hn.exe [Closed] [Solved]
#1
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 11 February 2009 - 02:57 AM
#2
- Group: GeekU Moderator
- Posts: 13,179
- Joined: 15-June 06
Posted 12 February 2009 - 01:04 AM
Hello, harrobray, and welcome to GeeksToGo! Before I can help you, please do the following:
Please follow the steps in this topic, and post back with a HijackThis log and MBAM (Malware Byte's Anti-Malware) log if you are still having problems and I will look over the log for you.
Please follow the steps in this topic, and post back with a HijackThis log and MBAM (Malware Byte's Anti-Malware) log if you are still having problems and I will look over the log for you.
#3
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 13 February 2009 - 04:04 AM
Hi, Here is the malwarbytes log
Malwarebytes' Anti-Malware 1.34
Database version: 1757
Windows 6.0.6001 Service Pack 1
13/02/2009 9:00:17 PM
mbam-log-2009-02-13 (21-00-17).txt
Scan type: Quick Scan
Objects scanned: 72216
Time elapsed: 3 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And here is the HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:32 PM, on 13/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AceHide Free\AceHideFree.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...travelmate_4730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 172.16.1.14 linux
O1 - Hosts: 172.16.1.14 linux.stpaulswgl.vic.edu.au
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\Windows\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 10663 bytes
Thanks
Malwarebytes' Anti-Malware 1.34
Database version: 1757
Windows 6.0.6001 Service Pack 1
13/02/2009 9:00:17 PM
mbam-log-2009-02-13 (21-00-17).txt
Scan type: Quick Scan
Objects scanned: 72216
Time elapsed: 3 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And here is the HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:32 PM, on 13/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AceHide Free\AceHideFree.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...travelmate_4730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 172.16.1.14 linux
O1 - Hosts: 172.16.1.14 linux.stpaulswgl.vic.edu.au
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\Windows\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 10663 bytes
Thanks
#4
- Group: GeekU Moderator
- Posts: 13,179
- Joined: 15-June 06
Posted 13 February 2009 - 09:24 AM
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
----------------------------------------------------------- - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
#5
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 15 February 2009 - 12:54 AM
hers the combo fix log
ComboFix 09-02-12.03 - User 2009-02-15 17:32:57.1 - NTFSx86
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.233 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-09 18:20 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-01-23 21:13 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-15 17:38 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
"FIREWALL SERVICE"="c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe" [2009-02-04 409600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"{A1A3F5FF-D67D-422F-8E01-3EDA4BA823AC}"= TCP:3024:Novell Client Trust
"TCP Query User{7C7EFFFC-5E25-41D6-B29A-70715F167D59}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= UDP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"UDP Query User{6A4E8F2A-1992-4637-A64B-E698B7D886E4}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= TCP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"{D0681CDE-8F6D-4C07-A084-C1D187A5928E}"= UDP:c:\windows\System32\wuapp.exe:wuapp.exe
"{04B5A1C4-6E74-4264-BE22-E31F883F8FE5}"= TCP:c:\windows\System32\wuapp.exe:wuapp.exe
"{FA39D614-7F55-42E3-A9F3-670C62CFA3DD}"= UDP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{1297931F-DFE3-4C44-BA07-BB7979AE313B}"= TCP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{3D3EE412-BB1E-41DC-9ADE-89F4D58BE275}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ACB21EA7-4C49-4EC9-9201-7686531AAA1D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FFB30366-14C1-483D-ADE3-316E616451EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F553B25A-37A6-4051-B12C-FFA52E6D81C3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6652D613-A8A8-4E5B-BB45-A77CFD29519D}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{D567CFB0-D771-455C-9122-677F66878659}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\System32\drivers\nipplpt.sys [2008-11-10 34592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-04 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-12-15 81424]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2008-12-15 52752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 WNTHW;WNTHW;c:\windows\System32\drivers\WNTHW.SYS [2008-11-11 9176]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\xtsvcmgr.exe [2007-08-16 16656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\System32\drivers\activhidsermini.sys [2008-06-16 57088]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2008-08-19 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-19 93968]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-08-19 3663360]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\System32\drivers\activmouse.sys [2008-06-16 4480]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\System32\drivers\ACTIVhidmini.sys [2008-06-16 57600]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-05 24064]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\System32\drivers\WSDScan.sys [2008-01-21 19968]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-11-12 81704]
--- Other Services/Drivers In Memory ---
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
ShellExecuteHooks-{763370C4-268E-4308-A60C-D8DA0342BE32} - c:\program files\Novell\ZENworks\bin\NalShell.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.yahoo.com
uInternet Settings,ProxyServer = 172.16.1.50:8080
uInternet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 17:45:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3444)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\users\User\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-15 17:49:15 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2009-02-15 06:48:59
Pre-Run: 112,387,219,456 bytes free
Post-Run: 112,237,309,952 bytes free
247 --- E O F --- 2009-02-15 05:16:56
And heres the HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:32 PM, on 13/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AceHide Free\AceHideFree.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...travelmate_4730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 172.16.1.14 linux
O1 - Hosts: 172.16.1.14 linux.stpaulswgl.vic.edu.au
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\Windows\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 10663 bytes
ComboFix 09-02-12.03 - User 2009-02-15 17:32:57.1 - NTFSx86
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.233 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-09 18:20 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-01-23 21:13 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-15 17:38 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
"FIREWALL SERVICE"="c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe" [2009-02-04 409600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"{A1A3F5FF-D67D-422F-8E01-3EDA4BA823AC}"= TCP:3024:Novell Client Trust
"TCP Query User{7C7EFFFC-5E25-41D6-B29A-70715F167D59}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= UDP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"UDP Query User{6A4E8F2A-1992-4637-A64B-E698B7D886E4}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= TCP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"{D0681CDE-8F6D-4C07-A084-C1D187A5928E}"= UDP:c:\windows\System32\wuapp.exe:wuapp.exe
"{04B5A1C4-6E74-4264-BE22-E31F883F8FE5}"= TCP:c:\windows\System32\wuapp.exe:wuapp.exe
"{FA39D614-7F55-42E3-A9F3-670C62CFA3DD}"= UDP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{1297931F-DFE3-4C44-BA07-BB7979AE313B}"= TCP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{3D3EE412-BB1E-41DC-9ADE-89F4D58BE275}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ACB21EA7-4C49-4EC9-9201-7686531AAA1D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FFB30366-14C1-483D-ADE3-316E616451EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F553B25A-37A6-4051-B12C-FFA52E6D81C3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6652D613-A8A8-4E5B-BB45-A77CFD29519D}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{D567CFB0-D771-455C-9122-677F66878659}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\System32\drivers\nipplpt.sys [2008-11-10 34592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-04 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-12-15 81424]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2008-12-15 52752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 WNTHW;WNTHW;c:\windows\System32\drivers\WNTHW.SYS [2008-11-11 9176]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\xtsvcmgr.exe [2007-08-16 16656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\System32\drivers\activhidsermini.sys [2008-06-16 57088]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2008-08-19 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-19 93968]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-08-19 3663360]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\System32\drivers\activmouse.sys [2008-06-16 4480]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\System32\drivers\ACTIVhidmini.sys [2008-06-16 57600]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-05 24064]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\System32\drivers\WSDScan.sys [2008-01-21 19968]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-11-12 81704]
--- Other Services/Drivers In Memory ---
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
ShellExecuteHooks-{763370C4-268E-4308-A60C-D8DA0342BE32} - c:\program files\Novell\ZENworks\bin\NalShell.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.yahoo.com
uInternet Settings,ProxyServer = 172.16.1.50:8080
uInternet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 17:45:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3444)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\users\User\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-15 17:49:15 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2009-02-15 06:48:59
Pre-Run: 112,387,219,456 bytes free
Post-Run: 112,237,309,952 bytes free
247 --- E O F --- 2009-02-15 05:16:56
And heres the HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:32 PM, on 13/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AceHide Free\AceHideFree.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...travelmate_4730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 172.16.1.14 linux
O1 - Hosts: 172.16.1.14 linux.stpaulswgl.vic.edu.au
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\Windows\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 10663 bytes
#6
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 15 February 2009 - 02:00 AM
My windows updater is working now but the hn.exe still comes up at the start.
#7
- Group: GeekU Moderator
- Posts: 13,179
- Joined: 15-June 06
Posted 15 February 2009 - 01:35 PM
1. Please open Notepad
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. Additonally, ComboFix will generate the following files on your desktop
7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.
8. If CF-Submit.htm is detected, ComboFix will generate this message box:
Clicking OK will cause the machine's browser to load CF-Submit.htm
9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
10. Once the file has been submitted, please DELETE both files on your desktop.
11. Post the following reports/logs into your next reply:
- Click Start , then Run
- Type notepad .exe in the Run Box.
Quote
<http://www.geekstogo.com/forum/hn-exe-t228580.html>
Collect::
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
Collect::
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. Additonally, ComboFix will generate the following files on your desktop
- A zipped file on your desktop called Submit [Date Time].zip
- And another file named - CF-Submit.htm
7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.
8. If CF-Submit.htm is detected, ComboFix will generate this message box:
Clicking OK will cause the machine's browser to load CF-Submit.htm
9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
- Click on the file to Select it.
- Submit the file by clicking "OK"
10. Once the file has been submitted, please DELETE both files on your desktop.
11. Post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log (run after ComboFix has finished its work.)
#8
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 16 February 2009 - 03:12 AM
hi, the operation worked up until the submit time thing. It did send the data to the website but the submit (time/date) did not come up. The log worked though
heres the combofix
ComboFix 09-02-12.03 - User 2009-02-16 19:44:11.2 - NTFSx86
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.213 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-16 19:40 . 2009-02-16 19:40 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-15 19:52 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-02-16 19:37 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-16 19:51 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_17.48.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-15 06:32:39 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-16 08:41:01 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
- 2009-02-15 06:40:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-16 08:52:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-15 06:42:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-15 06:42:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 06:44:51 109,878 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-16 08:36:27 109,878 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-15 06:44:51 609,146 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-16 08:36:27 609,146 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-15 05:43:22 10,002 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
+ 2009-02-16 08:34:32 10,170 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
- 2009-02-15 05:43:21 77,162 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:32 77,248 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-15 05:43:21 65,460 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:30 65,476 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-15 04:59:25 256,396 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-15 07:57:32 256,766 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp
heres the combofix
ComboFix 09-02-12.03 - User 2009-02-16 19:44:11.2 - NTFSx86
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.213 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-16 19:40 . 2009-02-16 19:40 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-15 19:52 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-02-16 19:37 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-16 19:51 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_17.48.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-15 06:32:39 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-16 08:41:01 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
- 2009-02-15 06:40:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-16 08:52:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-15 06:42:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-15 06:42:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 06:44:51 109,878 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-16 08:36:27 109,878 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-15 06:44:51 609,146 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-16 08:36:27 609,146 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-15 05:43:22 10,002 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
+ 2009-02-16 08:34:32 10,170 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
- 2009-02-15 05:43:21 77,162 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:32 77,248 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-15 05:43:21 65,460 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:30 65,476 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-15 04:59:25 256,396 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-15 07:57:32 256,766 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp
#9
- Group: GeekU Moderator
- Posts: 13,179
- Joined: 15-June 06
Posted 16 February 2009 - 11:11 AM
The log got cut off, if you could post the rest.
#10
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 17 February 2009 - 03:44 AM
ComboFix 09-02-12.03 - User 2009-02-16 19:44:11.2 - NTFSx86
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.213 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-16 19:40 . 2009-02-16 19:40 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-15 19:52 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-02-16 19:37 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-16 19:51 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_17.48.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-15 06:32:39 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-16 08:41:01 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
- 2009-02-15 06:40:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-16 08:52:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-15 06:42:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-15 06:42:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 06:44:51 109,878 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-16 08:36:27 109,878 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-15 06:44:51 609,146 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-16 08:36:27 609,146 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-15 05:43:22 10,002 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
+ 2009-02-16 08:34:32 10,170 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
- 2009-02-15 05:43:21 77,162 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:32 77,248 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-15 05:43:21 65,460 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:30 65,476 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-15 04:59:25 256,396 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-15 07:57:32 256,766 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"{A1A3F5FF-D67D-422F-8E01-3EDA4BA823AC}"= TCP:3024:Novell Client Trust
"TCP Query User{7C7EFFFC-
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.213 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-16 19:40 . 2009-02-16 19:40 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-15 19:52 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-02-16 19:37 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-16 19:51 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_17.48.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-15 06:32:39 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-16 08:41:01 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
- 2009-02-15 06:40:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-16 08:52:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-15 06:42:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-15 06:42:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 06:44:51 109,878 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-16 08:36:27 109,878 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-15 06:44:51 609,146 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-16 08:36:27 609,146 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-15 05:43:22 10,002 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
+ 2009-02-16 08:34:32 10,170 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
- 2009-02-15 05:43:21 77,162 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:32 77,248 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-15 05:43:21 65,460 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:30 65,476 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-15 04:59:25 256,396 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-15 07:57:32 256,766 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"{A1A3F5FF-D67D-422F-8E01-3EDA4BA823AC}"= TCP:3024:Novell Client Trust
"TCP Query User{7C7EFFFC-
#11
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 17 February 2009 - 03:46 AM
ComboFix 09-02-12.03 - User 2009-02-16 19:44:11.2 - NTFSx86
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.213 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-16 19:40 . 2009-02-16 19:40 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-15 19:52 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-02-16 19:37 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-16 19:51 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_17.48.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-15 06:32:39 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-16 08:41:01 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
- 2009-02-15 06:40:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-16 08:52:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-15 06:42:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-15 06:42:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 06:44:51 109,878 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-16 08:36:27 109,878 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-15 06:44:51 609,146 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-16 08:36:27 609,146 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-15 05:43:22 10,002 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
+ 2009-02-16 08:34:32 10,170 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
- 2009-02-15 05:43:21 77,162 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:32 77,248 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-15 05:43:21 65,460 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:30 65,476 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-15 04:59:25 256,396 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-15 07:57:32 256,766 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"{A1A3F5FF-D67D-422F-8E01-3EDA4BA823AC}"= TCP:3024:Novell Client Trust
"TCP Query User{7C7EFFFC-
MicrosoftŪ Windows Vista Business 6.0.6001.1.1252.1.1033.18.955.213 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.
2009-02-16 19:40 . 2009-02-16 19:40 <DIR> d-------- C:\32788R22FWJFW
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 20:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 20:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 20:50 . 2009-02-13 20:51 <DIR> d-------- c:\program files\ERUNT
2009-02-11 11:31 . 2009-02-11 11:31 <DIR> d-------- c:\program files\Xilisoft
2009-02-06 09:39 . 2009-02-06 09:39 <DIR> d-------- c:\users\User\AppData\Roaming\FileMaker
2009-02-05 19:35 . 2009-02-05 19:38 <DIR> d-------- c:\users\User\Halo
2009-01-28 12:23 . 2009-01-28 12:23 <DIR> d-------- c:\program files\Microsoft Games
2009-01-27 10:14 . 2009-02-15 19:52 <DIR> d-------- c:\users\User\Tracing
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-27 10:13 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Microsoft
2009-01-27 10:12 . 2009-01-27 10:13 <DIR> d-------- c:\program files\Windows Live
2009-01-27 10:08 . 2009-01-27 10:08 <DIR> d-------- c:\users\User\NTI-Shadow
2009-01-27 09:49 . 2009-01-27 09:49 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-23 21:13 . 2009-02-16 19:37 <DIR> d-------- C:\Desktop
2009-01-20 20:42 . 2009-01-20 20:42 <DIR> d-------- c:\users\User\Bluetooth Software
2009-01-20 20:41 . 2009-02-16 19:51 12 --a------ c:\windows\bthservsdp.dat
2009-01-20 14:24 . 2009-01-20 14:24 <DIR> d-------- c:\program files\AceHide Free
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\User\AppData\Roaming\Apple Computer
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iTunes
2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\program files\iPod
2009-01-20 14:22 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-20 14:22 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:22 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\QuickTime
2009-01-20 14:21 . 2009-01-20 14:21 <DIR> d-------- c:\program files\Bonjour
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:20 . 2009-01-20 14:22 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:20 . 2009-01-20 14:20 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:17 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Programs
2009-01-20 14:16 . 2009-02-13 21:01 <DIR> d-------- c:\users\User\Other stuff
2009-01-20 08:14 . 2009-01-20 08:14 <DIR> d-------- c:\users\User\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 05:40 --------- d-----w c:\program files\Windows Mail
2009-01-23 06:28 --------- d-----w c:\programdata\FLEXnet
2008-12-02 11:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-07 01:18 604 ---ha-w c:\program files\STLL Notifier
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-15_17.48.23.63 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-15 06:32:39 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-16 08:41:01 6,291,456 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\ERDNT\subs\SCHEMA.DAT
- 2009-02-15 06:40:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-16 08:52:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-15 06:42:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-16 08:53:52 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-15 06:42:32 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-16 08:53:51 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Cookies\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Application Data\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-15 05:38:48 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-16 08:35:39 16,384 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 05:38:48 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-16 08:35:39 32,768 --sha-w c:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-15 06:44:51 109,878 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-16 08:36:27 109,878 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-15 06:44:51 609,146 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-16 08:36:27 609,146 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-15 06:38:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-16 08:50:54 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-02-15 05:43:22 10,002 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
+ 2009-02-16 08:34:32 10,170 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434360529-384365108-3992759996-1003_UserData.bin
- 2009-02-15 05:43:21 77,162 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:32 77,248 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-15 05:43:21 65,460 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-16 08:34:30 65,476 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-15 04:59:25 256,396 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-15 07:57:32 256,766 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"zHideWin"="c:\program files\AceHide Free\AceHideFree.exe" [2002-05-17 94720]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-17 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-24 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-05 24064]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2008-07-17 1454080]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2008-08-14 66832]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2008-08-14 66832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
"NWTRAY"="NWTRAY.EXE" [2008-09-23 c:\windows\System32\nwtray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-24 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CA60B19F-CB02-4AC7-B16B-954B8B79A97D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{CD99F8F3-AFE1-401A-B0FD-97DDF7AD8990}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{79AB5636-2C4A-4FA2-83F4-23EDC8E815B6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{BA980305-BD19-461C-89E2-7EB4CC075D81}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{58CFAB9A-A56D-4E99-8E99-5A594E44245D}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{6F39F366-6291-449E-B080-1BBB3671C8EE}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{3185635D-06C9-47E0-BC51-1BEEF737A5C7}"= UDP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{F0341B82-192B-42A5-8E16-050EB84872D4}"= TCP:c:\program files\CA\eTrustITM\InoRpc.exe:eTrust ITM - RPC Service
"{BC4DA208-375F-453A-96F8-35F4646F8ECA}"= UDP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{FD33D513-0E4B-480B-A3AE-1EC7D48689A2}"= TCP:c:\program files\CA\eTrustITM\Realmon.exe:eTrust ITM - Realtime monitor
"{8DAC1041-1D81-419C-8605-7EFEE08512B9}"= UDP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{01B6EBE4-996E-4D38-8A23-51A387918288}"= TCP:c:\program files\CA\eTrustITM\Shellscn.exe:eTrust ITM - Shell Scanner
"{9DCC9001-9361-485D-9D0F-6842BC28026A}"= UDP:5353:Adobe CSI CS4
"{E6E0C778-EC6A-4F33-86C7-963353B4C438}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C78372F6-64AF-40FB-867F-6757A2E7084A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0EE24E93-38C2-43A5-83D0-92B403F6C0D9}"= UDP:3703:Adobe Version Cue CS4 Server
"{9FFAAA48-B7C3-4D92-89F0-939F60B82820}"= UDP:3704:Adobe Version Cue CS4 Server
"{62D0C256-AE79-4510-BF30-82BBA9E545B7}"= UDP:51000:Adobe Version Cue CS4 Server
"{2B926EB6-32C6-4944-9F21-40976BA07485}"= UDP:51001:Adobe Version Cue CS4 Server
"{41F3502E-3246-45D9-AD68-BCE71ED52745}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{8ACAD990-F043-4A42-92DD-DBBFA6B65758}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{457379AA-4AF3-4603-8790-E3E667D1F4E7}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{4793974F-00C8-45B3-B66C-CA41C3C4E4B3}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1B794346-54C1-49FC-9F23-EC79B358C576}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{73A1EC4E-6FD4-420B-8309-A9C430E96ABD}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"TCP Query User{DF378375-B36A-4F73-98B8-0A4275B15797}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{B8773BEF-4895-4BAE-86FF-75086A0C7413}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"{A1A3F5FF-D67D-422F-8E01-3EDA4BA823AC}"= TCP:3024:Novell Client Trust
"TCP Query User{7C7EFFFC-
#12
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 17 February 2009 - 03:47 AM
sorry i accidentally posted twice because my internet diconnected.
#13
- Group: GeekU Moderator
- Posts: 13,179
- Joined: 15-June 06
Posted 17 February 2009 - 10:43 AM
You posted the same half. I need the 2nd half of the log. There is a character limit on posts, and the log is too long. You will need to find where it left off and post the rest.
#14
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 18 February 2009 - 03:44 AM
5E25-41D6-B29A-70715F167D59}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= UDP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"UDP Query User{6A4E8F2A-1992-4637-A64B-E698B7D886E4}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= TCP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"{D0681CDE-8F6D-4C07-A084-C1D187A5928E}"= UDP:c:\windows\System32\wuapp.exe:wuapp.exe
"{04B5A1C4-6E74-4264-BE22-E31F883F8FE5}"= TCP:c:\windows\System32\wuapp.exe:wuapp.exe
"{FA39D614-7F55-42E3-A9F3-670C62CFA3DD}"= UDP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{1297931F-DFE3-4C44-BA07-BB7979AE313B}"= TCP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{3D3EE412-BB1E-41DC-9ADE-89F4D58BE275}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ACB21EA7-4C49-4EC9-9201-7686531AAA1D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FFB30366-14C1-483D-ADE3-316E616451EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F553B25A-37A6-4051-B12C-FFA52E6D81C3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6652D613-A8A8-4E5B-BB45-A77CFD29519D}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{D567CFB0-D771-455C-9122-677F66878659}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\System32\drivers\nipplpt.sys [2008-11-10 34592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-04 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-12-15 81424]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2008-12-15 52752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 WNTHW;WNTHW;c:\windows\System32\drivers\WNTHW.SYS [2008-11-11 9176]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\xtsvcmgr.exe [2007-08-16 16656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\System32\drivers\activhidsermini.sys [2008-06-16 57088]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2008-08-19 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-19 93968]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-08-19 3663360]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\System32\drivers\activmouse.sys [2008-06-16 4480]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\System32\drivers\ACTIVhidmini.sys [2008-06-16 57600]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-05 24064]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\System32\drivers\WSDScan.sys [2008-01-21 19968]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-11-12 81704]
--- Other Services/Drivers In Memory ---
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-FIREWALL SERVICE - c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.yahoo.com
uInternet Settings,ProxyServer = 172.16.1.50:8080
uInternet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 19:53:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3620)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\igfxsrvc.exe
c:\users\User\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2009-02-16 20:03:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-16 09:02:58
ComboFix2.txt 2009-02-15 06:49:16
Pre-Run: 112,762,527,744 bytes free
Post-Run: 112,710,467,584 bytes free
449 --- E O F --- 2009-02-15 05:16:56
"UDP Query User{6A4E8F2A-1992-4637-A64B-E698B7D886E4}c:\\users\\admin\\desktop\\nwprintclient\\nwprintclient\\nwprintclient.exe"= TCP:c:\users\admin\desktop\nwprintclient\nwprintclient\nwprintclient.exe:nwprintclient.exe
"{D0681CDE-8F6D-4C07-A084-C1D187A5928E}"= UDP:c:\windows\System32\wuapp.exe:wuapp.exe
"{04B5A1C4-6E74-4264-BE22-E31F883F8FE5}"= TCP:c:\windows\System32\wuapp.exe:wuapp.exe
"{FA39D614-7F55-42E3-A9F3-670C62CFA3DD}"= UDP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{1297931F-DFE3-4C44-BA07-BB7979AE313B}"= TCP:c:\windows\System32\wuauclt.exe:wuauclt.exe
"{3D3EE412-BB1E-41DC-9ADE-89F4D58BE275}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ACB21EA7-4C49-4EC9-9201-7686531AAA1D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FFB30366-14C1-483D-ADE3-316E616451EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F553B25A-37A6-4051-B12C-FFA52E6D81C3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6652D613-A8A8-4E5B-BB45-A77CFD29519D}\\\\diamond\\sys\\public\\clntrust.exe"= UDp:\\diamond\sys\public\clntrust.exe:clntrust.exe
"UDP Query User{D567CFB0-D771-455C-9122-677F66878659}\\\\diamond\\sys\\public\\clntrust.exe"= TCp:\\diamond\sys\public\clntrust.exe:clntrust.exe
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\System32\drivers\nipplpt.sys [2008-11-10 34592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-04 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-12-15 81424]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2008-12-15 52752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 WNTHW;WNTHW;c:\windows\System32\drivers\WNTHW.SYS [2008-11-11 9176]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\xtsvcmgr.exe [2007-08-16 16656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\System32\drivers\activhidsermini.sys [2008-06-16 57088]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2008-08-19 112128]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-19 93968]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [2008-08-19 3663360]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\System32\drivers\activmouse.sys [2008-06-16 4480]
S3 ACTIVhidmini;Promethean USB Board Driver;c:\windows\System32\drivers\ACTIVhidmini.sys [2008-06-16 57600]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-05 24064]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [2008-01-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\System32\drivers\WSDScan.sys [2008-01-21 19968]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-11-12 81704]
--- Other Services/Drivers In Memory ---
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-FIREWALL SERVICE - c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://au.yahoo.com
uInternet Settings,ProxyServer = 172.16.1.50:8080
uInternet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 19:53:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3620)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\igfxsrvc.exe
c:\users\User\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2009-02-16 20:03:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-16 09:02:58
ComboFix2.txt 2009-02-15 06:49:16
Pre-Run: 112,762,527,744 bytes free
Post-Run: 112,710,467,584 bytes free
449 --- E O F --- 2009-02-15 05:16:56
#15
- Group: Member
- Posts: 41
- Joined: 17-December 08
Posted 18 February 2009 - 03:46 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:32 PM, on 13/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AceHide Free\AceHideFree.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...travelmate_4730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 172.16.1.14 linux
O1 - Hosts: 172.16.1.14 linux.stpaulswgl.vic.edu.au
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\Windows\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 10663 bytes
Scan saved at 9:03:32 PM, on 13/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Windows\System32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AceHide Free\AceHideFree.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...travelmate_4730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.50:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www1.st*;www2.st*;www3.st*;www4.st*;172.16*;10.1*;mail.stpauls*;moodle.stpauls;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 172.16.1.14 linux
O1 - Hosts: 172.16.1.14 linux.stpaulswgl.vic.edu.au
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\Windows\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [zHideWin] C:\Program Files\AceHide Free\AceHideFree.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [FIREWALL SERVICE] c:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
--
End of file - 10663 bytes
Share this topic:
Related Topics:
- Time Now: May 16 2012 11:58 PM
- Follow us:
