-----w C:\Documents and Settings\troytech\Application Data\FileZilla
2008-05-30 08:00 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-29 01:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-26 04:03 --------- d-----w C:\Program Files\PowerISO
2008-05-24 06:23 --------- d-----w C:\Program Files\Winamp
2008-05-23 10:21 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-18 13:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-10 02:52 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_ 2.56.54.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-07-10 09:40:15 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-07-10 09:40:15 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-07-13 18:37:03 753,664 ----a-w C:\WINDOWS\assembly\GAC\IBM.Data.DB2\9.0.0.1__7c307b91aa13d208\IBM.Data.DB2.dll
+ 2008-07-10 09:40:14 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-07-10 09:40:07 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-07-10 09:40:09 1,276,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-07-10 09:40:10 150,320 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-07-10 09:40:10 920,376 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-07-10 09:40:10 35,648 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-07-10 09:40:10 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-07-10 09:40:10 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-07-10 09:40:10 781,104 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-07-10 09:40:14 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-07-10 09:40:10 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-07-10 09:40:10 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-07-10 09:40:14 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-07-10 09:40:15 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-07-10 09:40:10 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-07-10 09:40:07 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-07-10 09:40:11 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-07-10 09:40:12 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-07-10 09:40:12 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-07-10 09:40:12 12,112 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-07-10 09:40:11 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-07-10 09:40:12 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-07-10 09:40:11 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-07-10 09:40:11 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-07-10 09:40:14 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-07-13 18:37:03 851,968 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IBM.Data.DB2\9.0.0.2__7c307b91aa13d208\IBM.Data.DB2.dll
+ 2008-07-13 06:24:47 7,741,440 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AppCommon\e5d275fce514d9a0e77d1d4ea8ef8f1f\AppCommon.ni.dll
+ 2008-07-13 06:24:58 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AxInterop.QTOContro#\825236bbd0fe679f832e7d4771edcf11\AxInterop.QTOControlLib.ni.dll
+ 2008-07-13 06:24:51 143,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\baeda6f2df7e404a19ffa9311143672e\AxInterop.SHDocVw.ni.dll
+ 2008-07-13 06:24:57 184,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AxInterop.WMPLib\b1b7ffeb41e29f6cee1641fdbebff37d\AxInterop.WMPLib.ni.dll
+ 2008-07-13 06:24:54 221,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\GCPlayer\72263e28759cb6b4892c4c2cefafffc9\GCPlayer.ni.dll
+ 2008-07-13 06:24:55 31,232 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interfaces\8295bb43e8baaf830eba80e92aeddf6a\Interfaces.ni.dll
+ 2008-07-13 06:24:55 389,120 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CDDBCONTROL#\0412709bc0832476c19c6528cd5fd50b\Interop.CDDBCONTROLLibSMS.ni.dll
+ 2008-07-13 06:24:56 41,984 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CDDBLINKLib#\1c167e360ae718d85124c4298acbc19a\Interop.CDDBLINKLibSMS.ni.dll
+ 2008-07-13 06:25:04 35,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CDDBUICONTR#\65fa0ff4e84606ed66c0f27d9aa2de62\Interop.CDDBUICONTROLLibSMS.ni.dll
+ 2008-07-13 06:24:54 118,784 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\966663abd85cd1318f308e3f45b8e2d0\Interop.IWshRuntimeLibrary.ni.dll
+ 2008-07-13 06:24:55 90,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\2abaa9985cf42708e7f959c18f2af5bf\Interop.PortableDeviceApiLib.ni.dll
+ 2008-07-13 06:25:04 90,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.PortableDev#\b263bd771c7153e0c2772ff5d9b948d2\Interop.PortableDeviceTypesLib.ni.dll
+ 2008-07-13 06:24:59 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.QTOControlL#\f80c337c14a77d99d2b0fdc6d7d55b80\Interop.QTOControlLib.ni.dll
+ 2008-07-13 06:25:03 221,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.QTOLibrary\ba264926bf0d545f670754b76f11a47f\Interop.QTOLibrary.ni.dll
+ 2008-07-13 06:24:52 344,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\8d2b98dfa38088677277157b71c72a41\Interop.SHDocVw.ni.dll
+ 2008-07-13 06:24:57 847,872 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WMPLib\066e0092db7679225fe769f5e87f7d03\Interop.WMPLib.ni.dll
+ 2008-07-13 06:24:51 712,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\c46c3c4a0895936b7f63fbc7f86d49e0\log4net.ni.dll
+ 2008-07-13 06:24:56 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Lucene.Net\08faa46a8be84193979c718d661901c8\Lucene.Net.ni.dll
+ 2008-07-13 06:24:50 970,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager.GUI\6d20802edcb4472aa4eb06f9856acea1\MediaManager.GUI.ni.dll
+ 2008-07-13 06:25:04 282,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager.Splash#\df1059b57ed1b76db6817484d32dae52\MediaManager.SplashScreen.ni.dll
+ 2008-07-13 06:24:54 147,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager.Utils\91878a9ed086c222378eac8c0a0ba039\MediaManager.Utils.ni.dll
+ 2008-07-13 06:24:40 1,843,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MediaManager\de92575be231b02005f20c32c88d624d\MediaManager.ni.exe
+ 2008-07-13 06:24:48 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PerstNET\e89829b19e146b3a036179d4c01b678a\PerstNET.ni.dll
+ 2008-07-13 06:24:58 30,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SFMARKETLib\0228b351cadd6093d3683116ec9fd5c9\SFMARKETLib.ni.dll
+ 2008-07-13 06:24:53 1,032,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\0b5e3426722a7a352419310f7433ce9b\Sony.MediaSoftware.clrshared.ni.dll
+ 2008-07-13 06:25:03 44,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\0f3ca47693cb5d3cb7a9c17ad02c3853\stdole.ni.dll
+ 2007-07-22 12:03:12 22,016 ----a-w C:\WINDOWS\cluster\db2server.dll
+ 2006-06-30 03:00:06 29,616 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2006-06-30 03:00:14 201,648 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2007-03-01 04:25:38 488,368 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
- 2008-04-14 12:30:49 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2006-10-26 12:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-26 12:42:36 8,423,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 07:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
- 2008-02-29 16:40:11 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-07-10 10:25:12 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe
+ 2008-07-10 09:10:45 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
- 2008-03-01 04:10:25 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-07-10 09:38:08 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-06-11 12:30:14 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-23 10:02:05 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-06-11 12:30:14 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-23 10:02:05 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2008-06-11 12:30:14 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-23 10:02:05 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-06-11 12:30:14 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-23 10:02:05 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-06-11 12:30:14 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-23 10:02:05 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-06-11 12:30:14 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-23 10:02:05 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2008-06-11 12:30:14 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-23 10:02:05 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-06-11 12:30:14 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-23 10:02:05 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-11 04:07:48 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
+ 2008-07-10 09:14:59 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
- 2008-03-11 04:07:49 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2008-07-10 09:14:59 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_3D.exe
- 2008-03-11 04:07:49 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2008-07-10 09:14:59 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2008-03-11 04:07:49 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe
+ 2008-07-10 09:14:59 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Distiller.exe
- 2008-03-11 04:07:49 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2008-07-10 09:14:59 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2008-03-11 04:07:48 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-07-10 09:14:59 23,558 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2008-07-23 06:19:59 2,806 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\ARPPRODUCTICON.exe
+ 2008-07-23 06:19:59 65,536 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\NewShortcut1_5E3003BD8B2446E5BEDC66B4435E8637.exe
- 2008-02-29 16:39:16 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2008-07-10 10:24:51 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2008-03-04 14:11:34 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-07-10 09:10:37 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\CommandLineProcessor.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\CommandWindow.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\CommandWindow9X.exe
+ 2008-07-13 18:34:34 3,638 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\DB2Syncronizer.exe
+ 2008-07-13 18:34:34 65,536 ----a-r C:\WINDOWS\Installer\{CB7E882C-89DC-401D-9C2E-8CFC113B6E77}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2001-07-14 09:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2006-10-18 13:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 2008-04-14 00:11:50 286,720 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 13:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2008-04-14 00:11:50 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 13:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-04-14 00:11:50 286,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 13:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2008-04-14 12:30:49 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 11:05:51 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-04-14 00:11:50 159,232 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 13:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-06-20 17:46:57 147,968 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2008-04-14 00:12:57 695,808 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 13:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-04-14 00:11:56 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 13:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2008-04-14 00:12:24 103,936 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 12:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2008-04-14 00:11:57 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-18 13:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2008-04-14 00:11:57 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 13:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2008-04-14 00:11:57 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 13:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2008-04-14 00:12:55 259,072 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 13:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2008-04-14 00:12:00 52,224 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 13:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2008-04-14 00:12:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 13:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2008-04-14 00:12:56 356,352 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-18 13:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2008-04-14 00:12:01 245,760 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 13:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2008-06-20 17:46:57 245,248 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-06-20 11:51:12 361,600 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 11:08:27 225,856 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-04-14 00:12:09 408,064 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 13:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2008-04-14 00:12:09 670,720 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 13:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2008-04-14 00:12:09 230,912 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 09:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2008-04-14 00:12:09 27,136 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 13:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2008-04-14 00:12:09 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 13:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2008-04-14 00:12:09 151,552 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-18 13:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2008-04-14 00:12:09 1,053,184 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 13:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2008-04-14 00:12:09 759,296 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2008-04-14 00:12:09 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2008-04-14 00:12:09 485,376 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-18 13:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2008-04-14 00:12:10 897,024 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 13:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2008-04-14 00:12:58 2,109,440 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 13:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2008-04-14 00:12:10 809,984 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2008-04-14 00:12:10 1,001,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 13:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 00:11:52 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-10-18 13:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-11-01 23:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-01 23:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2006-10-18 12:00:00 38,528 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 10:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 11:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 12:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2008-04-14 00:12:57 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 13:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2008-07-12 14:59:13 13,352 -c--a-w C:\WINDOWS\system32\DRVSTORE\ggsemc_3EE1F6D8533CA8E2EB17526ACDA603248B4A39F8\x86\ggflt.sys
+ 2008-07-12 14:59:13 21,672 -c--a-w C:\WINDOWS\system32\DRVSTORE\ggsemc_3EE1F6D8533CA8E2EB17526ACDA603248B4A39F8\x86\ggsemc.sys
+ 2008-07-12 14:59:13 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ggsemc_3EE1F6D8533CA8E2EB17526ACDA603248B4A39F8\x86\wdfcoinstaller01005.dll
+ 2008-07-12 14:59:21 28,672 -c--a-w C:\WINDOWS\system32\DRVSTORE\semis06_DA67AFFFF2AEF16AC891730C125C417DD219A214\semis06.sys
+ 2008-07-12 14:59:19 83,200 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrbus.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrbus_36ECD4F36FFD1C8D7775CBB1D3C4EDC32416D158\i386\zebrwhnt.sys
+ 2008-07-12 14:59:19 63,360 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrceb.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrceb_5D3759B0FA9680671ED8714BBB53A24D3DD6D83E\i386\zebrwhnt.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrfse2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 14,848 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdfl.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmdm2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrmsc2_42356B4F0BD79AC6F18744A1833E5FF4F32976BD\i386\zebrmdmc.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 99,712 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrobx2_5EC96C36227E872B2B260D203965ADA2987E0B39\i386\zebrobex.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 91,264 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrscep_43CE4CE9917F4AB857191C8AF519514326FED3EB\i386\zebrsce.sys
+ 2008-07-12 14:59:19 12,160 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrcmnt.sys
+ 2008-07-12 14:59:19 109,568 -c--a-w C:\WINDOWS\system32\DRVSTORE\zebrser2_0A2847C94D1EE4DD06CE7DF36614D531DE0478E2\i386\zebrmdm.sys
- 2008-05-13 14:39:56 4,498,072 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-14 19:10:37 4,496,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-21 17:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 17:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 17:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 17:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-21 18:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 18:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-14 00:11:56 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 13:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2008-04-14 00:12:24 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 12:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-02-20 08:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-02-20 08:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-10-18 13:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-18 13:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2008-04-14 00:11:57 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 13:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 13:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2008-04-14 00:11:57 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 13:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 13:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2008-04-14 00:11:57 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 13:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-14 00:12:55 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 13:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2008-04-14 00:12:00 52,224 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-18 13:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2008-04-14 00:12:00 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-10-18 13:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2008-04-14 00:12:56 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-10-18 13:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2007-12-12 07:41:50 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2008-04-14 00:12:01 245,760 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 13:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2008-06-22 18:42:41 68,430 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-13 18:37:07 86,210 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-22 18:42:41 433,180 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-13 18:37:07 482,768 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-18 13:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 13:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 13:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 13:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 13:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2008-04-14 00:12:03 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 13:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2008-06-19 11:32:51 519,824 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-07-10 05:26:47 83,315,156 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-27 08:39:36 13,536 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-04-14 00:12:03 728,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ps5ui.dll
+ 2003-05-05 08:47:20 129,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
- 2008-04-14 00:12:03 543,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pscript5.dll
+ 2003-05-05 08:47:20 455,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2007-05-10 15:13:07 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\AdReGP.dll
+ 2006-10-22 15:37:38 24,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADReGP.dll
- 2007-05-10 15:13:22 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.dll
+ 2006-10-22 15:37:52 190,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ADUIGP.DLL
+ 2006-10-18 13:58:00 8,704 ------w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-18 13:47:18 4,096 ------w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 13:58:00 8,704 ------w C:\WINDOWS\system32\wdfmgr.exe
- 2008-04-14 00:12:09 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 13:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2008-04-14 00:12:09 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 13:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2008-04-14 00:12:09 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 09:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2008-04-14 00:12:09 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-18 13:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2008-04-14 00:12:09 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 13:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-18 13:47:18 429,056 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-18 13:47:20 348,672 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 13:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2008-04-14 00:12:09 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 13:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2008-04-14 00:12:09 1,053,184 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 13:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2008-04-14 00:12:09 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2008-04-14 00:12:09 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2008-04-14 00:12:09 485,376 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 13:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2008-04-14 00:12:10 897,024 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 13:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2006-10-18 13:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-18 13:47:22 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2008-04-14 00:12:58 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 13:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 13:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2008-04-14 00:12:10 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2008-04-14 00:12:10 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 13:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 13:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 13:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 13:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 13:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-10-18 13:47:22 629,760 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 13:47:22 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 13:47:22 154,624 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 13:47:22 63,488 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 13:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 12:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-18 13:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 13:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-10-18 13:47:22 356,352 ------w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 12:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 10:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 10:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 10:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 10:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2008-07-23 13:28:17 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_8d8.dat
- 2006-10-26 05:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-12-12 07:40:54 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 01:30 294912]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 01:30 208896]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-15 15:07 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-15 15:07 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-15 15:07 137752]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 18:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 18:30 512000]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 10:21 66928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-08-25 19:25 3112960]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 03:06 59680]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"DB2COPY1 - db2systray.exe DB2"="C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe" [2007-07-23 02:49 79136]
"VodafoneVMCLiteLauncher"="C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2007-09-20 14:23 102400]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 15:58:10 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 16:36 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrSMFu]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NewShortcut1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NewShortcut1.lnk
backup=C:\WINDOWS\pss\NewShortcut1.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe]
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2007-03-29 15:41 222128 C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-12-11 10:11 1044480 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\ibm\\SDP70\\jdk\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\ibm\\SDP70\\runtimes\\base_v61\\java\\bin\\java.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"C:\\Program Files\\ibm\\Installation Manager\\eclipse\\jre_5.0.2.sr5_20070511\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-01-11 01:30]
R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2007-07-23 02:47]
R2 DB2NTSECSERVER_DB2COPY1;DB2 Security Server (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe [2007-07-23 02:48]
R2 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe [2007-07-23 02:48]
S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe [2007-07-23 02:45]
S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe [2007-07-23 02:46]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-12 22:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7727b1c2-e6ed-11dc-8faa-806d6172696f}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f01a1124-5880-11dd-883c-005056c00008}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f583b011-f3e9-11dc-87b9-005056c00008}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f882142e-fae6-11dc-87bf-005056c00008}]
\Shell\AutoRun\command - setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 01:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-23 13:29:34 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sg/ig?hl=en&source=iglk
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O16 -: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
C:\WINDOWS\Downloaded Program Files\acpir.inf
C:\WINDOWS\system32\capicom.dll
C:\WINDOWS\Downloaded Program Files\acpir2.dll

O16 -: {BA1C4B25-19D5-4F32-831D-BEAF1A402827} - hxxp://dl.bysoo.com/bysootb/nvwkanx1.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\nvwkanx1.inf
C:\WINDOWS\Downloaded Program Files\nvwkanx1.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\nvwkanx1.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 21:40:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 21:49:34
ComboFix-quarantined-files.txt 2008-07-23 13:48:59
ComboFix2.txt 2008-07-10 08:35:14
ComboFix3.txt 2008-07-09 08:20:03
ComboFix4.txt 2008-06-22 18:57:08

Pre-Run: 25,155,371,008 bytes free
Post-Run: 25,158,828,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

677 --- E O F --- 2008-07-23 10:02:08

BC AdBot (Login to Remove)

 


#2 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 07 August 2008 - 04:18 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance,

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Also, please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Post the HijackThis log and the uninstall list in the body of your next reply.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 15 August 2008 - 12:06 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users