PDA

View Full Version : Combo Fix log analysis



Renmoo
31-07-2008, 07:35 PM
Dear all,
It would be great if someone can please take a look at my Combo Fix log and see if there's anything wrong with it. Thanks!

ComboFix 08-07-13.11 - username 2008-07-31 18:10:46.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1219 [GMT 12:00]
Running from: C:\Documents and Settings\username\Desktop\ComboFix.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-31 18:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 18:04 . 2008-07-31 18:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-31 16:10 . 2008-07-31 16:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-07-30 18:28 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-07-30 18:28 . 2008-07-30 18:28 268 --ah----- C:\sqmdata05.sqm
2008-07-30 18:28 . 2008-07-30 18:28 244 --ah----- C:\sqmnoopt05.sqm
2008-07-30 18:27 . 2008-07-30 18:27 <DIR> d-------- C:\Program Files\Sygate
2008-07-30 18:27 . 2004-08-10 17:05 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-07-30 18:27 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-07-30 18:27 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-07-30 18:12 . 2008-07-30 18:12 268 --ah----- C:\sqmdata04.sqm
2008-07-30 18:12 . 2008-07-30 18:12 244 --ah----- C:\sqmnoopt04.sqm
2008-07-30 15:45 . 2008-07-30 15:45 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-30 15:45 . 2008-07-30 15:45 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-30 15:45 . 2008-07-30 15:45 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-29 19:39 . 2008-07-29 19:48 157 --a------ C:\WINDOWS\matlab.ini
2008-07-29 19:38 . 2008-07-29 19:38 <DIR> d-------- C:\Documents and Settings\username\Application Data\MathWorks
2008-07-29 19:36 . 2008-07-29 19:36 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-07-29 19:36 . 2004-03-01 21:05 407,104 --a------ C:\WINDOWS\system32\MSHFLXGD.OCX
2008-07-29 19:01 . 2008-07-29 19:01 <DIR> d-------- C:\Program Files\MATLAB
2008-07-23 20:59 . 2008-07-23 20:59 <DIR> d-------- C:\Program Files\CHM To PDF Converter PRO
2008-07-21 15:18 . 2008-07-21 15:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-19 11:39 . 2008-07-19 11:39 <DIR> d-------- C:\Program Files\TortoiseSVN
2008-07-19 11:39 . 2008-07-19 11:39 <DIR> d-------- C:\Program Files\Common Files\TortoiseOverlays
2008-07-19 10:22 . 2008-07-19 10:22 <DIR> d-------- C:\WINDOWS\ie8updates
2008-07-19 10:10 . 2008-06-14 01:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-19 10:10 . 2008-06-14 01:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-11 08:47 . 2008-07-11 08:47 <DIR> d--hs---- C:\FOUND.002
2008-07-10 20:08 . 2008-07-10 20:08 <DIR> d-------- C:\Documents and Settings\username\Application Data\dvdcss
2008-06-28 01:05 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-06-27 19:54 . 2008-06-27 19:54 <DIR> d-------- C:\Program Files\Warcraft III
2008-06-25 11:32 . 2008-06-25 11:32 <DIR> d-------- C:\Program Files\TmNationsForever
2008-06-24 06:27 . 2008-06-24 06:27 38 --a------ C:\WINDOWS\avisplitter.INI
2008-06-16 16:34 . 2008-06-16 16:34 268 --ah----- C:\sqmdata03.sqm
2008-06-16 16:34 . 2008-06-16 16:34 244 --ah----- C:\sqmnoopt03.sqm
2008-06-15 16:51 . 2008-06-15 16:51 268 --ah----- C:\sqmdata02.sqm
2008-06-15 16:51 . 2008-06-15 16:51 244 --ah----- C:\sqmnoopt02.sqm
2008-06-08 16:45 . 2008-06-08 16:45 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-06-08 16:45 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-08 16:45 . 2008-06-06 15:00 221,184 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-06-08 16:45 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-08 16:45 . 2008-06-04 18:42 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-08 16:45 . 2008-06-04 18:42 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-08 16:45 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-08 16:45 . 2008-06-04 18:42 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-08 16:45 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-06-08 16:45 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-04 06:42 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-04 06:42 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-05-28 10:06 --------- d-----w C:\Program Files\Unlocker
2008-05-28 02:31 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-05-15 23:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:20 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-05-08 11:20 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2008-05-08 04:50 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-05-08 04:50 830,464 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-05-08 04:50 5,120,000 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 20:19 187,392 ----a-w C:\WINDOWS\system32\bzpdf.dll
2008-04-06 04:23 5,650,432 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-04-01 20:13 147,456 ----a-w C:\WINDOWS\system32\bzpdfc.dll
2008-03-01 01:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-02 14:43 2,402,550 ----a-w C:\WINDOWS\inf\SET4D.tmp
.

------- Sigcheck -------

2007-06-13 23:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 23:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-14 00:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 20:00 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_17.25.37.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:28 1,845,888 ------w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:19:36 147,968 ------w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ------w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:44 282,624 ------w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:34 14,048 ------w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:32 22,752 ------w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ------w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:22 554,008 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:12 518,944 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:12 326,432 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:12 1,516,568 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:12 355,112 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:14 151,583 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:14 432,928 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:14 322,336 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:14 559,904 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:14 264,992 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:14 838,432 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ------w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ------w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:23:00 716,000 ------w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst .exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi .dll
+ 2007-03-08 14:47:48 1,843,584 ------w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2006-06-26 18:37:10 148,480 ------w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 08:00:00 45,568 ------w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst .exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi .dll
+ 2007-06-19 14:31:20 282,112 ------w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst .exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi .dll
+ 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst .exe
+ 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi .dll
+ 2004-08-04 08:00:00 561,179 ------w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll
+ 2004-08-04 08:00:00 512,029 ------w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-04 08:00:00 319,517 ------w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-04 08:00:00 1,507,356 ------w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll
+ 2004-08-04 08:00:00 358,976 ------w C:\WINDOWS\$NtUninstallKB950749$\msjetol1.dll
+ 2004-08-04 08:00:00 358,976 ------w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-04 08:00:00 151,583 ------w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-04 08:00:00 53,279 ------w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-04 08:00:00 241,693 ------w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-04 08:00:00 213,023 ------w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-04 08:00:00 348,189 ------w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-04 08:00:00 421,919 ------w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-04 08:00:00 315,423 ------w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-04 08:00:00 552,989 ------w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-04 08:00:00 258,077 ------w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-04 08:00:00 831,519 ------w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-04 08:00:00 614,429 ------w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-04 08:00:00 348,189 ------w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst .exe
+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi .dll
+ 2008-07-29 07:36:36 73,728 ----a-w C:\WINDOWS\assembly\GAC_32\MWArray\2.0.0.0__e1d84a 0da19db86f\MWArray.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-03 08:01:22 5,120,000 ------w C:\WINDOWS\ie8updates\KB951804-IE8\mshtml.dll
+ 2007-11-30 12:39:22 231,288 ------w C:\WINDOWS\ie8updates\KB951804-IE8\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 ------w C:\WINDOWS\ie8updates\KB951804-IE8\spuninst\updspapi.dll
+ 2008-03-03 08:01:22 830,464 ------w C:\WINDOWS\ie8updates\KB951804-IE8\wininet.dll
+ 2007-06-19 17:30:12 868,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\AEC.DLL
+ 2007-06-19 17:34:20 156,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\DWGCNV.DLL
+ 2007-06-19 17:30:30 2,098,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\DWGDP.DLL
+ 2007-06-19 17:29:44 484,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\MODELENG.DLL
+ 2007-06-19 17:30:18 1,001,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\ORGCHART.DLL
+ 2007-06-19 17:29:40 469,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\ORGCHWIZ.DLL
+ 2007-06-19 17:30:28 1,511,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\UML.DLL
+ 2007-06-19 17:29:52 554,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\UMLSYS.DLL
+ 2007-06-19 17:30:36 7,819,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\VISBRGR.DLL
+ 2007-06-19 17:34:38 190,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\VISIO.EXE
+ 2007-06-19 17:30:38 8,296,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\VISLIB.DLL
+ 2007-06-19 17:33:54 108,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90401509 00063D11C8EF10054038389C\11.0.8173\VISOCX.DLL
+ 2004-08-01 20:51:16 719,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\ANLYZTS.DLL
+ 2007-05-28 15:02:44 325,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\ATLCONV.DLL
+ 2007-05-28 13:48:24 354,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\MSWARP.DLL
+ 2007-05-28 15:02:44 951,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PJ11OD11.DLL
+ 2007-05-28 13:48:18 280,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PJ11TM11.DLL
+ 2006-01-17 03:48:06 146,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PJMSGMGR.DLL
+ 2006-01-17 03:48:06 167,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PJMSGSDR.DLL
+ 2007-05-28 13:48:30 4,323,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PJOLEDB.DLL
+ 2007-05-28 13:48:20 304,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PJRESC.DLL
+ 2007-05-28 13:48:14 223,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PJSPOOL.EXE
+ 2007-05-28 15:02:46 1,738,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\PRJRES.DLL
+ 2007-05-28 15:02:44 685,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\SERCONV.DLL
+ 2007-05-28 15:02:48 11,421,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B309 00063D11C8EF10054038389C\11.0.8173\WINPROJ.EXE
- 2008-04-23 04:51:08 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-18 22:24:52 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-23 04:51:08 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-07-18 22:24:52 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-23 04:51:08 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-18 22:24:52 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-23 04:51:08 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-18 22:24:52 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-23 04:51:08 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-18 22:24:52 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-23 04:51:08 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-07-18 22:24:52 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-23 04:51:08 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-18 22:24:52 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-23 04:51:08 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-18 22:24:52 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-23 04:51:08 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-07-18 22:24:52 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-23 04:51:08 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-18 22:24:52 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-23 04:51:08 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-18 22:24:52 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-23 04:51:06 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-18 22:24:50 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-23 04:51:06 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-18 22:24:50 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-17 02:40:26 135,168 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-03 01:33:40 135,168 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-17 02:40:26 4,096 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-03 01:33:40 4,096 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-17 02:40:26 147,456 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-06-03 01:33:40 147,456 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
- 2008-03-29 21:48:16 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-03 01:34:12 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-29 21:48:16 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-03 01:34:12 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-29 21:48:16 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-03 01:34:12 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-29 21:48:16 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-06-03 01:34:12 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-07-30 06:28:24 4,608 ----a-r C:\WINDOWS\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
+ 2008-05-06 23:31:16 106,368 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\Rtenicxp.sys
- 2000-08-30 20:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-30 20:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2004-08-04 08:00:00 561,179 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:26 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-04 08:00:00 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:44 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-06-19 14:31:20 282,112 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:06 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2004-08-04 08:00:00 512,029 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 08:00:00 319,517 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-04 08:00:00 1,507,356 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-04 08:00:00 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 08:00:00 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 08:00:00 53,279 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 08:00:00 241,693 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 08:00:00 213,023 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-04 08:00:00 421,919 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 08:00:00 315,423 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 08:00:00 552,989 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 08:00:00 258,077 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-08-04 08:00:00 831,519 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 08:00:00 614,429 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2007-03-08 14:47:48 1,843,584 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2006-06-26 18:37:10 148,480 ----a-w C:\WINDOWS\system32\DNSAPI.DLL
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 08:00:00 45,568 ----a-w C:\WINDOWS\system32\DNSRSLVR.DLL
+ 2008-02-20 05:32:44 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-04-28 23:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-28 23:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
- 2007-12-02 22:59:06 74,616 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2008-07-30 03:45:44 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2008-04-28 23:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2006-07-13 09:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:50 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
- 2008-05-28 10:42:02 281,336 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-04 03:38:02 281,336 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-10-15 06:31:58 99,480 ----a-w C:\WINDOWS\system32\FwsVpn.dll
- 2007-06-19 14:31:20 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:06 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2008-02-21 13:23:36 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 13:21:02 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-21 13:23:40 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 13:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-21 14:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-09 14:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-05 10:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-24 21:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 08:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 08:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2008-03-03 08:01:22 5,120,000 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-05-08 04:50:54 5,120,000 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 08:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 08:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 08:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 08:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 08:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 08:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 08:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 08:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 08:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 08:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 08:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 08:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 08:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2005-09-07 13:03:50 1,330,888 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2007-05-15 03:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
- 2008-05-28 10:41:14 864,624 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-07-30 05:49:36 44,640 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2004-10-15 06:31:56 218,264 ----a-w C:\WINDOWS\system32\SetAid.dll
- 2007-10-08 02:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-03-08 14:47:48 1,843,584 ----a-w C:\WINDOWS\system32\WIN32K.SYS
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-07-31 04:02:20 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_298.dat
+ 2008-04-10 10:52:48 225,280 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30411.0_x-ww_71382c73\msvcm90.dll
+ 2008-04-10 16:32:14 572,928 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30411.0_x-ww_71382c73\msvcp90.dll
+ 2008-04-10 16:32:14 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30411.0_x-ww_71382c73\msvcr90.dll
+ 2008-04-10 16:32:14 3,767,288 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90.dll
+ 2008-04-10 16:32:16 3,783,160 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30411.0_x-ww_421e9f78\mfc90u.dll
+ 2008-04-10 13:51:48 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90.dll
+ 2008-04-10 13:51:48 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a 1e18e3b_9.0.30411.0_x-ww_421e9f78\mfcm90u.dll
+ 2008-04-10 16:32:04 44,032 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90chs.dll
+ 2008-04-10 16:32:02 44,544 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90cht.dll
+ 2008-04-10 16:32:12 63,488 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90deu.dll
+ 2008-04-10 16:32:08 56,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90enu.dll
+ 2008-04-10 16:32:08 61,952 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esn.dll
+ 2008-04-10 16:32:08 61,952 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90esp.dll
+ 2008-04-10 16:32:10 62,976 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90fra.dll
+ 2008-04-10 16:32:10 61,952 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90ita.dll
+ 2008-04-10 16:32:06 49,664 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90jpn.dll
+ 2008-04-10 16:32:02 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3 b9a1e18e3b_9.0.30411.0_x-ww_b29f1338\mfc90kor.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\8T ortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\9T ortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960]
"FreeRAM XP"="D:\Program Backup\FreeRAM XP Pro 1.40.exe" [2003-11-30 23:13 1354240]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-02-10 13:56 5724184]
"YahooWidget"="C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe" [2007-11-21 08:14 3730472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" [2006-07-09 21:58 1777664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 02:24 110592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 09:47 7573504]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 09:47 86016]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 23:26 761945]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 20:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49 338432]
"BootSkin Startup Jobs"="C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BootSkin.ex e" [2004-04-26 16:21 270336]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2006-04-27 09:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-18 23:52 15797248 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\username\Start Menu\Programs\Startup\
TransBar.lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 08:41:18 65536]
Y'z Shadow.lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 20:43:14 155648]
RocketDock.lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 11:05:02 630784]
UberIcon.lnk - C:\Program Files\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 20:43:08 180224]
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-03-01 11:19:50 3604480]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-11-16 10:09:22 44384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^username^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\username\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
--a------ 2006-02-21 15:20 180224 C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 10:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 05:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-01-19 21:34 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Zshutdown"=c:\sysprep\patch\sysprep.cmd

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 11:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-30 15:45]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-30 15:45]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-16 11:16]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 15:01]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 10:26]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 10:26]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-07-31 04:05:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-COMODO Firewall Pro - C:\Program Files\Comodo\Firewall\cfp.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 18:11:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\v sdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Completion time: 2008-07-31 18:13:56
ComboFix-quarantined-files.txt 2008-07-31 06:13:46
ComboFix4.txt 2008-05-27 08:41:10
ComboFix3.txt 2008-05-29 05:26:10
ComboFix2.txt 2008-05-31 22:53:32

Pre-Run: 28,238,381,056 bytes free
Post-Run: 28,423,684,096 bytes free

549

Cheers :)

Speedy Gonzales
31-07-2008, 07:37 PM
Send an email to Pancake

Pancake
01-08-2008, 12:28 PM
Ok.Not much.Just a small bit of malware to fix.


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:




File::
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\WINDOWS\inf\SET4D.tmp
Folder::
C:\FOUND.002



Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Renmoo
01-08-2008, 06:24 PM
Awesome Pancake :) :) :D :thumbs:

I will do that tonight