hi RatHat,
First of all i have to say thanks for all your support and help through this painful
cleanup. The computer looks very good now, still have to do more testing to make
everything is clean but at least at first sight seems to be back in good shape.
Here are the latest logs:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ComboFix 08-04-13.2 - loboj 2008-04-14 17:28:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1146 [GMT -5:00]
Running from: C:\Documents and Settings\loboj\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\loboj\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Documents and Settings\loboj\Desktop\Misc\Nero-8.2.8.0_eng_trial.exe
C:\Documents and Settings\loboj\My Documents\desktop cleanup\Nero-8.3.2.1_eng_trial.exe
C:\Documents and Settings\loboj\My Documents\sspro_55.exe
C:\WINDOWS\CSC\d3\8000076A
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\loboj\Desktop\Misc\Nero-8.2.8.0_eng_trial.exe
C:\Documents and Settings\loboj\My Documents\desktop cleanup\Nero-8.3.2.1_eng_trial.exe
C:\Documents and Settings\loboj\My Documents\sspro_55.exe
C:\WINDOWS\CSC\d3\8000076A
.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.
2008-04-13 21:42 . 2008-04-13 21:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 21:42 . 2008-04-13 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 17:28 . 2008-04-13 17:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-13 16:30 . 2008-04-13 16:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 16:30 . 2008-04-13 16:30 <DIR> d-------- C:\Documents and Settings\loboj\Application Data\Malwarebytes
2008-04-13 16:30 . 2008-04-13 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:01 . 2008-04-13 16:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 15:54 . 2008-04-13 16:26 <DIR> d-------- C:\SDFix
2008-04-10 22:00 . 2008-04-10 22:00 67,272 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-10 19:07 . 2008-04-10 19:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 19:03 . 2008-04-10 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-04-10 17:23 . 2008-04-10 17:23 <DIR> d-------- C:\Documents and Settings\loboj\Application Data\AVG7
2008-04-10 17:22 . 2008-04-10 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-10 16:13 . 2008-04-10 16:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 23:09 . 2008-04-08 23:08 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-08 23:08 . 2008-04-08 23:14 <DIR> d-------- C:\Documents and Settings\loboj\.housecall6.6
2008-04-06 15:18 . 2008-04-06 15:18 <DIR> d-------- C:\Program Files\KONAMI
2008-04-06 10:29 . 2008-04-11 10:06 <DIR> d-------- C:\MDT
2008-04-06 10:28 . 2008-04-06 10:28 <DIR> d-------- C:\Documents and Settings\loboj\Application Data\CyberLink
2008-04-06 10:28 . 2008-04-06 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-06 07:39 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-04-06 07:39 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-04-06 07:39 . 2002-07-17 16:22 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-04-06 07:39 . 2002-07-17 16:22 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-04-06 07:38 . 2008-04-06 07:38 <DIR> d-------- C:\temp\Aspi 470
2008-04-06 07:38 . 2008-04-06 07:57 <DIR> d-------- C:\Program Files\DeadDiskDoctor
2008-04-06 07:38 . 1999-11-24 01:00 288,433 --a------ C:\temp\aspi32.exe
2008-04-06 07:38 . 2002-06-13 16:39 153,088 --a------ C:\temp\UNWISE.EXE
2008-04-05 15:45 . 2000-08-16 21:26 11,987 -ra------ C:\WINDOWS\PmxScan.inf
2008-04-05 15:45 . 1999-07-15 20:21 4,608 -ra------ C:\WINDOWS\system32\W95Inf32.DLL
2008-04-05 15:45 . 1999-07-15 20:21 2,272 -ra------ C:\WINDOWS\system32\W95Inf16.DLL
2008-04-05 15:44 . 1999-10-13 02:19 12,400 -ra------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-05 15:43 . 2008-04-05 20:20 <DIR> d-------- C:\Documents and Settings\loboj\Application Data\Ulead Systems
2008-04-05 15:28 . 2008-04-06 07:58 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-05 15:22 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-05 15:14 . 2008-04-05 15:14 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-04-05 15:14 . 2008-04-05 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-04-05 15:14 . 2007-03-06 11:58 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-05 15:14 . 2007-03-06 11:58 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-05 15:14 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-05 15:14 . 2007-03-06 11:58 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-05 15:14 . 2007-03-06 11:58 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-05 15:14 . 2007-03-06 11:58 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-05 15:06 . 1998-07-30 00:44 14,336 -ra------ C:\WINDOWS\system32\pmxusb.cpl
2008-04-05 15:06 . 1999-10-13 02:19 12,400 -ra------ C:\WINDOWS\system32\drivers\SET210.tmp
2008-04-05 13:22 . 2008-04-05 13:22 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-05 08:18 . 2008-04-05 08:18 <DIR> d-------- C:\Program Files\Safari
2008-04-05 08:10 . 2008-04-05 08:10 <DIR> d-------- C:\Program Files\iTunes
2008-04-05 08:10 . 2008-04-05 08:10 <DIR> d-------- C:\Program Files\iPod
2008-04-05 08:08 . 2008-04-05 08:08 <DIR> d-------- C:\Program Files\QuickTime
2008-04-04 16:43 . 2008-04-04 16:43 <DIR> d-------- C:\Program Files\Webteh
2008-04-04 16:24 . 2008-04-04 16:25 <DIR> d-------- C:\Documents and Settings\loboj\Application Data\Roxio
2008-04-04 15:57 . 2008-04-04 15:57 <DIR> d-------- C:\SmartSound Software
2008-04-04 15:56 . 2008-04-04 15:56 <DIR> d-------- C:\WINDOWS\system32\Quicktime
2008-04-04 15:56 . 2008-04-04 15:56 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-04 15:56 . 2008-04-04 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-04 15:51 . 2008-04-04 15:51 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-04 15:51 . 2008-04-04 15:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-04 15:50 . 2008-04-04 15:50 <DIR> d-------- C:\Program Files\Common Files\SONY Digital Images
2008-04-04 15:48 . 2008-04-04 15:48 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-04 15:48 . 2008-04-05 15:23 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-04 15:48 . 2008-04-05 15:13 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-04 15:48 . 2008-04-05 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-04 14:13 . 2008-04-06 09:16 <DIR> d-------- C:\Documents and Settings\loboj\Application Data\LimeWire
2008-04-04 10:39 . 2008-04-04 10:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 10:39 . 2008-04-10 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 10:13 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-04-04 10:13 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-04-04 10:12 . 2008-04-04 10:12 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-04 08:39 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-04-03 11:32 . 2008-04-03 11:32 268 --ah----- C:\sqmdata08.sqm
2008-04-03 11:32 . 2008-04-03 11:32 244 --ah----- C:\sqmnoopt08.sqm
2008-04-03 08:51 . 2008-04-03 08:51 268 --ah----- C:\sqmdata07.sqm
2008-04-03 08:51 . 2008-04-03 08:51 244 --ah----- C:\sqmnoopt07.sqm
2008-04-03 07:04 . 2008-04-03 07:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-04-03 07:01 . 2008-04-03 07:01 268 --ah----- C:\sqmdata06.sqm
2008-04-03 07:01 . 2008-04-03 07:01 244 --ah----- C:\sqmnoopt06.sqm
2008-03-30 22:23 . 2008-03-30 22:23 164 --a------ C:\install.dat
2008-03-30 21:55 . 2008-04-13 15:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 21:55 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-30 00:43 . 2008-04-06 18:37 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-03-29 20:20 . 2008-03-29 20:20 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-03-29 15:10 . 2008-03-29 15:10 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-29 14:58 . 2008-03-29 14:58 <DIR> d-------- C:\Program Files\Nero
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 11:19 . 2008-03-28 11:19 <DIR> d-------- C:\Program Files\Navis
2008-03-26 10:30 . 2008-03-26 10:30 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-26 10:30 . 2008-03-26 10:30 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-03-25 21:52 . 2008-03-25 21:52 <DIR> d-------- C:\Program Files\Copy of Frets on Fire
2008-03-25 21:45 . 2008-03-21 21:15 <DIR> d-------- C:\Program Files\FretsOnFire
2008-03-25 19:51 . 2008-03-25 19:57 <DIR> d-------- C:\Documents and Settings\loboj\Application Data\fretsonfire
2008-03-25 19:50 . 2008-03-25 21:53 <DIR> d-------- C:\Program Files\Frets on Fire
2008-03-21 10:39 . 2008-03-21 10:39 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-03-21 10:39 . 2008-03-21 10:42 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-21 10:39 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-03-21 10:39 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-03-21 10:38 . 2008-03-21 10:47 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-03-21 10:38 . 2008-03-21 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-20 10:50 . 2008-03-23 16:56 38 --a------ C:\WINDOWS\ZTE MZ16 MODEM EDGE.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 22:34 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-14 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-14 09:44 --------- d-----w C:\Documents and Settings\loboj\Application Data\Wave Systems Corp
2008-04-14 01:40 --------- d-----w C:\Program Files\eMule
2008-04-12 19:45 --------- d-----w C:\Program Files\Picasa2
2008-04-05 20:28 --------- d-----w C:\Program Files\DivX
2008-04-05 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 17:48 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-05 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-05 13:38 --------- d-----w C:\Documents and Settings\loboj\Application Data\Apple Computer
2008-04-04 18:47 --------- d-----w C:\Documents and Settings\loboj\Application Data\Winamp
2008-04-04 18:05 --------- d-----w C:\Program Files\Winamp
2008-04-04 16:32 --------- d-----w C:\Program Files\Baplie
2008-04-03 12:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
2008-03-17 13:17 --------- d-----w C:\Program Files\Java
2008-03-08 14:57 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-08 14:57 --------- d-----w C:\Program Files\Common Files\Real
2008-02-28 22:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 21:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-18 21:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 21:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2006-05-27 20:06 76,528 ----a-w C:\Documents and Settings\notes\nLNVP.dll
2002-07-25 14:36 2,662,453 ----a-w C:\Documents and Settings\notes\ninotes.dll
2002-07-24 20:41 692,273 ----a-w C:\Documents and Settings\notes\nsd.exe
2002-07-24 20:41 614,454 ----a-w C:\Documents and Settings\notes\memcheck.exe
2002-07-24 20:41 57,399 ----a-w C:\Documents and Settings\notes\nmstrings.dll
2002-07-24 20:41 561,206 ----a-w C:\Documents and Settings\notes\nstrings.dll
2002-07-24 20:41 540,724 ----a-w C:\Documents and Settings\notes\nmsp32.dll
2002-07-24 20:41 188,468 ----a-w C:\Documents and Settings\notes\nabp32.dll
2002-07-24 20:41 176,179 ----a-w C:\Documents and Settings\notes\notes.exe
2002-07-24 20:41 10,522,678 ----a-w C:\Documents and Settings\notes\nnotesws.dll
2002-07-24 20:40 7,602,228 ----a-w C:\Documents and Settings\notes\nnotes.dll
2002-07-24 20:39 61,496 ----a-w C:\Documents and Settings\notes\ldapsearch.exe
2002-07-19 00:43 81,972 ----a-w C:\Documents and Settings\notes\nnwspx.dll
2002-07-19 00:36 53,301 ----a-w C:\Documents and Settings\notes\nmprops.dll
2002-07-19 00:36 528,437 ----a-w C:\Documents and Settings\notes\nlnotes.exe
2002-07-19 00:36 45,110 ----a-w C:\Documents and Settings\notes\nconvert.exe
2002-07-19 00:36 449,136 ----a-w C:\Documents and Settings\notes\nlsxodbc.dll
2002-07-19 00:36 36,918 ----a-w C:\Documents and Settings\notes\nmailman.dll
2002-07-19 00:36 245,812 ----a-w C:\Documents and Settings\notes\nxpp32.dll
2002-07-19 00:35 954,420 ----a-w C:\Documents and Settings\notes\nlsxbe.dll
2002-07-19 00:35 73,779 ----a-w C:\Documents and Settings\notes\njemp.dll
2002-07-19 00:35 45,110 ----a-w C:\Documents and Settings\notes\nskn40en.dll
2002-07-19 00:35 45,110 ----a-w C:\Documents and Settings\notes\nsen40en.dll
2002-07-19 00:35 36,918 ----a-w C:\Documents and Settings\notes\nlogasio.exe
2002-07-19 00:35 130,884 ----a-w C:\Documents and Settings\notes\ndbodbc.dll
2002-07-19 00:35 130,884 ----a-w C:\Documents and Settings\notes\ndbdlens.dll
2002-07-19 00:35 127,030 ----a-w C:\Documents and Settings\notes\nwmsgtrc.dll
2002-07-19 00:33 36,915 ----a-w C:\Documents and Settings\notes\nxwks.dll
2002-07-19 00:33 24,628 ----a-w C:\Documents and Settings\notes\nxtiff.dll
2002-07-19 00:33 24,628 ----a-w C:\Documents and Settings\notes\nxtext.dll
2002-07-19 00:33 24,627 ----a-w C:\Documents and Settings\notes\nxtab.dll
2002-07-19 00:33 20,531 ----a-w C:\Documents and Settings\notes\nxw4w.dll
2002-07-19 00:31 24,629 ----a-w C:\Documents and Settings\notes\ndyncfg.exe
2002-07-19 00:25 69,686 ----a-w C:\Documents and Settings\notes\ncollect.exe
2002-07-19 00:25 69,683 ----a-w C:\Documents and Settings\notes\namgr.exe
2002-07-19 00:25 57,397 ----a-w C:\Documents and Settings\notes\ltssb01.dll
2002-07-19 00:25 45,110 ----a-w C:\Documents and Settings\notes\nwrdaemn.exe
2002-07-19 00:25 45,109 ----a-w C:\Documents and Settings\notes\rtfcnvt.exe
2002-07-19 00:25 28,726 ----a-w C:\Documents and Settings\notes\naldaemn.exe
2002-07-19 00:25 241,718 ----a-w C:\Documents and Settings\notes\nlsccstr.dll
2002-07-19 00:25 20,534 ----a-w C:\Documents and Settings\notes\ndbnotes.dll
2002-07-19 00:25 20,534 ----a-w C:\Documents and Settings\notes\nchronos.exe
2002-07-19 00:25 16,438 ----a-w C:\Documents and Settings\notes\nntcheck.dll
2002-07-19 00:25 16,437 ----a-w C:\Documents and Settings\notes\namhook.dll
2002-07-19 00:24 208,949 ----a-w C:\Documents and Settings\notes\nadminp.exe
2002-07-19 00:17 327,730 ----a-w C:\Documents and Settings\notes\js32.dll
2002-07-18 23:32 154,200 ----a-w C:\Documents and Settings\notes\njempcl.zip
2002-05-07 13:27 811,008 ------w C:\Documents and Settings\notes\LotusProductRegistration.exe
2002-03-19 19:41 65,536 ------w C:\Documents and Settings\notes\kvfilter.dll
2001-12-13 15:14 32,768 ------w C:\Documents and Settings\notes\kvolefio.dll
2001-12-13 15:14 139,264 ------w C:\Documents and Settings\notes\kwad.dll
2001-09-13 18:35 81,752 ----a-w C:\Documents and Settings\notes\jpeg.dll
2001-09-13 18:35 59,428 ----a-w C:\Documents and Settings\notes\zip.dll
2001-09-13 18:35 56,228 ----a-w C:\Documents and Settings\notes\math.dll
2001-09-13 18:35 415,796 ----a-w C:\Documents and Settings\notes\winawt.dll
2001-09-13 18:35 41,176 ----a-w C:\Documents and Settings\notes\net.dll
2001-09-13 18:35 398,336 ----a-w C:\Documents and Settings\notes\symcjit.dll
2001-09-13 18:35 17,540 ----a-w C:\Documents and Settings\notes\mmedia.dll
2001-09-13 18:35 12,036 ----a-w C:\Documents and Settings\notes\sysresource.dll
2001-09-13 18:34 604,740 ----a-w C:\Documents and Settings\notes\javai.dll
2001-09-13 18:34 44,820 ----a-w C:\Documents and Settings\notes\jdbcodbc.dll
2001-08-21 16:25 94,208 ------w C:\Documents and Settings\notes\kvutil.dll
2001-08-21 16:25 118,784 ------w C:\Documents and Settings\notes\pdfsr.dll
2001-06-25 20:14 1,789,952 ------w C:\Documents and Settings\notes\ltspln50.dll
2000-07-21 15:27 466,986 ----a-w C:\Documents and Settings\notes\gtrnotes.dll
2000-06-29 21:48 94,208 ------w C:\Documents and Settings\notes\mw6sr.dll
2000-06-29 21:47 98,304 ------w C:\Documents and Settings\notes\kvarcve.dll
2000-06-29 21:46 69,632 ------w C:\Documents and Settings\notes\htmcnv.dll
2000-06-29 21:45 73,728 ------w C:\Documents and Settings\notes\xywsr.dll
2000-06-29 21:45 53,248 ------w C:\Documents and Settings\notes\mifsr.dll
2000-06-29 21:45 45,056 ------w C:\Documents and Settings\notes\qpssr.dll
2000-06-29 21:45 40,960 ----a-w C:\Documents and Settings\notes\foliosr.dll
2000-06-29 21:45 36,864 ------w C:\Documents and Settings\notes\mswsr.dll
2000-06-29 21:45 32,768 ------w C:\Documents and Settings\notes\mwssr.dll
2000-06-29 21:45 28,672 ------w C:\Documents and Settings\notes\shwsr.dll
2000-06-29 21:45 28,672 ------w C:\Documents and Settings\notes\przsr.dll
2000-06-29 21:45 28,672 ------w C:\Documents and Settings\notes\ppcsr.dll
2000-06-29 21:45 28,672 ------w C:\Documents and Settings\notes\kvoop.exe
2000-06-29 21:45 24,576 ------w C:\Documents and Settings\notes\wmfsr.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-13_21.24.51.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 02:19:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 22:33:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 00:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2008-03-20 14:56:43 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-14 09:41:33 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-20 14:56:43 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-14 09:41:33 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-20 14:56:43 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-14 09:41:33 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-20 14:56:42 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-14 09:41:33 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-20 14:56:43 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-14 09:41:33 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-20 14:56:43 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-14 09:41:33 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-20 14:56:43 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-14 09:41:33 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-20 14:56:43 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-14 09:41:33 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-20 14:56:43 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-14 09:41:33 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-20 14:56:43 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-14 09:41:33 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-20 14:56:44 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-14 09:41:33 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-20 14:56:42 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-14 09:41:33 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-20 14:56:42 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-14 09:41:33 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:21:45 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:21:45 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 ------w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:21:48 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 11:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-04-05 20:38:44 290,888 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-14 09:43:39 290,888 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-04-06 14:15:08 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-04-14 17:20:27 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-04-14 02:09:23 72,382 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-14 14:41:34 72,382 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-14 02:09:23 443,534 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-14 14:41:34 443,534 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 17:53 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-15 22:49 159744]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 12:45 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 12:45 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 12:45 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 00:26 303104 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 16:32 102400]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 04:10 1392640]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 11:33 48800]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 15:06 85744]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 06:00 143360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Detector"="C:\WINDOWS\twain_32\FlatBed\Usb\Detector.exe" [2000-08-06 23:00 38400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 20:23 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 21:43:46 2150400]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-07 12:24:12 50688]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-06 17:53:49 124400]
VPN Client.lnk - C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-12-20 11:55:09 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\NavDiag\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 PBADRV;PBADRV;C:\WINDOWS\system32\DRIVERS\PBADRV.sys [2006-08-28 16:00]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-04 06:00]
R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 13:32]
R3 ThSerMux;ThSerMux;C:\WINDOWS\system32\DRIVERS\thsermux.sys [2006-09-18 01:49]
R3 thserprt;thserprt;C:\WINDOWS\system32\DRIVERS\thserprt.sys [2006-09-18 01:49]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-06 17:55]
S3 pmxscan;USB USB FlatBed Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [1999-10-13 02:19]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-01-29 22:59]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 12:23:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-14 17:35:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\CNAC1RPK.EXE
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Completion time: 2008-04-14 17:40:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 22:40:11
ComboFix2.txt 2008-04-14 02:25:05
Pre-Run: 37,647,568,896 bytes free
Post-Run: 37,432,713,216 bytes free
.
2008-04-14 09:42:16 --- E O F ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\CNAC1RPK.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\twain_32\FlatBed\Usb\Detector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\loboj\notes\NLNOTES.EXE
C:\Documents and Settings\loboj\notes\nwrdaemn.EXE
C:\Documents and Settings\loboj\notes\nupdate.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.molam.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft....k/?LinkId=74005O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\DOCUME~1\loboj\LOCALS~1\Temp\{FE50708E-1BC0-439A-A956-FE54B7A82D6F}\{20A6985E-4516-4042-BCAB-FEA3BED712CD}\bgstb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Dis