miduong Skrevet 7. november 2008 Del Skrevet 7. november 2008 Jeg har samme problem, det med at alle i huset har internett fra nextgentel, men ikke jeg. Min standard gateway er ute istand. Men jeg driver å kjører AVG. Din veiledning for hvordan man kan løse problemet fungerer ikke, fordi pcen som har problemer med internett, har desverre jo ikke internett. Så hvordan kan jeg da få fikset internett, når jeg ikke har det? ( jeg bruker vista).Det vises at jeg har nett nederst i høyre hjørne, men det er ikke sånn blå runding ved nett-ikonet, og det trenger jeg for å få brukt nett. jeg håper jeg kan få et svar fort, for dette har foregått lenge, men har ikke rapportert før idag, men kan problemet være virus? Eller har du en annen måte som kan fikse dette problemet? Lenke til kommentar
norbat Skrevet 7. november 2008 Forfatter Del Skrevet 7. november 2008 miduong: Det kan være forårsaket av 'virus', men manglende nettilgang kan skyldes andre årsaker også. Det jeg ville ha gjort er å forsøke en systemgjenoppretting til en dato der du vet alt fungerte ok Start->alle programmer->tilbehør->systemverktøy->systemgjenoppretting. Velg en dato før problemet oppsto. Lenke til kommentar
AlwAysAnA Skrevet 8. november 2008 Del Skrevet 8. november 2008 Hei! Håper noen kan hjelpe med dette; Malwarebytes' Anti-Malware 1.30 Database versjon: 1375 Windows 5.1.2600 Service Pack 2 08.11.2008 22:32:52 mbam-log-2008-11-08 (22-32-52).txt Skanntype: Rask Skann Objekter skannet: 54734 Tid tilbakelagt: 5 minute(s), 58 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 19 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 15 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{befa8c65-9e76-4363-b45d-54f8e0198111} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjasmcy (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{befa8c65-9e76-4363-b45d-54f8e0198111} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001d9e2 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004c5a4 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b5fa4 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00f30c5 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Combifix ComboFix 08-11-07.01 - Robin 2008-11-08 22:37:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1465 [GMT 1:00] Running from: c:\documents and settings\Robin\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\agagifvk.ini c:\windows\system32\gjkmoUtv.ini c:\windows\system32\gjkmoUtv.ini2 c:\windows\system32\jqxfaqhs.ini c:\windows\system32\olasuavc.ini c:\windows\system32\qmcmhyso.ini c:\windows\system32\uuaapsyr.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_smtpdrv ((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 ))))))))))))))))))))))))))))))) . 2008-11-08 22:24 . 2008-11-08 22:24 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-08 22:24 . 2008-11-08 22:24 <DIR> d-------- c:\documents and settings\Robin\Programdata\Malwarebytes 2008-11-08 22:24 . 2008-11-08 22:24 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-08 22:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-08 22:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys Lenke til kommentar
norbat Skrevet 8. november 2008 Forfatter Del Skrevet 8. november 2008 AlwAysAnA: Det mangler en del av combofix-loggen. Det beste er at du oppretter en egen tråd der du legger loggene. Klikk Nytt Emne-knappen for å lage egen tråd. Lenke til kommentar
miduong Skrevet 9. november 2008 Del Skrevet 9. november 2008 Jeg har samme problem. Men jeg får ikke fullført veiledningen din, fordi pcen med nettproblemer har ikke nett. Jeg har scanna pcen med AVG, og fant ingen virus. Så hva kan være problemet til at jeg er den eneste i huset uten internett, er det en måte jeg kan fikse dt på(får ikke nett hos noen venner heller, men venna mine får nett hos seg selv, og hjemme hos meg), uten å trenge å benytte internett, for internettet på pcen min funker ikke, PS: jeg texter med en annen pc i huset, som har nett. ( Jeg har internett fra nextgentel og bruker vista 32-biters - Home Premium.Håper på et svar så fort som mulig, har hatt problemet en stund nåå! Lenke til kommentar
norbat Skrevet 9. november 2008 Forfatter Del Skrevet 9. november 2008 Har du forsøkt å kjøre en systemgjenoppretting til en dato før problemet oppsto? Hvis ikke, gjør du det. Lenke til kommentar
Plinge93 Skrevet 10. november 2008 Del Skrevet 10. november 2008 Går det an å gjennomføre denne veiledningen i sikkerhetsmodus også? Lenke til kommentar
r2d290 Skrevet 11. november 2008 Del Skrevet 11. november 2008 Vel, du kan hvertfall kjøre combofix i sikkermodus hvis det ikke fungerer i vanlig modus. Men HijackThis foretrekkes i normalmodus. Litt usikker på hvordan antispyware-programmet og ccleaner fungerer i sikkermodus. Lenke til kommentar
sapara Skrevet 11. november 2008 Del Skrevet 11. november 2008 Mbam Klikk for å se/fjerne innholdet nedenfor <Malwarebytes' Anti-Malware 1.30Database versjon: 1383 Windows 5.1.2600 Service Pack 2 11.11.2008 18:10:00 mbam-log-2008-11-11 (18-10-00).txt Skanntype: Rask Skann Objekter skannet: 53288 Tid tilbakelagt: 5 minute(s), 4 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 8 Registerverdier infisert: 5 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\__c0042440.dat (Trojan.Zlob) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74f7db6b-86e9-4b91-9d9f-b0d954d7aa5b} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0042440 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f276033.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully. Filer infisert: C:\WINDOWS\system32\__c0042440.dat (Trojan.Vundo) -> Delete on reboot. > combo: Klikk for å se/fjerne innholdet nedenfor <ComboFix 08-11-10.01 - Andreas Langnes 2008-11-11 18:50:16.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1501 [GMT 1:00] Running from: c:\documents and settings\\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . The following files were disabled during the run: c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-11 18:03 . 2008-11-11 18:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-11 18:03 . 2008-11-11 18:03 <DIR> d-------- c:\documents and settings\\Application Data\Malwarebytes 2008-11-11 18:03 . 2008-11-11 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-11 18:03 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-11 18:03 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-10-31 18:35 . 2008-10-31 18:35 <DIR> d-------- c:\program files\Common Files\NSV 2008-10-31 18:32 . 2008-10-31 18:33 <DIR> d-------- c:\program files\Winamp Remote 2008-10-31 18:32 . 2008-10-31 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks 2008-10-22 22:09 . 2008-10-22 22:09 360,960 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 23:09 --------- d-----w c:\documents and settings\\Application Data\SiteAdvisor 2008-11-05 14:52 --------- d-----w c:\documents and settings\s\Application Data\Azureus 2008-10-31 17:33 --------- d-----w c:\program files\Winamp 2008-10-31 17:27 --------- d-----w c:\program files\LimeWire 2008-10-22 21:09 360,960 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-11 01:01 --------- d-----w c:\program files\Microsoft Works 2008-09-07 16:23 3,802 ----a-w c:\documents and settings\\Application Data\wklnhst.dat 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 09:55 2,142,720 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:18 2,020,864 ----a-w c:\windows\system32\ntkrnlpa.exe . ------- Sigcheck ------- 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-10 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB889527$\tcpip.sys 2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$NtUninstallKB917953$\tcpip.sys 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys 2008-10-22 22:09 360960 c86970f63daffb97d8221a0136df3224 c:\windows\system32\dllcache\TCPIP.SYS 2008-10-22 22:09 360960 c86970f63daffb97d8221a0136df3224 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-04-02_23.13.12,57 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-12 23:28:55 765,952 ----a-w c:\windows\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\updspapi.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll + 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll + 2008-03-19 09:40:27 1,845,888 ----a-w c:\windows\$hf_mig$\KB941693\SP2QFE\win32k.sys + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB941693\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB941693\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB941693\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB941693\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB941693\update\updspapi.dll + 2008-02-20 05:19:35 147,968 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsapi.dll + 2008-02-20 18:49:36 45,568 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB945553\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB945553\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB945553\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB945553\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB945553\update\updspapi.dll + 2008-05-02 13:30:08 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll + 2008-05-02 14:01:49 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll + 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll + 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll + 2008-03-01 13:03:00 124,928 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll + 2008-03-01 13:03:00 347,136 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll + 2008-03-01 13:03:00 214,528 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll + 2008-03-01 13:03:00 132,608 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll + 2008-03-01 13:03:00 63,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll + 2008-02-22 09:39:56 70,656 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe + 2008-03-01 13:03:00 153,088 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll + 2008-03-01 13:03:00 230,400 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll + 2008-02-15 05:44:25 161,792 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat + 2008-03-01 13:03:00 383,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll + 2008-03-01 13:03:00 388,608 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll + 2008-03-01 13:03:01 6,067,712 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll + 2008-03-01 13:03:01 44,544 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll + 2008-03-01 13:03:01 267,776 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll + 2008-02-22 09:39:56 13,824 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe + 2008-02-22 09:40:22 625,664 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe + 2008-03-01 13:03:01 27,648 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll + 2008-03-01 13:03:01 459,264 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll + 2008-03-01 13:03:01 52,224 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll + 2008-03-01 13:03:01 3,593,216 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll + 2008-03-01 13:03:01 478,208 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll + 2008-03-01 13:03:01 193,024 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll + 2008-03-01 13:03:01 671,232 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll + 2008-03-01 13:03:01 102,912 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll + 2008-03-01 13:03:01 44,544 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll + 2008-03-01 13:03:02 105,984 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\url.dll + 2008-03-01 13:03:02 1,162,752 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll + 2008-03-01 13:03:02 233,472 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll + 2008-03-01 13:03:02 827,392 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB947864-IE7\spmsg.dll + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB947864-IE7\spuninst.exe + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\updspapi.dll + 2008-02-20 06:52:43 282,624 ----a-w c:\windows\$hf_mig$\KB948590\SP2QFE\gdi32.dll + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB948590\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB948590\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB948590\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB948590\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB948590\update\updspapi.dll + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB948881\spmsg.dll + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB948881\spuninst.exe + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB948881\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB948881\update\update.exe + 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB948881\update\updspapi.dll + 2008-01-23 04:56:21 554,008 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll + 2007-12-10 12:41:11 518,944 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll + 2007-12-10 12:41:11 326,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll + 2007-12-10 12:41:11 1,516,568 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll + 2007-12-10 12:41:11 355,112 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll + 2008-03-27 07:39:13 151,583 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll + 2007-12-10 12:41:12 60,192 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll + 2007-12-10 12:41:12 248,608 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll + 2007-12-10 12:41:12 219,936 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll + 2007-12-10 12:41:12 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll + 2007-12-10 12:41:13 432,928 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll + 2007-12-10 12:41:13 322,336 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll + 2007-12-10 12:41:13 559,904 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll + 2007-12-10 12:41:13 264,992 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll + 2007-12-10 12:41:13 838,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll + 2007-12-10 12:41:14 621,344 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll + 2007-12-10 12:41:14 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB950749\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB950749\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB950749\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll + 2008-04-23 03:35:35 124,928 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll + 2008-04-23 03:35:35 347,136 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll + 2008-04-23 03:35:35 214,528 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll + 2008-04-23 03:35:35 132,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll + 2008-04-23 03:35:35 63,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll + 2008-04-22 08:02:19 70,656 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe + 2008-04-23 03:35:35 153,088 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll + 2008-04-23 03:35:35 230,400 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll + 2008-04-20 05:07:38 161,792 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat + 2008-04-23 03:35:35 383,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll + 2008-04-23 03:35:35 388,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll + 2008-04-23 03:35:36 6,068,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll + 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll + 2008-04-23 03:35:36 267,776 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll + 2008-04-22 08:02:19 13,824 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe + 2008-04-22 08:02:46 625,664 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe + 2008-04-23 03:35:36 27,648 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll + 2008-04-23 03:35:36 459,264 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll + 2008-04-23 03:35:36 52,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll + 2008-04-23 03:35:36 3,593,728 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll + 2008-04-23 03:35:36 478,208 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll + 2008-04-23 03:35:36 193,024 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll + 2008-04-23 03:35:36 671,232 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll + 2008-04-23 03:35:36 102,912 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll + 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll + 2008-04-23 03:35:36 105,984 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\url.dll + 2008-04-23 03:35:36 1,162,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll + 2008-04-23 03:35:36 233,472 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll + 2008-04-23 03:35:36 827,392 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spmsg.dll + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spuninst.exe + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\updspapi.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950760\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950760\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll + 2008-05-08 12:14:51 203,008 ----a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys + 2008-05-08 14:02:52 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys + 2008-05-08 13:58:17 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950762\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950762\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950762\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll + 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll + 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll + 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll + 2008-04-11 22:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll + 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll + 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe + 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe + 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll + 2008-06-13 09:52:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys + 2008-06-13 11:05:51 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys + 2008-06-13 11:27:43 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376-v2\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376-v2\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll + 2008-04-14 11:00:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP2QFE\bthport.sys + 2008-04-14 12:30:49 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3GDR\bthport.sys + 2008-04-14 12:36:35 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3QFE\bthport.sys + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376\update\updspapi.dll + 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll + 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys + 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll + 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll + 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys + 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys + 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll + 2008-05-01 15:04:00 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll + 2008-05-01 14:33:02 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll + 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll + 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll + 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll + 2008-06-23 16:01:38 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll + 2008-06-23 16:01:38 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll + 2008-06-23 16:01:39 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll + 2008-06-23 16:01:39 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll + 2008-06-23 16:01:39 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll + 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe + 2008-06-23 16:01:39 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll + 2008-06-23 16:01:39 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll + 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat + 2008-06-23 16:01:40 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll + 2008-06-23 16:01:40 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll + 2008-06-23 16:01:43 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll + 2008-06-23 16:01:43 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll + 2008-06-23 16:01:44 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll + 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe + 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe + 2008-06-23 16:01:46 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll + 2008-06-23 16:01:46 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll + 2008-06-23 16:01:46 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll + 2008-06-23 16:01:49 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll + 2008-06-23 16:01:49 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll + 2008-06-23 16:01:49 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll + 2008-06-23 16:01:50 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll + 2008-06-23 16:01:50 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll + 2008-06-23 16:01:50 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll + 2008-06-23 16:01:50 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll + 2008-06-23 16:01:51 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll + 2008-06-23 16:01:51 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll + 2008-06-23 16:01:51 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll + 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll + 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll + 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll + 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll + 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll + 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe + 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll + 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll + 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat + 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll + 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll + 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll + 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll + 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll + 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe + 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe + 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll + 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll + 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll + 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll + 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll + 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll + 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll + 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll + 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll + 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll + 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll + 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll + 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll + 2004-12-06 22:53:51 297,472 -c----w c:\windows\$NtUninstallKB932823-v3$\msctf.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB941693$\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB941693$\spuninst\updspapi.dll + 2007-03-08 13:47:48 1,843,584 -c----w c:\windows\$NtUninstallKB941693$\win32k.sys + 2006-06-26 17:37:10 148,480 -c----w c:\windows\$NtUninstallKB945553$\dnsapi.dll + 2004-08-10 12:00:00 45,568 -c----w c:\windows\$NtUninstallKB945553$\dnsrslvr.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB945553$\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB945553$\spuninst\updspapi.dll + 2004-08-03 23:06:34 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB946648$\spuninst\updspapi.dll + 2007-06-19 13:31:19 282,112 -c----w c:\windows\$NtUninstallKB948590$\gdi32.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB948590$\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB948590$\spuninst\updspapi.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\$NtUninstallKB948881$\spuninst\spuninst.exe + 2007-03-06 01:23:47 371,424 -c----w c:\windows\$NtUninstallKB948881$\spuninst\updspapi.dll + 2004-08-10 12:00:00 561,179 -c----w c:\windows\$NtUninstallKB950749$\dao360.dll + 2004-08-10 12:00:00 512,029 -c----w c:\windows\$NtUninstallKB950749$\msexch40.dll + 2004-08-10 12:00:00 319,517 -c----w c:\windows\$NtUninstallKB950749$\msexcl40.dll + 2004-08-10 12:00:00 1,507,356 -c----w c:\windows\$NtUninstallKB950749$\msjet40.dll + 2004-08-10 12:00:00 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetol1.dll + 2004-08-10 12:00:00 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetoledb40.dll + 2004-08-10 12:00:00 151,583 -c----w c:\windows\$NtUninstallKB950749$\msjint40.dll + 2004-08-10 12:00:00 53,279 -c----w c:\windows\$NtUninstallKB950749$\msjter40.dll + 2004-08-10 12:00:00 241,693 -c----w c:\windows\$NtUninstallKB950749$\msjtes40.dll + 2004-08-10 12:00:00 213,023 -c----w c:\windows\$NtUninstallKB950749$\msltus40.dll + 2004-08-10 12:00:00 348,189 -c----w c:\windows\$NtUninstallKB950749$\mspbde40.dll + 2004-08-10 12:00:00 421,919 -c----w c:\windows\$NtUninstallKB950749$\msrd2x40.dll + 2004-08-10 12:00:00 315,423 -c----w c:\windows\$NtUninstallKB950749$\msrd3x40.dll + 2004-08-10 12:00:00 552,989 -c----w c:\windows\$NtUninstallKB950749$\msrepl40.dll + 2004-08-10 12:00:00 258,077 -c----w c:\windows\$NtUninstallKB950749$\mstext40.dll + 2004-08-10 12:00:00 831,519 -c----w c:\windows\$NtUninstallKB950749$\mswdat10.dll + 2004-08-10 12:00:00 614,429 -c----w c:\windows\$NtUninstallKB950749$\mswstr10.dll + 2004-08-10 12:00:00 348,189 -c----w c:\windows\$NtUninstallKB950749$\msxbde40.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB950749$\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB950749$\spuninst\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950760$\spuninst\updspapi.dll + 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950762$\spuninst\updspapi.dll + 2005-07-26 04:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe + 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll + 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\updspapi.dll + 2007-11-13 11:31:11 60,416 -c----w c:\windows\$NtUninstallKB951072-v2$\tzchange.exe + 2008-04-14 11:01:02 272,128 -c----w c:\windows\$NtUninstallKB951376-v2$\bthport.sys + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\updspapi.dll + 2004-08-03 23:10:38 274,304 -c----w c:\windows\$NtUninstallKB951376$\bthport.sys + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB951376$\spuninst\updspapi.dll + 2007-10-29 22:35:13 1,287,680 -c----w c:\windows\$NtUninstallKB951698$\quartz.dll + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951698$\spuninst\updspapi.dll + 2006-08-16 11:58:05 100,352 -c----w c:\windows\$NtUninstallKB951748$\6to4svc.dll + 2004-08-10 12:00:00 138,496 -c----w c:\windows\$NtUninstallKB951748$\afd.sys + 2008-02-20 05:32:43 148,992 -c----w c:\windows\$NtUninstallKB951748$\dnsapi.dll + 2004-08-10 12:00:00 245,248 -c----w c:\windows\$NtUninstallKB951748$\mswsock.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe + 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB951748$\spuninst\updspapi.dll + 2007-10-30 16:53:32 360,832 -c----w c:\windows\$NtUninstallKB951748$\tcpip.sys + 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtUninstallKB951748$\tcpip6.sys + 2004-08-10 12:00:00 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll + 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll + 2005-06-29 01:46:00 74,240 -c----w c:\windows\$NtUninstallKB952954$\mscms.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB952954$\spuninst\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe + 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB953839$\spuninst\updspapi.dll + 2007-07-27 08:41:48 231,288 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe + 2007-07-27 08:41:48 382,840 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll + 2006-10-18 20:47:20 295,936 -c----w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll + 2006-06-09 08:36:24 282,624 ----a-w c:\windows\Downloaded Program Files\dwa7W.dll - 2004-10-08 14:01:22 372,736 ----a-w c:\windows\Downloaded Program Files\MsnPUpld.dll + 2006-06-20 13:44:04 379,704 ----a-w c:\windows\Downloaded Program Files\MsnPUpld.dll + 2007-01-09 06:14:50 110,592 ----a-w c:\windows\Downloaded Program Files\PURnb-no.dll + 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys - 2007-02-28 09:53:04 2,137,600 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2007-02-28 09:15:56 2,059,392 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2007-02-28 09:15:59 2,017,280 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe - 2007-02-28 09:55:14 2,182,144 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe - 2000-08-31 06:00:00 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE + 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe + 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe + 2004-08-10 12:00:00 2,589 ----a-w c:\windows\I386\RUNW32.BAT + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-13 16:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll + 2007-12-07 02:21:45 124,928 -c----w c:\windows\ie7updates\KB947864-IE7\advpack.dll + 2007-12-19 23:01:06 347,136 -c----w c:\windows\ie7updates\KB947864-IE7\dxtmsft.dll + 2007-12-07 02:21:45 214,528 -c----w c:\windows\ie7updates\KB947864-IE7\dxtrans.dll + 2007-12-07 02:21:45 133,120 -c----w c:\windows\ie7updates\KB947864-IE7\extmgr.dll + 2007-12-07 02:21:45 63,488 -c----w c:\windows\ie7updates\KB947864-IE7\icardie.dll + 2007-12-06 11:00:57 70,656 -c----w c:\windows\ie7updates\KB947864-IE7\ie4uinit.exe + 2007-12-07 02:21:45 153,088 -c----w c:\windows\ie7updates\KB947864-IE7\ieakeng.dll + 2007-12-07 02:21:45 230,400 -c----w c:\windows\ie7updates\KB947864-IE7\ieaksie.dll + 2007-12-06 04:59:51 161,792 -c----w c:\windows\ie7updates\KB947864-IE7\ieakui.dll + 2007-12-07 02:21:45 383,488 -c----w c:\windows\ie7updates\KB947864-IE7\ieapfltr.dll + 2007-12-07 02:21:45 384,512 -c----w c:\windows\ie7updates\KB947864-IE7\iedkcs32.dll + 2007-12-07 02:21:46 6,066,176 -c----w c:\windows\ie7updates\KB947864-IE7\ieframe.dll + 2007-12-07 02:21:46 44,544 -c----w c:\windows\ie7updates\KB947864-IE7\iernonce.dll + 2007-12-07 02:21:46 267,776 -c----w c:\windows\ie7updates\KB947864-IE7\iertutil.dll + 2007-12-06 11:00:58 13,824 -c----w c:\windows\ie7updates\KB947864-IE7\ieudinit.exe + 2007-12-06 11:01:25 625,664 -c----w c:\windows\ie7updates\KB947864-IE7\iexplore.exe + 2007-12-07 02:21:47 27,648 -c----w c:\windows\ie7updates\KB947864-IE7\jsproxy.dll + 2007-12-07 02:21:47 459,264 -c----w c:\windows\ie7updates\KB947864-IE7\msfeeds.dll + 2007-12-07 02:21:47 52,224 -c----w c:\windows\ie7updates\KB947864-IE7\msfeedsbs.dll + 2007-12-08 08:51:48 3,592,192 -c----w c:\windows\ie7updates\KB947864-IE7\mshtml.dll + 2007-12-07 02:21:47 478,208 -c----w c:\windows\ie7updates\KB947864-IE7\mshtmled.dll + 2007-12-07 02:21:48 193,024 -c----w c:\windows\ie7updates\KB947864-IE7\msrating.dll + 2007-12-07 02:21:48 671,232 -c----w c:\windows\ie7updates\KB947864-IE7\mstime.dll + 2007-12-07 02:21:48 102,912 -c----w c:\windows\ie7updates\KB947864-IE7\occache.dll + 2008-01-11 05:53:32 44,544 -c----w c:\windows\ie7updates\KB947864-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB947864-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB947864-IE7\spuninst\updspapi.dll + 2007-12-07 02:21:48 105,984 -c----w c:\windows\ie7updates\KB947864-IE7\url.dll + 2007-12-07 02:21:48 1,159,680 -c----w c:\windows\ie7updates\KB947864-IE7\urlmon.dll + 2007-12-07 02:21:48 233,472 -c----w c:\windows\ie7updates\KB947864-IE7\webcheck.dll + 2007-12-07 02:21:48 824,832 -c----w c:\windows\ie7updates\KB947864-IE7\wininet.dll + 2008-03-01 13:06:20 124,928 -c----w c:\windows\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 13:06:21 347,136 -c----w c:\windows\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 13:06:21 214,528 -c----w c:\windows\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 13:06:21 133,120 -c----w c:\windows\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 13:06:21 63,488 -c----w c:\windows\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:55:23 70,656 -c----w c:\windows\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 13:06:21 153,088 -c----w c:\windows\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 13:06:21 230,400 -c----w c:\windows\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w c:\windows\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 13:06:22 383,488 -c----w c:\windows\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 13:06:22 384,512 -c----w c:\windows\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 13:06:24 44,544 -c----w c:\windows\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 13:06:25 267,776 -c----w c:\windows\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w c:\windows\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:55:46 625,664 -c----w c:\windows\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 13:06:25 27,648 -c----w c:\windows\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 13:06:26 459,264 -c----w c:\windows\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 13:06:26 52,224 -c----w c:\windows\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 16:36:30 3,591,680 -c----w c:\windows\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 13:06:28 478,208 -c----w c:\windows\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 13:06:28 193,024 -c----w c:\windows\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 13:06:29 671,232 -c----w c:\windows\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 13:06:29 102,912 -c----w c:\windows\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 13:06:29 44,544 -c----w c:\windows\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 13:06:29 105,984 -c----w c:\windows\ie7updates\KB950759-IE7\url.dll + 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 13:06:30 233,472 -c----w c:\windows\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 13:06:31 826,368 -c----w c:\windows\ie7updates\KB950759-IE7\wininet.dll + 2008-04-23 04:16:28 124,928 -c----w c:\windows\ie7updates\KB953838-IE7\advpack.dll + 2008-04-23 04:16:28 347,136 -c----w c:\windows\ie7updates\KB953838-IE7\dxtmsft.dll + 2008-04-23 04:16:28 214,528 -c----w c:\windows\ie7updates\KB953838-IE7\dxtrans.dll + 2008-04-23 04:16:28 133,120 -c----w c:\windows\ie7updates\KB953838-IE7\extmgr.dll + 2008-04-23 04:16:28 63,488 -c----w c:\windows\ie7updates\KB953838-IE7\icardie.dll + 2008-04-22 07:39:58 70,656 -c----w c:\windows\ie7updates\KB953838-IE7\ie4uinit.exe + 2008-04-23 04:16:28 153,088 -c----w c:\windows\ie7updates\KB953838-IE7\ieakeng.dll + 2008-04-23 04:16:28 230,400 -c----w c:\windows\ie7updates\KB953838-IE7\ieaksie.dll + 2008-04-20 05:07:51 161,792 -c----w c:\windows\ie7updates\KB953838-IE7\ieakui.dll + 2008-04-23 04:16:28 383,488 -c----w c:\windows\ie7updates\KB953838-IE7\ieapfltr.dll + 2008-04-23 04:16:28 384,512 -c----w c:\windows\ie7updates\KB953838-IE7\iedkcs32.dll + 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\ie7updates\KB953838-IE7\ieframe.dll + 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\iernonce.dll + 2008-04-23 04:16:28 267,776 -c----w c:\windows\ie7updates\KB953838-IE7\iertutil.dll + 2008-04-22 07:39:58 13,824 -c----w c:\windows\ie7updates\KB953838-IE7\ieudinit.exe + 2008-04-22 07:40:18 625,664 -c----w c:\windows\ie7updates\KB953838-IE7\iexplore.exe + 2008-04-23 04:16:28 27,648 -c----w c:\windows\ie7updates\KB953838-IE7\jsproxy.dll + 2008-04-23 04:16:28 459,264 -c----w c:\windows\ie7updates\KB953838-IE7\msfeeds.dll + 2008-04-23 04:16:28 52,224 -c----w c:\windows\ie7updates\KB953838-IE7\msfeedsbs.dll + 2008-04-23 20:16:30 3,591,680 -c----w c:\windows\ie7updates\KB953838-IE7\mshtml.dll + 2008-04-23 04:16:28 478,208 -c----w c:\windows\ie7updates\KB953838-IE7\mshtmled.dll + 2008-04-23 04:16:28 193,024 -c----w c:\windows\ie7updates\KB953838-IE7\msrating.dll + 2008-04-23 04:16:28 671,232 -c----w c:\windows\ie7updates\KB953838-IE7\mstime.dll + 2008-04-23 04:16:28 102,912 -c----w c:\windows\ie7updates\KB953838-IE7\occache.dll + 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\updspapi.dll + 2008-04-23 04:16:28 105,984 -c----w c:\windows\ie7updates\KB953838-IE7\url.dll + 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\ie7updates\KB953838-IE7\urlmon.dll + 2008-04-23 04:16:29 233,472 -c----w c:\windows\ie7updates\KB953838-IE7\webcheck.dll + 2008-04-23 04:16:29 826,368 -c----w c:\windows\ie7updates\KB953838-IE7\wininet.dll + 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll + 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll + 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll + 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll + 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll + 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe + 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll + 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll + 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll + 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll + 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll + 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll + 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll + 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll + 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe + 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe + 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll + 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll + 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll + 2008-06-24 08:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll + 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll + 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll + 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll + 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll + 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll + 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll + 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll + 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll + 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll + 2007-03-22 17:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL + 2007-03-22 17:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL + 2007-04-19 11:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL + 2007-05-31 11:41:06 10,352,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE + 2007-04-19 12:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL + 2007-04-19 11:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL + 2007-04-19 11:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL + 2007-06-18 15:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\MSO.DLL + 2007-05-31 11:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL + 2007-04-19 11:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL + 2007-05-31 11:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE + 2007-04-19 11:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL + 2007-04-19 11:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL + 2007-05-31 11:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE + 2007-03-22 17:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL + 2007-03-22 17:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\RM.DLL + 2007-03-22 17:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL + 2007-05-09 15:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL + 2007-05-31 11:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\4140211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE + 2008-06-25 20:26:55 86,016 ----a-r c:\windows\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe - 2008-04-02 19:53:01 12,288 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-10-15 23:30:20 12,288 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-04-02 19:53:01 135,168 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-10-15 23:30:19 135,168 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-04-02 19:53:01 11,264 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-10-15 23:30:20 11,264 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-04-02 19:53:01 27,136 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-10-15 23:30:20 27,136 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-04-02 19:53:01 4,096 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-10-15 23:30:20 4,096 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-04-02 19:53:01 794,624 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-10-15 23:30:20 794,624 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-04-02 19:53:01 249,856 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-10-15 23:30:20 249,856 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-04-02 19:53:01 23,040 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-10-15 23:30:20 23,040 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-04-02 19:53:01 286,720 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-10-15 23:30:19 286,720 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-04-02 19:53:01 409,600 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-10-15 23:30:19 409,600 ----a-r c:\windows\Installer\{91120414-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-06-25 20:27:40 102,400 ----a-r c:\windows\Installer\{9F70BF98-003C-491D-81FC-FF9792206AF0}\iTunesIco.exe + 2008-04-03 15:17:51 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1044-7B44-A81200000003}\SC_Reader.exe - 2007-10-05 14:56:18 27,136 ----a-r c:\windows\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe + 2008-06-25 20:26:00 27,136 ----a-r c:\windows\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe - 2006-10-24 06:13:18 184,320 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_47C57659B591_4F10_9DA6_CEA7853ADA20.exe + 2008-09-11 01:01:18 184,320 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_47C57659B591_4F10_9DA6_CEA7853ADA20.exe - 2006-10-24 06:13:18 65,536 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_4CDE699FD2C6_4357_AE72_72D7823E9DAE.exe + 2008-09-11 01:01:18 65,536 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_4CDE699FD2C6_4357_AE72_72D7823E9DAE.exe - 2006-10-24 06:13:18 65,536 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_66BA2399D173_4BBB_A8A6_40135A68B620.exe + 2008-09-11 01:01:18 65,536 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_66BA2399D173_4BBB_A8A6_40135A68B620.exe - 2006-10-24 06:13:18 65,536 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_CD5E6EF8C4F3_42A8_A34D_5C4B9C101A6E.exe + 2008-09-11 01:01:18 65,536 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\_CD5E6EF8C4F3_42A8_A34D_5C4B9C101A6E.exe - 2006-10-24 06:13:18 17,534 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\gtngstrtd.exe + 2008-09-11 01:01:18 17,534 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\gtngstrtd.exe - 2006-10-24 06:13:18 4,710 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\Win2Kico.exe + 2008-09-11 01:01:18 4,710 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\Win2Kico.exe - 2006-10-24 06:13:18 4,710 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\WSBico.exe + 2008-09-11 01:01:18 4,710 ----a-r c:\windows\Installer\{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}\WSBico.exe + 2008-06-22 19:12:51 2,093 ----a-w c:\windows\mozver.dat - 2000-08-31 06:00:00 28,160 ----a-w c:\windows\Nircmd.exe + 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe + 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe + 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe + 2004-08-10 12:00:00 2,000 ----a-w c:\windows\system\KEYBOARD.DRV + 2004-08-10 12:00:00 2,032 ----a-w c:\windows\system\MOUSE.DRV + 2004-08-10 12:00:00 1,744 ----a-w c:\windows\system\SOUND.DRV + 2004-08-10 12:00:00 2,176 ----a-w c:\windows\system\VGA.DRV - 2006-08-16 11:58:05 100,352 ----a-w c:\windows\system32\6to4svc.dll + 2006-08-16 12:08:32 100,352 ----a-w c:\windows\system32\6to4svc.dll - 2007-12-07 02:21:45 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll - 2007-07-30 17:19:20 92,504 ----a-w c:\windows\system32\cdm.dll + 2008-07-18 20:10:48 94,920 ----a-w c:\windows\system32\cdm.dll + 2004-08-10 12:00:00 1,788 ----a-w c:\windows\system32\Dcache.bin - 2006-08-16 11:58:05 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll + 2006-08-16 12:08:32 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll - 2007-12-07 02:21:45 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2004-08-10 12:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys + 2008-08-14 09:48:52 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys + 2008-06-13 13:10:50 272,128 -c----w c:\windows\system32\dllcache\bthport.sys - 2007-07-30 17:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2004-08-10 12:00:00 561,179 -c--a-w c:\windows\system32\dllcache\dao360.dll + 2008-03-25 04:50:25 554,008 -c--a-w c:\windows\system32\dllcache\dao360.dll - 2006-06-26 17:37:10 148,480 -c--a-w c:\windows\system32\dllcache\dnsapi.dll + 2008-06-20 17:36:11 147,968 -c--a-w c:\windows\system32\dllcache\dnsapi.dll - 2004-08-10 12:00:00 45,568 -c--a-w c:\windows\system32\dllcache\dnsrslvr.dll + 2008-02-20 05:32:43 45,568 -c--a-w c:\windows\system32\dllcache\dnsrslvr.dll + 2004-08-03 21:07:58 2,944 -c--a-w c:\windows\system32\dllcache\drmkaud.sys - 2007-12-19 23:01:06 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll + 2008-08-26 07:24:28 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll - 2007-12-07 02:21:45 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll + 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll - 2005-07-26 04:39:45 243,200 -c--a-w c:\windows\system32\dllcache\es.dll + 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll - 2007-12-07 02:21:45 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll + 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll - 2007-06-19 13:31:19 282,112 -c--a-w c:\windows\system32\dllcache\gdi32.dll + 2008-02-20 06:51:05 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll - 2007-12-07 02:21:45 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2007-12-06 11:00:57 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2007-12-07 02:21:45 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2007-12-07 02:21:45 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2007-12-06 04:59:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll + 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll - 2007-12-07 02:21:45 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2007-12-07 02:21:45 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2007-12-07 02:21:46 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll - 2007-12-07 02:21:46 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2007-12-07 02:21:46 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2007-12-06 11:00:58 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2007-12-06 11:01:25 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe - 2007-08-21 06:15:44 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll + 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll - 2007-12-07 02:21:47 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll + 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll + 2004-08-10 12:00:00 2,000 -c--a-w c:\windows\system32\dllcache\keyboard.drv + 2004-08-10 12:00:00 2,560 -c--a-w c:\windows\system32\dllcache\lz32.dll + 2004-08-10 12:00:00 2,032 -c--a-w c:\windows\system32\dllcache\mouse.drv - 2004-08-10 12:00:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll + 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll - 2005-06-29 01:46:00 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll + 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll - 2004-12-06 22:53:51 297,472 -c--a-w c:\windows\system32\dllcache\msctf.dll + 2008-02-26 11:48:44 297,984 -c--a-w c:\windows\system32\dllcache\msctf.dll - 2004-08-10 12:00:00 512,029 -c--a-w c:\windows\system32\dllcache\msexch40.dll + 2008-03-25 04:50:28 518,944 -c--a-w c:\windows\system32\dllcache\msexch40.dll - 2004-08-10 12:00:00 319,517 -c--a-w c:\windows\system32\dllcache\msexcl40.dll + 2008-03-25 04:50:30 326,432 -c--a-w c:\windows\system32\dllcache\msexcl40.dll - 2007-12-07 02:21:47 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2007-12-07 02:21:47 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2007-12-08 08:51:48 3,592,192 -c----w c:\windows\system32\dllcache\mshtml.dll + 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll - 2007-12-07 02:21:47 478,208 -c----w c:\windows\system32\dllcache\mshtmled.dll + 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll - 2004-08-10 12:00:00 1,507,356 -c--a-w c:\windows\system32\dllcache\msjet40.dll + 2008-03-25 04:50:34 1,516,568 -c--a-w c:\windows\system32\dllcache\msjet40.dll - 2004-08-10 12:00:00 358,976 -c--a-w c:\windows\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 -c--a-w c:\windows\system32\dllcache\msjetol1.dll - 2004-08-10 12:00:00 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll + 2008-03-27 08:12:54 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll - 2004-08-10 12:00:00 53,279 -c--a-w c:\windows\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 60,192 -c--a-w c:\windows\system32\dllcache\msjter40.dll - 2004-08-10 12:00:00 241,693 -c--a-w c:\windows\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:42 248,608 -c--a-w c:\windows\system32\dllcache\msjtes40.dll - 2004-08-10 12:00:00 213,023 -c--a-w c:\windows\system32\dllcache\msltus40.dll + 2008-03-25 04:50:44 219,936 -c--a-w c:\windows\system32\dllcache\msltus40.dll - 2004-08-10 12:00:00 348,189 -c--a-w c:\windows\system32\dllcache\mspbde40.dll + 2008-03-25 04:50:45 355,104 -c--a-w c:\windows\system32\dllcache\mspbde40.dll - 2007-12-07 02:21:48 193,024 -c----w c:\windows\system32\dllcache\msrating.dll + 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll - 2004-08-10 12:00:00 421,919 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:47 432,928 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll - 2004-08-10 12:00:00 315,423 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:49 322,336 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll - 2004-08-10 12:00:00 552,989 -c--a-w c:\windows\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:52 559,904 -c--a-w c:\windows\system32\dllcache\msrepl40.dll - 2004-08-10 12:00:00 258,077 -c--a-w c:\windows\system32\dllcache\mstext40.dll + 2008-03-25 04:50:55 264,992 -c--a-w c:\windows\system32\dllcache\mstext40.dll - 2007-12-07 02:21:48 671,232 -c----w c:\windows\system32\dllcache\mstime.dll + 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\dllcache\mstime.dll - 2004-08-10 12:00:00 831,519 -c--a-w c:\windows\system32\dllcache\mswdat10.dll + 2008-03-25 04:50:57 838,432 -c--a-w c:\windows\system32\dllcache\mswdat10.dll - 2004-08-10 12:00:00 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll + 2008-06-20 17:36:11 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll - 2004-08-10 12:00:00 614,429 -c--a-w c:\windows\system32\dllcache\mswstr10.dll + 2008-03-25 04:50:58 621,344 -c--a-w c:\windows\system32\dllcache\mswstr10.dll - 2004-08-10 12:00:00 348,189 -c--a-w c:\windows\system32\dllcache\msxbde40.dll + 2008-03-25 04:50:58 355,104 -c--a-w c:\windows\system32\dllcache\msxbde40.dll - 2006-08-17 12:37:49 337,408 -c--a-w c:\windows\system32\dllcache\netapi32.dll + 2008-10-15 16:53:28 339,456 -c--a-w c:\windows\system32\dllcache\netapi32.dll - 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-08-14 09:55:01 2,142,720 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe - 2007-02-28 09:15:56 2,059,392 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-08-14 09:18:44 2,062,976 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe - 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\system32\dllcache\ntkrpamp.exe + 2008-08-14 09:18:46 2,020,864 -c----w c:\windows\system32\dllcache\ntkrpamp.exe - 2007-02-28 09:55:14 2,182,144 -c----w c:\windows\system32\dllcache\ntoskrnl.exe + 2008-08-14 09:57:20 2,185,984 -c----w c:\windows\system32\dllcache\ntoskrnl.exe + 2004-08-10 12:00:00 2,944 -c--a-w c:\windows\system32\dllcache\null.sys - 2007-12-07 02:21:48 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-01-11 05:53:32 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll + 2008-08-26 07:24:30 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll - 2007-10-29 22:35:13 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll + 2008-05-07 04:55:40 1,288,192 -c--a-w c:\windows\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys + 2004-08-10 12:00:00 1,744 -c--a-w c:\windows\system32\dllcache\sound.drv - 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys + 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys - 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys + 2008-06-20 09:32:39 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys - 2007-12-07 02:21:48 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2007-12-07 02:21:48 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll + 2004-08-03 21:01:26 25,856 -c--a-w c:\windows\system32\dllcache\usbprint.sys + 2004-08-10 12:00:00 2,176 -c--a-w c:\windows\system32\dllcache\vga.drv - 2007-08-13 16:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll + 2007-07-12 23:31:54 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll - 2007-12-07 02:21:48 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2007-03-08 13:47:48 1,843,584 -c--a-w c:\windows\system32\dllcache\win32k.sys + 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys - 2007-12-07 02:21:48 824,832 -c----w c:\windows\system32\dllcache\wininet.dll + 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll + 2004-08-10 12:00:00 2,864 -c--a-w c:\windows\system32\dllcache\winsock.dll + 2004-08-10 12:00:00 2,112 -c--a-w c:\windows\system32\dllcache\winspool.exe + 2004-08-10 12:00:00 2,736 -c--a-w c:\windows\system32\dllcache\wowdeb.exe - 2007-07-30 17:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2007-07-30 17:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-07-18 20:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2007-07-30 17:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2007-07-30 17:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2007-07-30 17:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll - 2007-07-30 17:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2007-07-24 13:17:08 81,920 ----a-w c:\windows\system32\dns-sd.exe - 2006-06-26 17:37:10 148,480 ----a-w c:\windows\system32\dnsapi.dll + 2008-06-20 17:36:11 147,968 ----a-w c:\windows\system32\dnsapi.dll - 2004-08-10 12:00:00 45,568 ----a-w c:\windows\system32\dnsrslvr.dll + 2008-02-20 05:32:43 45,568 ----a-w c:\windows\system32\dnsrslvr.dll + 2007-07-24 13:17:08 61,440 ----a-w c:\windows\system32\dnssd.dll - 2004-08-10 12:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys + 2008-08-14 09:48:52 138,368 ----a-w c:\windows\system32\drivers\afd.sys - 2004-08-03 23:10:38 274,304 ----a-w c:\windows\system32\drivers\bthport.sys + 2008-06-13 13:10:50 272,128 ----a-w c:\windows\system32\drivers\bthport.sys + 2006-08-25 03:47:00 2,432 ------w c:\windows\system32\drivers\cdr4_xp.sys + 2006-08-25 03:47:00 2,560 ------w c:\windows\system32\drivers\cdralw2k.sys + 2004-08-03 21:07:58 2,944 ----a-w c:\windows\system32\drivers\drmkaud.sys - 2006-09-19 14:44:04 15,664 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys + 2008-01-29 10:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys + 2004-08-10 12:00:00 2,944 ----a-w c:\windows\system32\drivers\null.sys - 2008-02-11 13:56:46 19,512 ----a-w c:\windows\system32\drivers\nvcw32mf.sys + 2008-09-02 10:48:34 19,512 ----a-w c:\windows\system32\drivers\nvcw32mf.sys - 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys + 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys - 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys + 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys - 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-06-20 09:32:39 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2004-08-03 21:01:26 25,856 ----a-w c:\windows\system32\drivers\usbprint.sys - 2007-10-31 13:09:14 30,464 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys + 2008-02-18 09:16:24 30,464 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys - 2007-12-19 23:01:06 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2007-12-07 02:21:45 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll + 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll - 2007-12-07 02:21:45 133,120 ------w c:\windows\system32\extmgr.dll + 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll - 2008-04-02 21:02:47 225,616 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-10-16 18:22:36 225,616 ----a-w c:\windows\system32\FNTCACHE.DAT - 2007-06-19 13:31:19 282,112 ----a-w c:\windows\system32\gdi32.dll + 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll - 2006-10-03 17:47:52 109,360 ----a-w c:\windows\system32\GEARAspi.dll + 2008-01-29 10:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll - 2007-12-07 02:21:45 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll - 2007-12-06 11:00:57 70,656 ------w c:\windows\system32\ie4uinit.exe + 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe - 2007-12-07 02:21:45 153,088 ------w c:\windows\system32\ieakeng.dll + 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll - 2007-12-07 02:21:45 230,400 ------w c:\windows\system32\ieaksie.dll + 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll - 2007-12-06 04:59:51 161,792 ------w c:\windows\system32\ieakui.dll + 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll - 2007-12-07 02:21:45 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2007-12-07 02:21:45 384,512 ------w c:\windows\system32\iedkcs32.dll + 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll - 2007-12-07 02:21:46 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll - 2007-12-07 02:21:46 44,544 ------w c:\windows\system32\iernonce.dll + 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll - 2007-12-07 02:21:46 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll - 2007-12-06 11:00:58 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll + 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll - 2007-07-11 23:22:00 135,168 ----a-w c:\windows\system32\java.exe + 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe - 2007-07-11 23:22:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe - 2007-07-12 00:22:38 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe - 2007-12-07 02:21:47 27,648 ------w c:\windows\system32\jsproxy.dll + 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll + 2004-08-10 12:00:00 2,000 ----a-w c:\windows\system32\keyboard.drv + 2004-08-10 12:00:00 2,560 ----a-w c:\windows\system32\lz32.dll + 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe - 2007-11-21 00:52:38 2,884,992 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2007-11-21 00:52:40 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe - 2007-12-15 17:40:22 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2008-11-11 17:21:38 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2008-01-09 23:08:28 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2008-10-22 15:47:24 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2004-08-10 12:00:00 2,032 ----a-w c:\windows\system32\mouse.drv - 2008-03-05 16:30:54 19,148,408 ----a-w c:\windows\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w c:\windows\system32\MRT.exe - 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll + 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll - 2004-12-06 22:53:51 297,472 ----a-w c:\windows\system32\msctf.dll + 2008-02-26 11:48:44 297,984 ----a-w c:\windows\system32\msctf.dll - 2004-08-10 12:00:00 512,029 ----a-w c:\windows\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w c:\windows\system32\msexch40.dll - 2004-08-10 12:00:00 319,517 ----a-w c:\windows\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w c:\windows\system32\msexcl40.dll - 2007-12-07 02:21:47 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2007-12-07 02:21:47 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2007-12-08 08:51:48 3,592,192 ----a-w c:\windows\system32\mshtml.dll + 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll - 2007-12-07 02:21:47 478,208 ----a-w c:\windows\system32\mshtmled.dll + 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2004-08-10 12:00:00 1,507,356 ----a-w c:\windows\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w c:\windows\system32\msjet40.dll - 2004-08-10 12:00:00 358,976 ----a-w c:\windows\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w c:\windows\system32\msjetoledb40.dll - 2004-08-10 12:00:00 151,583 ----a-w c:\windows\system32\msjint40.dll + 2008-03-27 08:12:54 151,583 ----a-w c:\windows\system32\msjint40.dll - 2004-08-10 12:00:00 53,279 ----a-w c:\windows\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w c:\windows\system32\msjter40.dll - 2004-08-10 12:00:00 241,693 ----a-w c:\windows\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w c:\windows\system32\msjtes40.dll - 2004-08-10 12:00:00 213,023 ----a-w c:\windows\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w c:\windows\system32\msltus40.dll - 2004-08-10 12:00:00 348,189 ----a-w c:\windows\system32\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w c:\windows\system32\mspbde40.dll - 2007-12-07 02:21:48 193,024 ------w c:\windows\system32\msrating.dll + 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll - 2004-08-10 12:00:00 421,919 ----a-w c:\windows\system32\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w c:\windows\system32\msrd2x40.dll - 2004-08-10 12:00:00 315,423 ----a-w c:\windows\system32\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w c:\windows\system32\msrd3x40.dll - 2004-08-10 12:00:00 552,989 ----a-w c:\windows\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w c:\windows\system32\msrepl40.dll - 2004-08-10 12:00:00 258,077 ----a-w c:\windows\system32\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w c:\windows\system32\mstext40.dll - 2007-12-07 02:21:48 671,232 ------w c:\windows\system32\mstime.dll + 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll - 2004-08-10 12:00:00 831,519 ----a-w c:\windows\system32\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w c:\windows\system32\mswdat10.dll - 2004-08-10 12:00:00 245,248 ----a-w c:\windows\system32\mswsock.dll + 2008-06-20 17:36:11 245,248 ----a-w c:\windows\system32\mswsock.dll - 2004-08-10 12:00:00 614,429 ----a-w c:\windows\system32\mswstr10.dll + 2008-03-25 04:50:58 621,344 ----a-w c:\windows\system32\mswstr10.dll - 2004-08-10 12:00:00 348,189 ----a-w c:\windows\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w c:\windows\system32\msxbde40.dll - 2007-07-30 18:19:10 271,224 ----a-w c:\windows\system32\mucltui.dll + 2008-07-18 20:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll - 2007-07-30 18:19:04 207,736 ----a-w c:\windows\system32\muweb.dll + 2008-07-18 20:07:32 210,976 ----a-w c:\windows\system32\muweb.dll - 2006-08-17 12:37:49 337,408 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:53:28 339,456 ----a-w c:\windows\system32\netapi32.dll + 2004-08-10 12:00:00 2,656 ----a-w c:\windows\system32\netware.drv - 2007-12-07 02:21:48 102,912 ------w c:\windows\system32\occache.dll + 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll - 2008-04-02 21:08:14 54,614 ----a-w c:\windows\system32\perfc009.dat + 2008-10-31 14:59:24 54,614 ----a-w c:\windows\system32\perfc009.dat - 2008-04-02 21:08:14 384,930 ----a-w c:\windows\system32\perfh009.dat + 2008-10-31 14:59:24 384,930 ----a-w c:\windows\system32\perfh009.dat - 2008-01-11 05:53:32 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-10-29 22:35:13 1,287,680 ----a-w c:\windows\system32\quartz.dll + 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\system32\quartz.dll + 2008-07-18 20:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-18 20:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll + 2004-08-10 12:00:00 1,744 ----a-w c:\windows\system32\sound.drv - 2007-10-08 12:46:18 14,640 ------w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll - 2007-11-13 11:31:11 60,416 ------w c:\windows\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe - 2007-12-07 02:21:48 105,984 ----a-w c:\windows\system32\url.dll + 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll - 2007-12-07 02:21:48 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2005-04-27 23:15:45 2,560 ----a-w c:\windows\system32\usmt\iconlib.dll + 2004-08-10 12:00:00 2,176 ----a-w c:\windows\system32\vga.drv - 2007-12-07 02:21:48 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll + 2004-08-10 12:00:00 2,864 ----a-w c:\windows\system32\winsock.dll + 2004-08-10 12:00:00 2,112 ----a-w c:\windows\system32\winspool.exe - 2006-10-18 20:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll + 2008-06-24 16:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll + 2004-08-10 12:00:00 2,736 ----a-w c:\windows\system32\wowdeb.exe - 2007-07-30 17:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll + 2008-07-18 20:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll - 2007-07-30 17:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe + 2008-07-18 20:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe - 2007-07-30 17:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll + 2008-07-18 20:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll - 2007-07-30 17:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll + 2008-07-18 20:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll - 2007-07-30 17:18:40 33,624 ----a-w c:\windows\system32\wups.dll + 2008-07-18 20:10:20 36,552 ----a-w c:\windows\system32\wups.dll - 2007-07-30 17:19:12 43,352 ----a-w c:\windows\system32\wups2.dll + 2008-07-18 20:10:40 45,768 ----a-w c:\windows\system32\wups2.dll - 2007-07-30 17:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll + 2008-07-18 20:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll + 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe + 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll + 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280] "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2006-01-05 489472] "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2006-01-05 08:15 73728] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-09 157696] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Telenorhjelpen"="c:\program files\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 c:\windows\system32\bthprops.cpl] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 c:\windows\RTHDCPL.EXE] "SMSERIAL"="sm56hlpr.exe" [2005-09-16 c:\windows\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360] c:\documents and settings\\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2006-07-24 159744] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Telenor\\Telenorhjelpen\\Telenor.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12798:TCP"= 12798:TCP:BitComet 12798 TCP "12798:UDP"= 12798:UDP:BitComet 12798 UDP R2 Ndiskio;Ndiskio;c:\norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512] R3 nvcoas;Norman Virus Control on-access component;c:\norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488] S3 nvcfsr;nvcfsr;c:\norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712] S3 nvcoafl51;nvcoafl51;c:\norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264] S3 nvcoaft51;nvcoaft51;c:\norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848] S3 nvcoarc51;nvcoarc51;c:\norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224] S3 odysseyIM4;Odyssey Network Agent Miniport;c:\windows\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b60d7856-da74-11dc-8242-001060d168c3}] \Shell\AutoRun\command - F:\Launch.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe HKLM-Run-LogitechCameraService(E) - c:\windows\system32\ElkCtrl.exe Notify-OdysseyClient - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\\Application Data\Mozilla\Firefox\Profiles\lq95pbw4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startsiden.no/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 18:52:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\explorer.exe -> c:\progra~1\Google\GOOGLE~1\GOA66E~1.DLL . Completion time: 2008-11-11 18:54:56 ComboFix-quarantined-files.txt 2008-11-11 17:53:52 ComboFix2.txt 2008-04-02 21:13:34 Pre-Run: 45,475,979,264 bytes free Post-Run: 45,556,920,320 byte ledig 1112 --- E O F --- 2008-10-25 01:02:02 > HijackThis: Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:00:49, on 11.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Norman\npm\bin\niu.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.wavefield-inseis.com/dwa7W.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE -- End of file - 7511 bytes > Håper noen kan hjelpe.. Lenke til kommentar
r2d290 Skrevet 11. november 2008 Del Skrevet 11. november 2008 Sapara: P2P Advarsel! Viktig Loggene viser at det finnes ett eller fler P2P (Person to Person) fildelingsprogram på maskinen din. LimeWire og Azureus Vær klar over at så lenge du bruker noen form for Peer-to-Peer nettverk for å laste ned filer fra en "uoffisiell" kilde, må du gå ut ifra at maskinen din kan bli infisert.Før i tiden ble P2P fildeling regnet som ganske trygt. Dette er ikke lenger tilfelle. Du kan fortsette å bruke P2P på din egen risiko, men husk at dette kan være kilden til din nåværende eller neste infeksjon. Referanser om risikoen for disse programmene, kan du finne i disse linkene: http://www.microsoft.com/windows/ie/commun...protection.mspxhttp://www.techweb.com/wire/160500554http://www.internetworldstats.com/articles/art053.htm Se en liste over rene/risikable P2P-programmer her: http://p2p.malwareremoval.com/ Jeg anbefaler at du avinstallerer LimeWire, men valget er ditt. Hvis du velger å fjerne disse programmene, kan du gjøre det fra Kontrollpanel->Legg til/fjern programmer. Hvis du ønsker å beholde programmet, ber jeg deg om å ikke bruke det før maskinen er ren for malware. Det ser ut til at MBAM fjernet det den skulle, så de andre loggene ser fine ut. Hvordan fungerer pc-en? Lenke til kommentar
2ball_ Skrevet 16. november 2008 Del Skrevet 16. november 2008 (endret) ComboFix = win32 only. jeg sitter på xp64. hva nå? Endret 16. november 2008 av 2ball(s) Lenke til kommentar
norbat Skrevet 17. november 2008 Forfatter Del Skrevet 17. november 2008 MBAM og HJT. Loggene poster du i en egen tråd som du oppretter ved å klikke Nytt Emne-knappen. Lenke til kommentar
Flibo Skrevet 18. november 2008 Del Skrevet 18. november 2008 MBAM: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30 Database versjon: 1306 Windows 5.1.2600 Service Pack 2 18.11.2008 16:53:20 mbam-log-2008-11-18 (16-53-20).txt Skanntype: Rask Skann Objekter skannet: 49853 Tid tilbakelagt: 4 minute(s), 40 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 9 Mapper infisert: 1 Filer infisert: 11 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdfcv.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8195313d-bdae-40f3-a4cb-f759a061bc09}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8195313d-bdae-40f3-a4cb-f759a061bc09}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b240750e-d288-468c-9aff-c6c02d8c0951}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f8127b44-9e3e-4a08-8c75-e253720a7873}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8195313d-bdae-40f3-a4cb-f759a061bc09}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8195313d-bdae-40f3-a4cb-f759a061bc09}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b240750e-d288-468c-9aff-c6c02d8c0951}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f8127b44-9e3e-4a08-8c75-e253720a7873}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.133;85.255.112.196 -> Quarantined and deleted successfully. Mapper infisert: C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully. Filer infisert: C:\RECYCLER\S-1-5-21-1757981266-884357618-839522115-1003\Dc283.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1757981266-884357618-839522115-1003\Dc752.INS (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1757981266-884357618-839522115-1003\Dc753.INS (Trojan.Downloader) -> Quarantined and deleted successfully. C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-25F.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-36D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-3C9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-403.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-717.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-753.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-7AD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-11-17.04 - Badtee 2008-11-18 17:03:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1439 [GMT 1:00] Running from: D:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\resycled c:\resycled\boot.com c:\windows\Temp\tmp3.tmp D:\Autorun.inf D:\resycled d:\resycled\boot.com . ((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 ))))))))))))))))))))))))))))))) . 2008-11-18 17:07 . 2008-11-18 17:07 <DIR> dr-hs---- C:\resycled 2008-11-18 17:07 . 2008-11-18 17:08 103 -r-hs---- C:\autorun.inf 2008-11-18 16:47 . 2008-11-18 16:47 <DIR> d-------- c:\documents and settings\Badtee\Application Data\Malwarebytes 2008-11-18 16:47 . 2008-11-18 16:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-18 16:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-18 16:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-18 16:13 . 2008-11-18 16:13 <DIR> d-------- c:\program files\Panda Security 2008-11-18 16:13 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-11-18 16:04 . 2008-11-18 16:04 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2008-11-18 16:03 . 2008-11-18 16:03 <DIR> d-------- c:\program files\Trojan Remover 2008-11-18 16:03 . 2008-11-18 16:03 <DIR> d-------- c:\documents and settings\Badtee\Application Data\Simply Super Software 2008-11-18 16:03 . 2008-11-18 16:07 <DIR> d-------- c:\documents and settings\Badtee\.housecall6.6 2008-11-18 16:03 . 2008-11-18 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2008-11-18 16:03 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-11-18 16:03 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2008-11-18 16:03 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2008-11-18 16:03 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2008-11-18 16:03 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2008-11-17 00:47 . 2008-11-17 00:47 <DIR> d-------- c:\program files\MSXML 6.0 2008-11-16 15:47 . 2008-11-16 15:47 <DIR> d-------- c:\program files\vmntoolbar 2008-11-16 15:47 . 2008-11-16 15:56 <DIR> d-------- c:\program files\Visicom Media 2008-11-16 15:47 . 2008-11-16 15:47 <DIR> d-------- c:\program files\CA VMN Anti-Spyware 2008-11-16 15:47 . 2008-11-18 16:59 <DIR> d-------- c:\documents and settings\Badtee\Application Data\vmntoolbar 2008-11-16 15:47 . 2008-11-16 15:47 <DIR> d-------- c:\documents and settings\Badtee\Application Data\Sites 2008-11-16 15:47 . 2008-11-16 15:51 <DIR> d-------- c:\documents and settings\Badtee\Application Data\SiteClasses 2008-11-16 15:47 . 2008-11-16 15:47 <DIR> d-------- c:\documents and settings\Badtee\Application Data\EmailNotifier 2008-11-16 15:47 . 2008-11-16 15:47 <DIR> d-------- c:\documents and settings\Badtee\Application Data\Dynamic 2008-11-16 15:47 . 2008-11-16 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2008-11-16 15:43 . 2008-11-16 15:43 <DIR> d-------- C:\srtFtpLogs 2008-11-16 15:43 . 2008-11-16 15:43 <DIR> d-------- C:\srtFtpData 2008-11-16 15:43 . 2008-11-16 15:43 126 --a------ c:\windows\srxAdmin.INI 2008-11-16 15:42 . 2008-11-16 15:42 <DIR> d-------- C:\srtFtpSecFiles 2008-11-16 15:39 . 2008-11-16 15:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\South River Technologies 2008-11-16 15:35 . 2008-11-16 15:35 <DIR> d-------- c:\program files\South River Technologies 2008-11-16 15:35 . 2008-09-25 11:15 4,558,848 --a------ c:\windows\system32\srxTitan.exe 2008-11-16 15:35 . 2008-09-25 11:15 3,878,912 --a------ c:\windows\system32\srxCOM.dll 2008-11-16 15:35 . 2008-09-25 11:14 1,695,744 --a------ c:\windows\system32\srFXResDll.dll 2008-11-16 15:35 . 2008-09-25 11:14 663,552 --a------ c:\windows\system32\srResDll.dll 2008-11-16 15:33 . 2008-11-16 16:05 <DIR> d-------- c:\program files\SmartFTP Client 2008-11-16 10:01 . 2008-11-16 10:01 <DIR> d-------- c:\program files\VSTplugins 2008-11-16 10:01 . 2008-11-16 10:01 <DIR> d-------- c:\documents and settings\Badtee\Application Data\Publish Providers 2008-11-16 10:00 . 2008-11-16 13:49 <DIR> d-------- c:\documents and settings\Badtee\Application Data\Sony 2008-11-16 10:00 . 2008-11-16 14:13 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-16 09:56 . 2008-11-16 09:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony 2008-11-16 09:52 . 2008-11-16 09:52 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-16 09:52 . 2008-11-16 09:52 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-16 09:51 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-16 09:49 . 2008-11-16 09:49 <DIR> d-------- c:\program files\Sony Setup 2008-11-16 09:49 . 2008-11-16 09:49 <DIR> d-------- c:\documents and settings\Badtee\Application Data\Sony Setup 2008-11-14 21:00 . 2004-08-03 23:10 78,464 --a------ c:\windows\system32\drivers\usbvideo.sys 2008-11-14 21:00 . 2004-08-03 23:10 78,464 --a--c--- c:\windows\system32\dllcache\usbvideo.sys 2008-11-14 21:00 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2008-11-14 21:00 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2008-11-14 21:00 . 2004-08-04 00:56 20,992 --a------ c:\windows\system32\dshowext.ax 2008-11-14 21:00 . 2004-08-04 00:56 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax 2008-11-11 13:19 . 2008-11-11 13:19 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-04 15:45 . 2008-11-18 15:00 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-04 14:34 . 2008-11-18 14:15 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-04 14:34 . 2008-11-04 18:56 <DIR> d-------- c:\documents and settings\Badtee\Application Data\AVGTOOLBAR 2008-11-04 14:34 . 2008-11-04 14:34 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-04 14:34 . 2008-11-04 14:34 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-04 14:33 . 2008-11-04 14:33 <DIR> d-------- c:\program files\AVG 2008-11-04 14:33 . 2008-11-18 15:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-04 14:25 . 2008-11-04 14:25 <DIR> d-------- C:\VundoFix Backups 2008-11-04 14:06 . 2008-11-04 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-04 14:05 . 2008-11-04 14:05 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-04 13:58 . 2008-11-04 13:58 <DIR> d-------- c:\documents and settings\Badtee\WINDOWS 2008-11-04 12:29 . 2008-11-14 22:52 <DIR> d-------- c:\program files\Minilyrics 2008-11-04 12:09 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2008-11-04 12:08 . 2008-11-16 09:54 <DIR> d-------- c:\program files\MSBuild 2008-11-04 12:08 . 2008-11-04 12:08 <DIR> d-------- c:\program files\Microsoft Works 2008-11-04 12:06 . 2008-11-04 12:06 <DIR> d-------- c:\program files\Microsoft.NET 2008-11-04 12:03 . 2008-11-04 12:03 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2008-11-04 12:02 . 2008-11-04 12:07 <DIR> d-------- c:\windows\SHELLNEW 2008-11-04 12:02 . 2008-11-06 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-30 02:15 . 2008-10-30 04:34 <DIR> d-------- c:\program files\Opera 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\system32\divx_xx07.dll 2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll 2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\system32\divx_xx11.dll 2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\DivX.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-18 14:38 --------- d-----w c:\program files\mIRC 2008-11-16 15:27 --------- d-----w c:\documents and settings\Badtee\Application Data\wsInspector 2008-11-16 14:35 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-16 14:20 --------- d-----w c:\program files\DivX 2008-11-16 11:04 --------- d-----w c:\documents and settings\Badtee\Application Data\LimeWire 2008-11-11 12:19 --------- d-----w c:\program files\Java 2008-11-04 11:35 --------- d-----w c:\program files\Winamp 2008-10-29 15:04 --------- d-----w c:\documents and settings\Badtee\Application Data\Winamp 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-17 15:28 --------- d-----w c:\program files\Winamp Toolbar 2008-10-17 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar 2008-10-16 21:29 --------- d-----w c:\program files\Startup Inspector for Windows 2008-10-16 21:25 --------- d-----w c:\program files\PC Wizard 2008 2008-10-15 01:14 --------- d-----w c:\documents and settings\Badtee\Application Data\dvdcss 2008-10-07 19:37 --------- d-----w c:\program files\Telenor 2008-10-07 19:37 --------- d-----w c:\documents and settings\All Users\Application Data\Telenor 2008-09-26 16:23 --------- d-----w c:\program files\Foxit Software 2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll 2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-09-25 08:03 57,344 -c--a-w c:\windows\system32\dpv11.dll 2008-09-25 08:03 53,248 -c--a-w c:\windows\system32\dpuGUI10.dll 2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-09-25 08:03 344,064 -c--a-w c:\windows\system32\dpus11.dll 2008-09-25 08:03 294,912 -c--a-w c:\windows\system32\dpu11.dll 2008-09-25 08:03 294,912 -c--a-w c:\windows\system32\dpu10.dll 2008-09-25 08:03 196,608 -c--a-w c:\windows\system32\dtu100.dll 2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-24 21:20 --------- d-----w c:\program files\HP 2008-09-22 10:07 --------- d-----w c:\documents and settings\Badtee\Application Data\Creative 2008-09-22 10:06 --------- d-----w c:\program files\Creative 2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 -c--a-w c:\windows\system32\libdivx.dll 2008-09-19 21:54 12,288 -c--a-w c:\windows\system32\DivXWMPExtType.dll 2008-09-19 14:03 --------- d-----w c:\program files\Razer 2008-09-19 14:03 --------- d-----w c:\program files\DIFX 2008-09-19 14:01 --------- d-----w c:\documents and settings\Badtee\Application Data\InstallShield 2008-09-19 13:46 --------- d-----w c:\program files\D-Link 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll 2008-08-20 05:38 659,456 ----a-w c:\windows\system32\wininet.dll 2008-05-04 04:07 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}] 2007-09-24 15:26 2022912 --a------ c:\progra~1\VMNTOO~1\VMNTOO~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912] [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}] [HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "8169Diag"="c:\program files\D-Link\Diagnostics Utility\8169Diag" [X] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497] "V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] "GrooveMonitor"="d:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1234712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-11 136600] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800] "RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Badtee\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Gangien's KZ Updater.lnk - d:\alt samma\Gangiens_kz_updater\kzupdater\KZUpdater.exe [2008-11-04 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program1\\EA GAMES\\Command and Conquer Generals\\game.dat"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "d:\\Programfiler\\Steam\\steamapps\\madturtle1\\counter-strike\\hl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Programfiler\\mIRC\\myPPBv3.01\\mirc.exe"= "d:\\Programfiler\\myPPBv3.5\\mirc.exe"= "d:\\Programfiler\\mIRC\\mirc.exe"= "d:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "d:\\Programfiler\\Steam\\Steam.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18775:TCP"= 18775:TCP:BitComet 18775 TCP "18775:UDP"= 18775:UDP:BitComet 18775 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-18 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-04 97928] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704] R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\DRIVERS\LANPkt.sys [2008-09-19 8399] R2 SRTSERVERDAEMON;Titan FTP Server Daemon;"c:\windows\system32\srxTitan.exe" [2008-11-16 4558848] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-09-19 22784] S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys [2008-09-19 11003] S3 RTLVLAN;D-Link VLAN Intermediate Driver;c:\windows\system32\DRIVERS\RTLVLAN.SYS [2008-09-19 16384] S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys [] S3 V0230Vfx;V0230Vfx;c:\windows\system32\DRIVERS\V0230Vfx.sys [2008-08-06 6272] S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\DRIVERS\V0230VID.sys [2008-08-06 500608] *Newly Created Service* - CATCHME *Newly Created Service* - PAVBOOT *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] . - - - - ORPHANS REMOVED - - - - HKLM-Run-c:\windows\system32\kdfcv.exe - c:\windows\system32\kdfcv.exe Notify-ssqRkIYq - ssqRkIYq.dll . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Badtee\Application Data\Mozilla\Firefox\Profiles\rn27yb56.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.nordicmafia.net FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - d:\programfiler\Quicktime\Plugins\npqtplugin.dll FF -: plugin - d:\programfiler\Quicktime\Plugins\npqtplugin2.dll FF -: plugin - d:\programfiler\Quicktime\Plugins\npqtplugin3.dll FF -: plugin - d:\programfiler\Quicktime\Plugins\npqtplugin4.dll FF -: plugin - d:\programfiler\Quicktime\Plugins\npqtplugin5.dll FF -: plugin - d:\programfiler\Quicktime\Plugins\npqtplugin6.dll FF -: plugin - d:\programfiler\Quicktime\Plugins\npqtplugin7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-18 17:07:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78-EUC-H 14341 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78-EUC-V 2145 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78-H 14210 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78-RKSJ-H 14374 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78-RKSJ-V 2151 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78-V 2121 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78ms-RKSJ-H 16137 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\78ms-RKSJ-V 3183 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\83pv-RKSJ-H 6213 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\90ms-RKSJ-H 5148 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\90ms-RKSJ-V 3204 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\90msp-RKSJ-H 5077 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\90msp-RKSJ-V 3186 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\90pv-RKSJ-H 6989 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\90pv-RKSJ-V 2663 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UCS2-H 173553 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UCS2-V 1990 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UTF16-H 130604 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UTF16-V 1948 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UTF32-H 172658 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UTF32-V 2048 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UTF8-H 153573 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniKS-UTF8-V 1994 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\V 2123 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\WP-Symbol 2017 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UCS2-H 176286 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UCS2-HW-H 1720 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UCS2-HW-V 5689 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UCS2-V 5603 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UTF16-H 199717 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UTF16-V 4825 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UTF32-H 256671 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UTF32-V 5837 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UTF8-H 227783 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJIS-UTF8-V 5341 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJISB-UCS2-H 141944 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJISPro-UCS2-HW-V 5835 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJISPro-UCS2-V 5717 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJISPro-UTF8-V 6570 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJISX0213-UTF32-H 256654 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniJISX0213-UTF32-V 5889 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNS-UCS2-H 342160 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNS-UCS2-V 1880 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNS-UTF16-H 266770 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNS-UTF16-V 1873 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNS-UTF32-H 337348 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNS-UTF32-V 1953 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNS-UTF8-H 303232 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniCNcatchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UCS2-H 287523 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UCS2-V 2087 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UTF16-H 212736 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UTF16-V 1984 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UTF32-H 280506 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UTF32-V 2100 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UTF8-H 250318 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniGB-UTF8-V 2038 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UCS2-H 86847 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UCS2-V 1608 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UTF16-H 66235 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UTF16-V 1614 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UTF32-H 88102 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UTF32-V 1614 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UTF8-H 77011 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\UniHojo-UTF8-V 1610 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSCpc-EUC-H 11982 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSCpc-EUC-V 1961 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\NWP-H 16974 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\NWP-V 2547 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\RKSJ-H 4153 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\RKSJ-V 2153 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Roman 1586 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-CNS1-0 2784 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Korea1-0 2368 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\ETen-B5-V 1884 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GB-EUC-V 2017 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Identity-H 6716 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Identity-V 1249 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Katakana 1610 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSC-EUC-H 11109 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSC-EUC-V 1949 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSC-H 11012 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSC-Johab-H 87414 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSC-Johab-V 1963 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSC-V 1925 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSCms-UHC-H 15535 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSCms-UHC-HW-H 15530 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSCms-UHC-HW-V 1961 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\KSCms-UHC-V 1963 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKm314-B5-H 12995 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKm314-B5-V 1855 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKm471-B5-H 16115 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKm471-B5-V 1855 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKscs-B5-H 23214 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKscs-B5-V 1870 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Hojo-EUC-H 3607 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Hojo-EUC-V 1604 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Hojo-H 3257 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Hojo-V 1580 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBT-H 47912 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBT-V 2001 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBTpc-EUC-H 48056 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBTpc-EUC-V 2037 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\H 3960 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Hankaku 1728 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Hiragana 1700 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKdla-B5-H 23221 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKdla-B5-V 1849 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKdlb-B5-H 20763 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKdlb-B5-V 1849 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKgccs-B5-H 13191 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\HKgccs-B5-V 1855 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GB-H 3307 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GB-V 1993 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBK-EUC-H 86194 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBK-EUC-V 2005 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBK2K-H 112247 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBK2K-V 2419 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBKp-EUC-H 86174 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBKp-EUC-V 2011 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBpc-EUC-H 3449 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBpc-EUC-V 2029 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBT-EUC-H 48024 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GBT-EUC-V 2025 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\ETenms-B5-H 1627 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\ETenms-B5-V 1959 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\ETHK-B5-H 23160 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\ETHK-B5-V 1864 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\EUC-H 4101 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\EUC-V 2147 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Ext-H 15000 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Ext-RKSJ-H 15194 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Ext-RKSJ-V 2417 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Ext-V 2387 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\GB-EUC-H 3419 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Korea1-1 3059 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Korea1-2 3058 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\AdobeFnt10.lst 40537 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\B5-H 6645 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\B5-V 1833 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\B5pc-H 6703 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\B5pc-V 1845 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\CNS-EUC-H 11555 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\CNS-EUC-V 12635 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\CNS1-H 4667 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\CNS1-V 1841 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\CNS2-H 3254 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\CNS2-V 1578 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\ETen-B5-H 6865 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-CNS1-1 2968 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-CNS1-2 2989 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-CNS1-3 3094 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-CNS1-4 3115 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-GB1-0 2222 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-GB1-1 2384 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-GB1-2 3386 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMcatchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net c:\documents and settings\Badtee\Application Data\Macromedia\Flash Player\#SharedObjects\PF6ENW4N\cdn.gigya.com\com.quantserve.sol 72 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-GB1-4 3967 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan1-0 2273 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan1-1 2274 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan1-2 2314 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan1-3 2325 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan1-4 2827 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan1-5 3226 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan1-6 3457 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Adobe-Japan2-0 2091 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Add-H 14400 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Add-RKSJ-H 14595 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Add-RKSJ-V 2777 bytes c:\program files\Common Files\Adobe\Fonts\Reqrd\CMaps\Add-V 2747 bytes scan completed successfully hidden files: 172 ************************************************************************** . Completion time: 2008-11-18 17:12:23 ComboFix-quarantined-files.txt 2008-11-18 16:12:10 Pre-Run: 1 785 450 496 bytes free Post-Run: 1,823,477,760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 439 --- E O F --- 2008-11-16 23:47:35 HiJackThis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20:03, on 18.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\V0230Mon.exe C:\Program Files\D-Link\Diagnostics Utility\8169Diag.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Winamp\winampa.exe D:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\ALT SAMMA\Gangiens_kz_updater\kzupdater\jre\bin\java.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\srxTitan.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Filer\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe O4 - HKLM\..\Run: [8169Diag] C:\Program Files\D-Link\Diagnostics Utility\8169Diag /hw O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Gangien's KZ Updater.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - South River Technologies, Inc. - C:\WINDOWS\system32\srxTitan.exe -- End of file - 8878 bytes Evig takknemlig for evt hjelp :] Lenke til kommentar
r2d290 Skrevet 18. november 2008 Del Skrevet 18. november 2008 post en ny MBAM-logg, så er vi sikker på at alt det den skulle fjerne, er fjernet Lenke til kommentar
Flibo Skrevet 18. november 2008 Del Skrevet 18. november 2008 MBAM: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30 Database versjon: 1306 Windows 5.1.2600 Service Pack 2 18.11.2008 18:31:05 mbam-log-2008-11-18 (18-31-05).txt Skanntype: Rask Skann Objekter skannet: 48825 Tid tilbakelagt: 3 minute(s), 56 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully. Filer infisert: (Ingen mistenkelige filer funnet) Slik... :] Lenke til kommentar
Kea Skrevet 21. november 2008 Del Skrevet 21. november 2008 (endret) Er dette malware-programmet sikkert (Malwarebytes' Anti-Malware)? Kan man bruke det sammen med for eksempel Kaspersky? Jeg har det, og er ikke sikker på om man kan bruke det og Anti-malware programmet sammen... Endret 21. november 2008 av The_Unforgiven Lenke til kommentar
r2d290 Skrevet 21. november 2008 Del Skrevet 21. november 2008 madturtle: beklager at du ikke har fått noen respons enda. Får du ikke svar av noen andre innen lørdag, så kan du sende meg en PM med en påminnelse, så skal jeg se på det på søndag. The_Unforgiven: MBAM er sikkert, og et av de beste programmene du får gratis. Programmet hadde helt sikkert ikke vært i veiledningen hvis det ikke var trygt Du kan fint bruke det sammen med antivirusprogram, da MBAM er et antispywareprogram, og skaper derfor ingen konflikter. Du skal derimot ikke ha to antivirusprogram kjørende samtidig Lenke til kommentar
Kea Skrevet 21. november 2008 Del Skrevet 21. november 2008 Jeg har nå lastet ned og kjørt MBAM. Jeg prøvde deretter å laste ned combofix, men det virket ikke, for jeg har Vista. Hva gjør jeg nå, skal jeg legge ut loggen til MBAM her, eller hoppe over Combofix-punktet, og gå videre itl neste? Lenke til kommentar
Tosha0007 Skrevet 21. november 2008 Del Skrevet 21. november 2008 så framt du ikkje har vista 64 bit skal combofix virke. Det skal gå fint på 32-bits vista Lenke til kommentar
Kea Skrevet 21. november 2008 Del Skrevet 21. november 2008 Nå har jeg altså gjort alt som står i veiledningen, unntatt å installere Combofix, siden det ikke er kompatibelt med Windows Vista 64-bits versjon. Jeg har lagt ut begge loggfilene i en egen tråd, "Virus: Trojansk hest". Hva nå? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå