[LØST] Hjelp! msn viiiiirus :/

norbat · 6. juni 2008

Kunne du ha skrevet opp hele stien inkl. filnavnet der fila ligger, så kan vi prøve å fjerne den på en annen måte

C:\Users\Christoffer\Downloads.......

Christofferaa · 6. juni 2008

Hmm... er ikke det hele det? la meg legge ved et scree shoot!:

Jeg har vista... altså hvis jeg trykker på "Christoffer" så kommer jeg inn et sted hvor det er mapper som heter: musikk, video, nedlastninger, dukomenter osv.... inne på downloads ligger viruset... hvis det er det som er viruset det! :/

Jusk jeg endra navn til "Jalla Crap"

norbat · 6. juni 2008

C:\Users\Christoffer\Downloads\Jalla crap.hvilken filendelse?

Christofferaa · 6. juni 2008

Da jeg gikk inn på Egenskaper på "virus-fila" fant jeg dette under komandolinja:

"C:\Users\Christoffer\Downloads\Jalla crap.com"

På filtype står det: MS-DOS-program (.com)

Håper det hjelper!

norbat · 6. juni 2008

Ok, da prøver du dette:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\Users\Christoffer\Downloads\Jalla crap.com

KenBjork · 6. juni 2008

Må bare si det, det er 2 stk på diskusjon.no som utmerker seg gang på gang.

Og dere imponerer meg norbat og snipsat, slik dere hjelper folk som har fått virus og skjitt.

Måtte bare si det

Zandreu · 6. juni 2008

Skulle ha laget en tråd til ære for dem. Har hjulper meg et par ganger også.

norbat · 6. juni 2008

Takk. Hyggelig :fun:

Men, nå må vi ikke skli helt ut i OT i bfplayer sin tråd

Zandreu · 6. juni 2008

Måtte le litt når jeg så den Jalla Crap.com filen. Hehe, får håpe det fikser problemet.. Hadde samme typen virus skit en gang.

Christofferaa · 6. juni 2008

jeg gjorde som du sa Norbat!

Her er den nye loggen:

ComboFix 08-06-05.3 - Christoffer 2008-06-06 23:21:51.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1044.18.2135 [GMT 2:00]
Running from: C:\Users\Christoffer\Desktop\ComboFix.exe
Command switches used :: C:\Users\Christoffer\Desktop\CFScript.txt..txt
* Created a new restore point

FILE ::
C:\Users\Christoffer\Downloads\Jalla crap.com
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Christoffer\Downloads\Jalla crap.com

.
(((((((((((((((((((((((((   Files Created from 2008-05-06 to 2008-06-06  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 19:40	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\Malwarebytes
2008-06-06 19:40	---------	d-----w	C:\ProgramData\Malwarebytes
2008-06-06 19:40	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 17:53	22,328	----a-w	C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-06 17:52	107,832	----a-w	C:\Windows\System32\PnkBstrB.exe
2008-06-06 16:50	---------	d-----w	C:\ProgramData\SUPERAntiSpyware.com
2008-06-06 16:49	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 16:49	---------	d-----w	C:\Program Files\SUPERAntiSpyware
2008-06-06 16:49	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-06-06 16:21	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\uTorrent
2008-06-05 14:04	34,296	----a-w	C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 14:04	15,864	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-06-05 10:24	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\teamspeak2
2008-06-03 17:20	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\LimeWire
2008-06-03 13:19	---------	d-----w	C:\Program Files\Postal2
2008-06-03 12:09	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\Ventrilo
2008-05-30 21:45	---------	d---a-w	C:\ProgramData\TEMP
2008-05-28 17:10	---------	d-----w	C:\ProgramData\Apple Computer
2008-05-28 17:10	---------	d-----w	C:\Program Files\QuickTime
2008-05-28 17:09	---------	d-----w	C:\ProgramData\Apple
2008-05-28 17:09	---------	d-----w	C:\Program Files\Apple Software Update
2008-05-28 15:05	---------	d-----w	C:\ProgramData\Roxio
2008-05-26 12:13	---------	d-----w	C:\Program Files\MSXML 4.0
2008-05-26 10:11	---------	d-----w	C:\Program Files\DAEMON Tools Lite
2008-05-25 22:38	717,296	----a-w	C:\Windows\system32\drivers\sptd.sys
2008-05-25 22:38	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\DAEMON Tools
2008-05-25 19:33	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\Any DVD Converter Professional
2008-05-25 19:33	---------	d-----w	C:\Program Files\Any DVD Converter Professional
2008-05-25 18:48	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\Roxio
2008-05-25 18:44	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-25 18:44	---------	d-----w	C:\Program Files\Memeo
2008-05-25 18:43	---------	d-s---w	C:\ProgramData\Memeo
2008-05-25 17:54	---------	d-----w	C:\Program Files\Windows Live
2008-05-25 17:53	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-25 17:52	---------	d-----w	C:\ProgramData\WLInstaller
2008-05-25 17:33	---------	d-----w	C:\ProgramData\Uninstall
2008-05-25 17:32	---------	d-----w	C:\Program Files\Roxio
2008-05-25 17:32	---------	d-----w	C:\Program Files\Common Files\Sonic Shared
2008-05-25 17:31	---------	d-----w	C:\Program Files\Common Files\Roxio Shared
2008-05-25 17:31	---------	d-----w	C:\Program Files\Common Files\PX Storage Engine
2008-05-25 17:28	---------	d-----w	C:\Program Files\Common Files\SureThing Shared
2008-05-25 17:27	---------	d-----w	C:\ProgramData\Sonic
2008-05-25 17:25	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\InstallShield
2008-05-25 17:15	---------	d-----w	C:\Program Files\Teamspeak2_RC2
2008-05-25 14:49	---------	d-----w	C:\Program Files\SopCast
2008-05-24 23:31	---------	d-----w	C:\Program Files\Ventrilo
2008-05-23 15:48	---------	d-----w	C:\Program Files\Microsoft.NET
2008-05-22 14:21	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\Ubisoft
2008-05-22 14:21	---------	d-----w	C:\ProgramData\Ubisoft
2008-05-22 13:34	669,184	----a-w	C:\Windows\System32\pbsvc.exe
2008-05-22 13:34	66,872	----a-w	C:\Windows\System32\PnkBstrA.exe
2008-05-22 13:34	22,328	----a-w	C:\Users\Christoffer\AppData\Roaming\PnkBstrK.sys
2008-05-22 13:34	---------	d-----w	C:\ProgramData\Media Center Programs
2008-05-22 13:27	---------	d-----w	C:\Program Files\LimeWire
2008-05-22 13:20	---------	d-----w	C:\Program Files\Electronic Arts
2008-05-22 13:01	---------	d-----w	C:\Program Files\Rockstar Games
2008-05-22 12:54	---------	d-----w	C:\Program Files\Sun
2008-05-22 12:54	---------	d-----w	C:\Program Files\Java
2008-05-22 12:53	---------	d-----w	C:\Program Files\Common Files\Java
2008-05-22 12:41	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\PC Suite
2008-05-22 12:41	---------	d-----w	C:\ProgramData\PC Suite
2008-05-22 11:35	---------	d-----w	C:\Program Files\Postal2STP
2008-05-22 10:49	---------	d-----w	C:\Users\Christoffer\AppData\Roaming\vlc
2008-05-22 10:49	---------	d-----w	C:\Program Files\VideoLAN
2008-05-22 10:39	---------	d-----w	C:\Program Files\Nokia
2008-05-22 10:39	---------	d-----w	C:\Program Files\Common Files\PCSuite
2008-05-22 10:39	---------	d-----w	C:\Program Files\Common Files\Nokia
2008-05-22 10:37	---------	d-----w	C:\ProgramData\Downloaded Installations
2008-05-22 10:23	---------	d-----w	C:\Program Files\uTorrent
2008-05-22 10:18	---------	d-----w	C:\Program Files\EA GAMES
2008-05-22 09:53	---------	d-----w	C:\Program Files\Alwil Software
2008-05-22 09:47	---------	d-----w	C:\ProgramData\InstallShield
2008-05-22 09:47	---------	d-----w	C:\ProgramData\eSellerate
2008-05-22 09:47	---------	d-----w	C:\Program Files\Western Digital
2008-05-22 09:47	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-05-22 09:45	---------	d-----w	C:\Program Files\Western Digital Technologies
2008-05-22 09:36	174	--sha-w	C:\Program Files\desktop.ini
2008-05-22 09:33	---------	d-----w	C:\Program Files\Windows Sidebar
2008-05-22 09:33	---------	d-----w	C:\Program Files\Windows Mail
2008-05-22 09:33	---------	d-----w	C:\Program Files\Windows Defender
2008-05-22 09:33	---------	d-----w	C:\Program Files\Windows Calendar
2008-05-22 09:30	49,664	----a-w	C:\Windows\System32\csrsrv.dll
2008-05-22 09:30	376,320	----a-w	C:\Windows\System32\winsrv.dll
2008-05-22 09:30	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-05-22 09:30	110,080	----a-w	C:\Windows\system32\drivers\mrxdav.sys
2008-05-22 09:28	41,984	----a-w	C:\Windows\system32\drivers\monitor.sys
2008-05-22 09:28	374,456	----a-w	C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-05-22 09:28	1,060,920	----a-w	C:\Windows\system32\drivers\ntfs.sys
2008-05-22 09:26	3,504,696	----a-w	C:\Windows\System32\ntkrnlpa.exe
2008-05-22 09:26	3,470,392	----a-w	C:\Windows\System32\ntoskrnl.exe
2008-05-22 09:26	211,000	----a-w	C:\Windows\system32\drivers\volsnap.sys
2008-05-22 09:26	154,624	----a-w	C:\Windows\system32\drivers\nwifi.sys
2008-05-22 09:26	104,448	----a-w	C:\Windows\System32\DWWIN.EXE
2008-05-22 09:25	803,328	----a-w	C:\Windows\system32\drivers\tcpip.sys
2008-05-22 09:25	24,064	----a-w	C:\Windows\System32\netcfg.exe
2008-05-22 09:25	22,016	----a-w	C:\Windows\System32\netiougc.exe
2008-05-22 09:25	216,632	----a-w	C:\Windows\system32\drivers\netio.sys
2008-05-22 09:25	2,048	----a-w	C:\Windows\System32\msxml3r.dll
2008-05-22 09:25	167,424	----a-w	C:\Windows\System32\tcpipcfg.dll
2008-05-22 09:25	1,327,104	----a-w	C:\Windows\System32\quartz.dll
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((   snapshot@2008-06-06_19.30.58,98   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 17:11:26	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-06 21:13:37	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-06 17:11:26	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-06 21:13:37	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-06 17:11:26	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-06 21:13:37	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-06 17:41:41	2,456	----a-w	C:\Windows\System32\networklist\icons\{F9ED046D-5989-4512-905B-D01235186144}_24.bin
+ 2008-06-06 17:41:41	4,280	----a-w	C:\Windows\System32\networklist\icons\{F9ED046D-5989-4512-905B-D01235186144}_32.bin
+ 2008-06-06 17:41:41	9,560	----a-w	C:\Windows\System32\networklist\icons\{F9ED046D-5989-4512-905B-D01235186144}_48.bin
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-22 11:21 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 12:37 303104 C:\Windows\sttray.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 14:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 14:21 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 14:21 81920]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 15:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Christoffer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Users\Christoffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\Windows\pss\Memeo AutoSync Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2006-11-28 01:12 2658304 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D3034BAF-0A2F-4904-959D-0A089FFFCF06}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{7B56F511-2163-4D89-98FB-EF2876921F7F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{0D414694-014B-4C47-9196-29CCBD13FB15}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{3014C372-9812-475C-BE90-2E37CB9C1ECE}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{1E8439E5-36F3-4B52-B89D-D9865B52FF77}C:\\program files\\postal2stp\\system\\postal2.exe"= UDP:C:\program files\postal2stp\system\postal2.exe:Postal2
"UDP Query User{3A15DF79-1FD2-4DDC-BD3C-6C63FB499580}C:\\program files\\postal2stp\\system\\postal2.exe"= TCP:C:\program files\postal2stp\system\postal2.exe:Postal2
"TCP Query User{6116978F-1129-444F-8707-B83FEAEFB866}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{18056159-EB67-4B83-B8D4-63320A51DDE5}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{AB7E3FDB-B995-45EB-B8EB-3FA372DD2072}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{3556BA8B-258B-4DBC-8D58-0F67845D002F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{6AFF1992-4518-437F-8451-FE921912C166}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{874462FB-1ED9-4932-9BE7-E49C28A31950}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{A9AFB9ED-65E5-4075-A5AC-39F113B438EB}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4CCD9D7A-9428-40C8-A729-AECDE98B96A1}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D94E9AB2-ECE7-4C8F-BC58-4EFCD3C7FD29}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1EA7239E-381D-48D2-A32B-206237507D60}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{1431EC66-0041-4DC8-849A-323D44F29747}C:\\users\\christoffer\\desktop\\spill\\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\users\christoffer\desktop\spill\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"UDP Query User{FD687846-6EB8-4768-AB83-D883F2622A85}C:\\users\\christoffer\\desktop\\spill\\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\users\christoffer\desktop\spill\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"TCP Query User{97DA8C1A-0E23-46C2-A5FD-87802D9EE599}C:\\users\\christoffer\\desktop\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\users\christoffer\desktop\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"UDP Query User{0C0742F0-6E72-421F-9E1C-1E07F3EF97F3}C:\\users\\christoffer\\desktop\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\users\christoffer\desktop\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"TCP Query User{BA2EDDF2-DC07-44AA-B18A-3570B43AFD2E}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A6C7F7B1-2F59-41B2-A043-E4CEB7600D72}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{4C66B071-0F8B-414C-A7F9-358F48F54DB1}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{085B888D-4567-442B-BD04-71EE0EFADCDD}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{EE7B20D0-B781-46FF-A274-8E1CB7638427}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9D5F3EB0-C5CA-4DE9-ABD5-19168E4EBE0E}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"{322F81CA-7BB4-4E1E-A1B2-5627BA5A7657}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A6900C78-043A-42E8-BEF2-CE98E6D360B9}C:\\users\\christoffer\\desktop\\sniper elite\\sniperelite.exe"= UDP:C:\users\christoffer\desktop\sniper elite\sniperelite.exe:sniperelite.exe
"UDP Query User{37D0ACC8-57A3-4792-9765-E6DA7697AD1C}C:\\users\\christoffer\\desktop\\sniper elite\\sniperelite.exe"= TCP:C:\users\christoffer\desktop\sniper elite\sniperelite.exe:sniperelite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-02-04 23:16]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-04 23:16]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-04 23:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08af6695-338d-11dd-9936-0011507dad7a}]
\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18a4faaa-27d7-11dd-a8c1-806e6f6e6963}]
\shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afbcaaef-27e2-11dd-b79b-00197ee67383}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 08:50:27 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job"
- C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe?Sched RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 23:23:26
Windows 6.0.6000  NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 23:24:06
ComboFix-quarantined-files.txt  2008-06-06 21:24:03
ComboFix2.txt  2008-06-06 17:31:17

  Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.
  Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

241	--- E O F ---	2008-06-06 06:00:49

norbat · 6. juni 2008

Og hvordan går det med fila?

Christofferaa · 6. juni 2008

Hmm...

hva skal jeg si? den ligger nå der... å "stygger" seg.

Men jeg kan ikke si at den påvirker... eller... jeg merker ikke noe uavanelig.

Jeg merket noe uvanelig rett etter at jeg fikk viruset. da var det litt sånn at, når jeg skulle lukke msn, kom det opp en meldig om at "alle samtaler vil bli avsluttet" UTEN at jeg hadde noen samtaler gående... altså det må være de samtalene/meldingene viruset sender ut av seg selv!

Det som bugger meg, er at den fila IKKE kan slettes.

Christofferaa · 6. juni 2008

VEEEENT :) :)

Fila ligger ikke der lenger^^

Den er tydligvis borte/sletta...

Er Viruset vekke nå? kan jeg "bruke" PCen normalt igjen?

Norbat, Jeg vil takke deg for en strålende innsatts med å hjelpe en person du ikke kjenner med å fjerne et virus! Jeg er imponert over din kunskap og din hjelpsomhet!

Skulle ønske jeg kunne takke deg mer...

Igjen Takk!

Christofferaa · 7. juli 2008

Hei igjen Norbat.

Jeg trykket just på en slik link igjen, Denne gangen visste jeg at det var en viruslink. Det var derfor jeg trykket på linken med et uhell. Jeg hadde ikke tenkt til å trykke på den. skulle bare kopiere en tekst som sto ovenfor så vipps...

Jeg trykket bare på linken, IKKE på den last ned tingen som var inne på linken. så jeg tror ikke jeg lastet ned noe. da jeg trykket på linken trakk jeg ut strømmen på PCen med en gang.

Men jeg vil være HELT sikker på at jeg ikke har fått viruset igjen. så, er det greit om jeg sender deg en viss logg igjen?

Er det combofix jeg må åpne da? for å få denne loggen...

r2d290 · 7. juli 2008

Post combofix og HijackThis-logg.

Ja, det er combofix du åpner for å lage en combofix-logg...

Pass på at du bruker en ny, oppdatert versjon av combofix.

Endret 7. juli 2008 av r2d290

Christofferaa · 7. juli 2008

OK her er den nye loggen:

2008-07-07 19:10 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-07-07 19:08 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-07-07 19:05 --------- d-----w C:\Users\Christoffer\AppData\Roaming\uTorrent

2008-07-05 17:16 --------- d-----w C:\ProgramData\Ubisoft

2008-07-05 16:42 --------- d-----w C:\Users\Christoffer\AppData\Roaming\LimeWire

2008-06-26 21:57 --------- d-----w C:\Users\Christoffer\AppData\Roaming\Any DVD Converter Professional

2008-06-26 19:46 --------- d-----w C:\Program Files\City Interactive

2008-06-24 09:29 --------- d---a-w C:\ProgramData\TEMP

2008-06-22 22:26 --------- d-----w C:\Program Files\GameSpy Arcade

2008-06-22 22:24 --------- d-----w C:\Program Files\Aspyr

2008-06-22 21:43 --------- d-----w C:\Program Files\Activision

2008-06-18 14:27 --------- d-----w C:\Users\Christoffer\AppData\Roaming\teamspeak2

2008-06-17 13:22 --------- d-----w C:\Program Files\Motvik

2008-06-13 06:01 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-12 10:21 --------- d-----w C:\Program Files\SopCast

2008-06-11 11:33 --------- d-----w C:\Program Files\Windows Mail

2008-06-06 19:40 --------- d-----w C:\Users\Christoffer\AppData\Roaming\Malwarebytes

2008-06-06 19:40 --------- d-----w C:\ProgramData\Malwarebytes

2008-06-06 19:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-06-06 16:50 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-06-06 16:49 --------- d-----w C:\Users\Christoffer\AppData\Roaming\SUPERAntiSpyware.com

2008-06-06 16:49 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-06-06 16:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-06-05 14:04 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys

2008-06-05 14:04 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-06-03 13:19 --------- d-----w C:\Program Files\Postal2

2008-06-03 12:09 --------- d-----w C:\Users\Christoffer\AppData\Roaming\Ventrilo

2008-05-28 17:10 --------- d-----w C:\ProgramData\Apple Computer

2008-05-28 17:10 --------- d-----w C:\Program Files\QuickTime

2008-05-28 17:09 --------- d-----w C:\ProgramData\Apple

2008-05-28 17:09 --------- d-----w C:\Program Files\Apple Software Update

2008-05-28 15:05 --------- d-----w C:\ProgramData\Roxio

2008-05-26 12:13 --------- d-----w C:\Program Files\MSXML 4.0

2008-05-26 10:11 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-05-25 22:38 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-05-25 22:38 --------- d-----w C:\Users\Christoffer\AppData\Roaming\DAEMON Tools

2008-05-25 19:33 --------- d-----w C:\Program Files\Any DVD Converter Professional

2008-05-25 18:48 --------- d-----w C:\Users\Christoffer\AppData\Roaming\Roxio

2008-05-25 18:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-25 18:44 --------- d-----w C:\Program Files\Memeo

2008-05-25 18:43 --------- d-s---w C:\ProgramData\Memeo

2008-05-25 17:54 --------- d-----w C:\Program Files\Windows Live

2008-05-25 17:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-25 17:52 --------- d-----w C:\ProgramData\WLInstaller

2008-05-25 17:33 --------- d-----w C:\ProgramData\Uninstall

2008-05-25 17:32 --------- d-----w C:\Program Files\Roxio

2008-05-25 17:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-05-25 17:31 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-05-25 17:31 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-05-25 17:28 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-05-25 17:27 --------- d-----w C:\ProgramData\Sonic

2008-05-25 17:25 --------- d-----w C:\Users\Christoffer\AppData\Roaming\InstallShield

2008-05-25 17:15 --------- d-----w C:\Program Files\Teamspeak2_RC2

2008-05-24 23:31 --------- d-----w C:\Program Files\Ventrilo

2008-05-23 15:48 --------- d-----w C:\Program Files\Microsoft.NET

2008-05-22 14:21 --------- d-----w C:\Users\Christoffer\AppData\Roaming\Ubisoft

2008-05-22 13:34 669,184 ----a-w C:\Windows\System32\pbsvc.exe

2008-05-22 13:34 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-05-22 13:34 22,328 ----a-w C:\Users\Christoffer\AppData\Roaming\PnkBstrK.sys

2008-05-22 13:34 --------- d-----w C:\ProgramData\Media Center Programs

2008-05-22 13:27 --------- d-----w C:\Program Files\LimeWire

2008-05-22 13:20 --------- d-----w C:\Program Files\Electronic Arts

2008-05-22 13:01 --------- d-----w C:\Program Files\Rockstar Games

2008-05-22 12:54 --------- d-----w C:\Program Files\Sun

2008-05-22 12:54 --------- d-----w C:\Program Files\Java

2008-05-22 12:53 --------- d-----w C:\Program Files\Common Files\Java

2008-05-22 12:41 --------- d-----w C:\Users\Christoffer\AppData\Roaming\PC Suite

2008-05-22 12:41 --------- d-----w C:\ProgramData\PC Suite

2008-05-22 11:35 --------- d-----w C:\Program Files\Postal2STP

2008-05-22 10:49 --------- d-----w C:\Users\Christoffer\AppData\Roaming\vlc

2008-05-22 10:49 --------- d-----w C:\Program Files\VideoLAN

2008-05-22 10:39 --------- d-----w C:\Program Files\Nokia

2008-05-22 10:39 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-05-22 10:39 --------- d-----w C:\Program Files\Common Files\Nokia

2008-05-22 10:37 --------- d-----w C:\ProgramData\Downloaded Installations

2008-05-22 10:23 --------- d-----w C:\Program Files\uTorrent

2008-05-22 10:18 --------- d-----w C:\Program Files\EA GAMES

2008-05-22 09:53 --------- d-----w C:\Program Files\Alwil Software

2008-05-22 09:47 --------- d-----w C:\ProgramData\InstallShield

2008-05-22 09:47 --------- d-----w C:\ProgramData\eSellerate

2008-05-22 09:47 --------- d-----w C:\Program Files\Western Digital

2008-05-22 09:47 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-22 09:45 --------- d-----w C:\Program Files\Western Digital Technologies

2008-05-22 09:36 174 --sha-w C:\Program Files\desktop.ini

2008-05-22 09:33 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-22 09:33 --------- d-----w C:\Program Files\Windows Defender

2008-05-22 09:33 --------- d-----w C:\Program Files\Windows Calendar

2008-05-22 09:30 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-05-22 09:30 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-05-22 09:30 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-05-22 09:30 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-05-22 09:28 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-05-22 09:28 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-05-22 09:28 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-05-22 09:26 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-05-22 09:26 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-05-22 09:26 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-05-22 09:26 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-05-22 09:26 104,448 ----a-w C:\Windows\System32\DWWIN.EXE

2008-05-22 09:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-06-06_19.30.58,98 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-22 09:19:37 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

+ 2008-04-25 04:23:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

+ 2008-06-10 13:43:24 88,776 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-06-10 13:43:24 101,064 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

- 2006-11-02 12:35:33 136,192 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe

+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe

- 2008-05-22 09:18:17 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll

+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll

- 2008-05-22 09:18:15 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe

+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe

- 2008-05-22 09:18:17 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll

+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll

- 2008-05-22 09:18:15 4,370,432 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll

+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll

- 2008-05-22 09:18:15 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll

+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll

- 2008-05-22 09:18:15 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll

+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll

- 2008-05-22 09:18:16 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll

+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll

- 2008-06-06 17:11:24 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-07-07 18:59:50 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-07-07 18:58:04 2,459 ----a-w C:\Windows\bthservsdp.dat

- 2008-05-22 09:18:16 21,504 ----a-w C:\Windows\ehome\ehdebug.dll

+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\ehome\ehdebug.dll

- 2008-05-22 09:18:17 864,256 ----a-w C:\Windows\ehome\ehepg.dll

+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\ehome\ehepg.dll

- 2008-05-22 09:18:15 135,168 ----a-w C:\Windows\ehome\ehexthost.exe

+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\ehome\ehexthost.exe

- 2006-11-02 12:35:32 372,224 ----a-w C:\Windows\ehome\ehglid.dll

+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\ehome\ehglid.dll

- 2008-05-22 09:18:17 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll

+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll

- 2008-05-22 09:18:15 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll

+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll

- 2008-05-22 09:18:17 252,416 ----a-w C:\Windows\ehome\ehReplay.dll

+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\ehome\ehReplay.dll

- 2008-05-22 09:18:16 10,094,080 ----a-w C:\Windows\ehome\ehres.dll

+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\ehome\ehres.dll

- 2008-05-22 09:18:15 4,370,432 ----a-w C:\Windows\ehome\ehshell.dll

+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\ehome\ehshell.dll

- 2008-05-22 09:18:16 18,944 ----a-w C:\Windows\ehome\ehtrace.dll

+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\ehome\ehtrace.dll

- 2008-05-22 09:18:16 517,120 ----a-w C:\Windows\ehome\ehui.dll

+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\ehome\ehui.dll

- 2008-05-22 09:18:14 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll

+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll

- 2008-05-22 09:18:17 6,656 ----a-w C:\Windows\ehome\McrMgr.dll

+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\ehome\McrMgr.dll

- 2008-05-22 09:18:17 173,056 ----a-w C:\Windows\ehome\McrMgr.exe

+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\ehome\McrMgr.exe

- 2006-11-02 12:35:33 136,192 ----a-w C:\Windows\ehome\mcupdate.exe

+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\ehome\mcupdate.exe

- 2008-05-22 09:18:16 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll

+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll

- 2008-05-22 09:18:15 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll

+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll

- 2008-05-22 09:18:15 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll

+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll

- 2008-05-22 09:36:57 665,600 ----a-w C:\Windows\inf\drvindex.dat

+ 2008-06-11 11:33:44 665,600 ----a-w C:\Windows\inf\drvindex.dat

- 2008-05-25 17:54:29 51,200 ----a-w C:\Windows\inf\infpub.dat

+ 2008-06-13 10:31:36 51,200 ----a-w C:\Windows\inf\infpub.dat

- 2008-05-25 17:54:29 86,016 ----a-w C:\Windows\inf\infstor.dat

+ 2008-06-11 11:33:44 86,016 ----a-w C:\Windows\inf\infstor.dat

- 2008-05-25 17:54:29 86,016 ----a-w C:\Windows\inf\infstrng.dat

+ 2008-06-11 11:33:49 86,016 ----a-w C:\Windows\inf\infstrng.dat

+ 2003-07-15 09:13:58 166,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL

+ 2003-07-15 04:43:20 87,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL

+ 2003-07-15 01:14:28 350,264 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL

+ 2003-07-15 09:18:12 47,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE

+ 2003-07-26 00:57:20 75,832 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL

+ 2003-07-31 21:19:52 131,648 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL

+ 2003-08-13 08:34:38 10,073,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE

+ 2003-08-03 16:56:16 1,146,184 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\FM20.DLL

+ 2003-07-24 05:01:40 1,949,240 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL

+ 2003-07-15 05:36:14 186,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL

+ 2003-07-26 01:00:16 1,157,696 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL

+ 2003-07-26 01:14:50 799,288 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL

+ 2003-07-15 05:11:42 2,139,192 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE

+ 2003-07-14 20:57:44 87,096 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL

+ 2003-07-15 04:53:50 161,336 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL

+ 2003-07-24 04:32:32 121,400 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL

+ 2003-08-01 21:07:36 4,815,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE

+ 2003-05-28 21:42:48 514,680 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL

+ 2003-06-18 23:31:44 758,784 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL

+ 2003-06-18 23:31:48 17,920 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL

+ 2003-06-18 23:31:48 18,944 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL

+ 2003-06-18 23:31:46 35,328 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL

+ 2003-06-18 23:31:34 443,904 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL

+ 2003-05-28 21:42:50 342,616 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL

+ 2003-07-15 04:46:08 176,696 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL

+ 2003-08-15 06:54:08 6,627,392 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE

+ 2003-07-15 09:13:58 130,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL

+ 2003-07-14 20:58:04 230,968 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL

+ 2003-07-15 04:51:50 116,288 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL

+ 2002-12-17 17:08:50 359,600 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL

+ 2002-12-17 17:08:54 1,383,592 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL

+ 2003-07-15 09:14:00 139,328 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL

+ 2003-08-08 06:23:16 12,172,336 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSO.DLL

+ 2003-07-15 01:14:18 106,552 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL

+ 2003-07-23 20:35:26 127,032 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL

+ 2002-12-17 17:09:24 2,071,752 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL

+ 2003-06-18 23:31:24 1,033,216 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL

+ 2003-07-28 18:24:40 5,677,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE

+ 2003-07-15 05:02:14 627,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE

+ 2003-07-15 04:56:24 124,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE

+ 2003-07-24 04:40:00 482,872 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL

+ 2003-07-15 09:14:26 283,696 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OIS.EXE

+ 2003-07-15 09:14:26 828,472 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL

+ 2003-07-15 09:14:26 27,192 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL

+ 2003-07-15 04:41:56 24,640 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL

+ 2003-08-10 05:06:42 7,522,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL

+ 2003-07-15 04:44:32 88,128 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL

+ 2003-07-15 04:45:18 196,152 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE

+ 2003-07-15 04:43:48 139,320 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL

+ 2003-07-15 04:43:18 64,056 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL

+ 2003-08-04 19:19:34 7,330,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL

+ 2003-08-01 21:09:04 8,086,072 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL

+ 2003-07-30 18:40:40 6,133,312 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE

+ 2003-07-15 09:18:54 430,136 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL

+ 2003-07-31 21:21:08 1,782,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE

+ 2003-07-15 04:40:26 130,104 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL

+ 2003-07-15 04:51:12 604,728 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL

+ 2003-07-15 04:50:26 551,480 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL

+ 2003-07-15 04:42:26 37,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL

+ 2003-07-15 04:43:30 74,288 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\RM.DLL

+ 2003-08-06 19:26:18 445,488 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\SOA.DLL

+ 2003-08-03 16:52:32 2,808,376 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL

+ 2003-07-15 05:00:22 99,904 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL

+ 2003-07-03 21:19:36 2,502,656 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL

+ 2003-08-06 19:24:20 12,037,688 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE

+ 2005-03-17 12:32:42 88,264 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\ADDRPARS.DLL

+ 2005-03-17 12:32:40 77,000 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\DLGSETP.DLL

+ 2005-03-25 14:27:18 132,296 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\ENVELOPE.DLL

+ 2005-05-26 23:06:54 10,095,808 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\EXCEL.EXE

+ 2005-03-17 12:36:34 161,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\IETAG.DLL

+ 2005-03-17 12:32:46 122,056 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\IMPMAIL.DLL

+ 2005-07-22 15:47:14 12,242,624 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\MSO.DLL

+ 2005-07-05 10:08:18 5,685,440 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\MSPUB.EXE

+ 2005-07-22 15:27:10 7,605,960 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\OUTLLIB.DLL

+ 2005-04-25 11:29:56 92,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\OUTLMIME.DLL

+ 2005-07-05 10:14:28 196,296 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\OUTLOOK.EXE

+ 2005-03-17 12:32:50 141,000 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\OUTLPH.DLL

+ 2005-03-31 11:21:32 64,200 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\OUTLRPC.DLL

+ 2005-03-17 12:01:56 130,752 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\PRTF9.DLL

+ 2005-03-17 12:02:04 605,376 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\PTXT9.DLL

+ 2005-03-17 12:02:02 555,720 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\PUBCONV.DLL

+ 2005-03-17 12:32:40 74,944 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\RM.DLL

+ 2005-05-26 23:27:34 100,552 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\TRANSMGR.DLL

+ 2004-05-24 17:45:10 2,482,176 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\VBE6.DLL

+ 2005-07-22 15:21:40 12,061,896 ----a-r C:\Windows\Installer\$PatchCache$\Managed\4140110900063D11C8EF10054038389C\11.0.7969\WINWORD.EXE

- 2008-05-26 12:13:24 593,920 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-06-11 11:17:25 593,920 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-05-26 12:13:24 12,288 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-06-11 11:17:25 12,288 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-05-26 12:13:24 86,016 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-06-11 11:17:25 86,016 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-05-26 12:13:24 135,168 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-06-11 11:17:25 135,168 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-05-26 12:13:24 11,264 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-06-11 11:17:25 11,264 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-05-26 12:13:24 27,136 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-06-11 11:17:25 27,136 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-05-26 12:13:24 4,096 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-06-11 11:17:25 4,096 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-05-26 12:13:24 794,624 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-06-11 11:17:25 794,624 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-05-26 12:13:24 249,856 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-06-11 11:17:25 249,856 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-05-26 12:13:24 61,440 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-06-11 11:17:25 61,440 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-05-26 12:13:24 23,040 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-06-11 11:17:25 23,040 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-05-26 12:13:24 286,720 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-06-11 11:17:25 286,720 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-05-26 12:13:24 409,600 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-06-11 11:17:25 409,600 ----a-r C:\Windows\Installer\{90110414-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-06-13 06:02:23 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe

+ 2008-06-22 22:25:39 61,440 ----a-r C:\Windows\Installer\{E0F07676-2C60-4465-A727-20DE3BFCABAC}\NewShortcut15_E0F076762C604465A72720DE3BFCABAC.exe

+ 2008-06-22 22:25:39 61,440 ----a-r C:\Windows\Installer\{E0F07676-2C60-4465-A727-20DE3BFCABAC}\NewShortcut2_E0F076762C604465A72720DE3BFCABAC.exe

- 2000-08-31 06:00:00 28,160 ----a-w C:\Windows\Nircmd.exe

+ 2000-08-31 06:00:00 28,672 ----a-w C:\Windows\Nircmd.exe

- 2008-06-06 17:11:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-07-07 18:59:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-06-06 17:11:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-07-07 18:59:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-06-06 17:13:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-07-07 19:01:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-07-07 19:01:45 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-06-06 17:13:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-07-07 19:01:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-07-07 19:01:40 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-05-22 09:19:37 124,928 ----a-w C:\Windows\System32\advpack.dll

+ 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\System32\advpack.dll

- 2008-06-06 17:11:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-07-07 19:00:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-06-06 17:11:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-07-07 19:00:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-06-06 17:11:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-07-07 19:00:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-06-06 17:29:16 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-07-07 20:35:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-07-07 20:35:51 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

+ 2006-12-15 15:09:24 8,704 ----a-w C:\Windows\System32\drivers\Amfilter.sys

+ 2006-05-09 08:27:30 13,824 ----a-w C:\Windows\System32\drivers\Amps2prt.sys

+ 2006-12-15 15:09:50 13,824 ----a-w C:\Windows\System32\drivers\Amusbprt.sys

- 2008-05-22 09:04:55 19,456 ----a-w C:\Windows\System32\drivers\bthenum.sys

+ 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\System32\drivers\bthenum.sys

- 2008-05-22 09:04:55 220,160 ----a-w C:\Windows\System32\drivers\bthport.sys

+ 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\System32\drivers\bthport.sys

- 2008-05-22 09:04:55 29,184 ----a-w C:\Windows\System32\drivers\BTHUSB.SYS

+ 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\System32\drivers\BTHUSB.SYS

+ 2006-05-29 06:26:38 127,488 ----a-w C:\Windows\System32\drivers\nmwcd.sys

+ 2006-05-29 06:26:36 8,704 ----a-w C:\Windows\System32\drivers\nmwcdc.sys

+ 2006-05-29 06:26:36 13,312 ----a-w C:\Windows\System32\drivers\nmwcdcj.sys

+ 2006-05-29 06:26:36 13,312 ----a-w C:\Windows\System32\drivers\nmwcdcm.sys

- 2006-11-02 08:57:12 113,664 ----a-w C:\Windows\System32\drivers\rmcast.sys

+ 2008-05-10 01:21:06 113,664 ----a-w C:\Windows\System32\drivers\rmcast.sys

+ 2006-12-15 15:09:24 8,704 ------w C:\Windows\System32\DriverStore\FileRepository\amouse.inf_096e6514\Amfilter.sys

+ 2006-05-09 08:27:30 13,824 ------w C:\Windows\System32\DriverStore\FileRepository\amouse.inf_096e6514\Amps2prt.sys

+ 2006-12-15 15:09:50 13,824 ------w C:\Windows\System32\DriverStore\FileRepository\amouse.inf_096e6514\Amusbprt.sys

+ 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\bthenum.sys

+ 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\bthport.sys

+ 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\BTHUSB.SYS

+ 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\fsquirt.exe

- 2008-05-22 09:19:37 347,136 ----a-w C:\Windows\System32\dxtmsft.dll

+ 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\System32\dxtmsft.dll

- 2008-05-22 09:19:37 214,528 ----a-w C:\Windows\System32\dxtrans.dll

+ 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\System32\dxtrans.dll

- 2006-11-02 12:34:48 428,032 ----a-w C:\Windows\System32\EncDec.dll

+ 2008-04-23 04:27:00 428,032 ----a-w C:\Windows\System32\EncDec.dll

- 2003-08-03 16:56:16 1,146,184 ----a-w C:\Windows\System32\FM20.DLL

+ 2005-03-17 12:39:58 1,146,320 ----a-w C:\Windows\System32\FM20.DLL

- 2008-05-25 18:42:20 355,496 ----a-w C:\Windows\System32\FNTCACHE.DAT

+ 2008-06-10 13:55:50 356,144 ----a-w C:\Windows\System32\FNTCACHE.DAT

- 2008-05-22 09:04:55 181,760 ----a-w C:\Windows\System32\fsquirt.exe

+ 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\System32\fsquirt.exe

- 2008-05-22 09:19:33 63,488 ----a-w C:\Windows\System32\icardie.dll

+ 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\System32\icardie.dll

- 2008-05-22 09:19:31 70,656 ----a-w C:\Windows\System32\ie4uinit.exe

+ 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\System32\ie4uinit.exe

- 2008-05-22 09:19:37 383,488 ----a-w C:\Windows\System32\ieapfltr.dll

+ 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\System32\ieapfltr.dll

- 2008-05-22 09:19:36 6,066,176 ----a-w C:\Windows\System32\ieframe.dll

+ 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\System32\ieframe.dll

- 2008-05-22 09:19:31 44,544 ----a-w C:\Windows\System32\iernonce.dll

+ 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\System32\iernonce.dll

- 2008-05-22 09:19:31 56,320 ----a-w C:\Windows\System32\iesetup.dll

+ 2008-04-25 04:23:06 56,320 ----a-w C:\Windows\System32\iesetup.dll

- 2008-05-22 09:19:36 180,736 ----a-w C:\Windows\System32\ieui.dll

+ 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\System32\ieui.dll

- 2008-05-22 09:19:32 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

+ 2008-04-25 04:22:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

- 2008-05-22 09:19:37 27,648 ----a-w C:\Windows\System32\jsproxy.dll

+ 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\System32\jsproxy.dll

- 2008-05-22 09:18:13 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

+ 2008-04-23 04:27:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

- 2003-06-18 23:31:48 17,920 ----a-w C:\Windows\System32\mdimon.dll

+ 2004-03-22 13:17:06 24,816 ----a-w C:\Windows\System32\mdimon.dll

- 2008-05-22 09:19:37 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll

+ 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll

- 2008-05-09 12:35:06 16,863,864 ----a-w C:\Windows\System32\mrt.exe

+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe

- 2008-05-22 09:19:34 3,591,680 ----a-w C:\Windows\System32\mshtml.dll

+ 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\System32\mshtml.dll

- 2008-05-22 09:19:35 478,208 ----a-w C:\Windows\System32\mshtmled.dll

+ 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\System32\mshtmled.dll

- 2008-05-22 09:19:33 671,232 ----a-w C:\Windows\System32\mstime.dll

+ 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\System32\mstime.dll

+ 2008-06-21 18:42:19 2,456 ----a-w C:\Windows\System32\networklist\icons\{56C85375-19BD-48D8-8959-815F320FB548}_24.bin

+ 2008-06-21 18:42:19 4,280 ----a-w C:\Windows\System32\networklist\icons\{56C85375-19BD-48D8-8959-815F320FB548}_32.bin

+ 2008-06-21 18:42:19 9,560 ----a-w C:\Windows\System32\networklist\icons\{56C85375-19BD-48D8-8959-815F320FB548}_48.bin

+ 2008-06-06 17:41:41 2,456 ----a-w C:\Windows\System32\networklist\icons\{F9ED046D-5989-4512-905B-D01235186144}_24.bin

+ 2008-06-06 17:41:41 4,280 ----a-w C:\Windows\System32\networklist\icons\{F9ED046D-5989-4512-905B-D01235186144}_32.bin

+ 2008-06-06 17:41:41 9,560 ----a-w C:\Windows\System32\networklist\icons\{F9ED046D-5989-4512-905B-D01235186144}_48.bin

+ 2006-05-29 06:26:36 30,720 ----a-w C:\Windows\System32\nmwcdcocls.dll

+ 2006-05-29 06:26:34 4,608 ----a-w C:\Windows\System32\nmwcdlog.dll

- 2008-06-06 17:18:07 107,416 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-07-07 19:06:23 107,416 ----a-w C:\Windows\System32\perfc009.dat

- 2008-06-06 17:18:07 83,248 ----a-w C:\Windows\System32\perfc014.dat

+ 2008-07-07 19:06:23 83,248 ----a-w C:\Windows\System32\perfc014.dat

- 2008-06-06 17:18:07 618,272 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-07-07 19:06:23 618,272 ----a-w C:\Windows\System32\perfh009.dat

- 2008-06-06 17:18:07 484,520 ----a-w C:\Windows\System32\perfh014.dat

+ 2008-07-07 19:06:23 484,520 ----a-w C:\Windows\System32\perfh014.dat

- 2008-05-22 09:19:31 44,544 ----a-w C:\Windows\System32\pngfilt.dll

+ 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\System32\pngfilt.dll

- 2006-11-02 12:34:47 292,352 ----a-w C:\Windows\System32\psisdecd.dll

+ 2008-04-23 04:27:04 292,352 ----a-w C:\Windows\System32\psisdecd.dll

- 2008-05-22 09:25:00 1,327,104 ----a-w C:\Windows\System32\quartz.dll

+ 2008-04-26 08:02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll

- 2008-05-27 22:56:42 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2008-06-25 19:03:11 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2003-06-18 23:31:44 758,784 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\mdigraph.dll

+ 2004-03-22 13:17:04 765,680 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\mdigraph.dll

- 2003-06-18 23:31:46 35,328 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\mdiui.dll

+ 2004-03-22 13:17:10 42,224 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\mdiui.dll

- 2003-06-18 23:31:44 758,784 ----a-w C:\Windows\System32\spool\drivers\w32x86\mdigraph.dll

+ 2004-03-22 13:17:04 765,680 ----a-w C:\Windows\System32\spool\drivers\w32x86\mdigraph.dll

- 2003-06-18 23:31:46 35,328 ----a-w C:\Windows\System32\spool\drivers\w32x86\mdiui.dll

+ 2004-03-22 13:17:10 42,224 ----a-w C:\Windows\System32\spool\drivers\w32x86\mdiui.dll

- 2003-06-18 23:31:48 18,944 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

+ 2004-03-22 13:17:08 25,840 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

- 2008-05-22 09:19:31 1,159,680 ----a-w C:\Windows\System32\urlmon.dll

+ 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\System32\urlmon.dll

- 2008-06-06 17:13:37 5,512 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2565768173-1535021507-2450870242-1000_UserData.bin

+ 2008-07-07 19:02:06 6,080 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2565768173-1535021507-2450870242-1000_UserData.bin

- 2008-06-06 17:13:37 57,116 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-07-07 19:02:06 62,962 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-06-06 17:13:35 30,232 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-07-07 19:02:04 32,394 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-05-22 09:19:37 826,368 ----a-w C:\Windows\System32\wininet.dll

+ 2008-04-25 04:23:11 826,368 ----a-w C:\Windows\System32\wininet.dll

- 2006-11-02 09:46:14 14,848 ----a-w C:\Windows\System32\wshrm.dll

+ 2008-05-10 03:30:50 14,848 ----a-w C:\Windows\System32\wshrm.dll

- 2008-05-27 22:23:22 750,423 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-06-25 19:03:01 17,034,720 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\ehepg.dll

+ 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\ehepg.dll

+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\ehexthost.exe

+ 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\ehexthost.exe

+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\ehiExtens.dll

+ 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\ehiExtens.dll

+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\ehshell.dll

+ 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\ehshell.dll

+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\ehshell.dll

+ 2008-04-23 04:36:58 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\ehshell.dll

+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89b

\Microsoft.MediaCenter.Shell.dll

+ 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03

\Microsoft.MediaCenter.Shell.dll

+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\Microsoft.MediaCenter.UI.dll

+ 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\Microsoft.MediaCenter.UI.dll

+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\Microsoft.MediaCenter.UI.dll

+ 2008-04-23 04:37:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\Microsoft.MediaCenter.UI.dll

+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\Microsoft.MediaCenter.dll

+ 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\Microsoft.MediaCenter.dll

+ 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthenum.sys

+ 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthport.sys

+ 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\BTHUSB.SYS

+ 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\fsquirt.exe

+ 2008-04-29 01:35:24 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthenum.sys

+ 2008-04-29 01:35:25 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthport.sys

+ 2008-04-29 01:35:23 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\BTHUSB.SYS

+ 2008-04-29 01:35:24 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\fsquirt.exe

+ 2008-01-19 05:53:38 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthenum.sys

+ 2008-04-29 01:42:23 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthport.sys

+ 2008-04-29 01:42:21 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\BTHUSB.SYS

+ 2008-04-29 03:54:02 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\fsquirt.exe

+ 2008-04-29 01:43:50 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthenum.sys

+ 2008-04-29 01:43:50 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthport.sys

+ 2008-04-29 01:43:48 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\BTHUSB.SYS

+ 2008-04-29 01:43:51 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\fsquirt.exe

+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\mcupdate.exe

+ 2008-04-23 14:13:03 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\mcupdate.exe

+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\mcupdate.exe

+ 2008-04-23 04:37:28 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\mcupdate.exe

+ 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16681_none_a98fa7bdf5e9f5de\advpack.dll

+ 2008-04-25 04:06:14 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20823_none_aa5c268b0ed51dd7\advpack.dll

+ 2008-04-26 08:02:05 1,327,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16681_none_a4347a24f0ff937a\quartz.dll

+ 2008-04-26 07:41:59 1,327,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.20823_none_a500f8f209eabb73\quartz.dll

+ 2008-04-26 08:08:15 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18063_none_a6325936ee141f37\quartz.dll

+ 2008-04-26 07:57:58 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22167_none_a6bff72a072e245d\quartz.dll

+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\ehReplay.dll

+ 2008-04-23 05:11:36 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\ehReplay.dll

+ 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\ehReplay.dll

+ 2008-04-23 04:30:25 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\ehReplay.dll

+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.dll

+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.exe

+ 2008-04-23 05:11:51 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.dll

+ 2008-04-23 03:56:48 172,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.exe

+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\ehdebug.dll

+ 2008-04-23 05:11:35 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\ehdebug.dll

+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\ehglid.dll

+ 2008-04-23 05:11:35 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\ehglid.dll

+ 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\ehglid.dll

+ 2008-04-23 04:30:24 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\ehglid.dll

+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\ehPresenter.dll

+ 2008-04-23 05:11:36 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\ehPresenter.dll

+ 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\ehPresenter.dll

+ 2008-04-23 04:30:25 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\ehPresenter.dll

+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\ehres.dll

+ 2008-04-23 05:11:36 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\ehres.dll

+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\ehtrace.dll

+ 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\ehtrace.dll

+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\ehui.dll

+ 2008-04-23 05:11:36 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\ehui.dll

+ 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\ehui.dll

+ 2008-04-23 04:30:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\ehui.dll

+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\ehuihlp.dll

+ 2008-04-23 05:11:36 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\ehuihlp.dll

+ 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16681_none_eb8ab16d1682dbdd\pngfilt.dll

+ 2008-04-25 04:09:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20823_none_ec57303a2f6e03d6\pngfilt.dll

+ 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_b2a75a1fd9e35341\urlmon.dll

+ 2008-04-25 04:09:51 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_b373d8ecf2ce7b3a\urlmon.dll

+ 2008-04-25 04:35:19 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_b4a53931d6f7defe\urlmon.dll

+ 2008-04-25 04:21:54 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_b532d724f011e424\urlmon.dll

+ 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16681_none_de89e8e87f8c12b0\mstime.dll

+ 2008-04-25 04:08:10 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20823_none_df5667b598773aa9\mstime.dll

+ 2008-04-25 04:35:16 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18063_none_e087c7fa7ca09e6d\mstime.dll

+ 2008-04-25 04:20:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22167_none_e11565ed95baa393\mstime.dll

+ 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\jsproxy.dll

+ 2008-04-25 04:23:11 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll

+ 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\WininetPlugin.dll

+ 2008-04-25 04:07:19 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\jsproxy.dll

+ 2008-04-25 04:09:57 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll

+ 2008-04-25 04:09:57 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\WininetPlugin.dll

+ 2008-04-25 04:35:13 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\jsproxy.dll

+ 2008-04-25 04:35:23 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll

+ 2008-04-25 04:35:24 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\WininetPlugin.dll

+ 2008-04-25 04:19:00 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\jsproxy.dll

+ 2008-04-25 04:22:01 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll

+ 2008-04-25 04:22:01 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\WininetPlugin.dll

+ 2008-05-22 09:19:37 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16681_none_f956589b6ed7f427\ieapfltr.dat

+ 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16681_none_f956589b6ed7f427\ieapfltr.dll

+ 2008-05-22 09:19:37 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20823_none_fa22d76887c31c20\ieapfltr.dat

+ 2008-04-25 04:07:00 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20823_none_fa22d76887c31c20\ieapfltr.dll

+ 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtmsft.dll

+ 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtrans.dll

+ 2008-04-25 04:06:44 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtmsft.dll

+ 2008-04-25 04:06:44 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtrans.dll

+ 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16681_none_45ed2bab467e2ce2\mshtmled.dll

+ 2008-04-25 04:07:54 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20823_none_46b9aa785f6954db\mshtmled.dll

+ 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16681_none_110754e02542e30a\mshtml.dll

+ 2008-04-25 04:07:54 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20823_none_11d3d3ad3e2e0b03\mshtml.dll

+ 2008-04-25 04:35:14 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18063_none_130533f222576ec7\mshtml.dll

+ 2008-04-25 04:19:50 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22167_none_1392d1e53b7173ed\mshtml.dll

+ 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16681_none_585fc1aa67576f13\icardie.dll

+ 2008-04-25 04:06:59 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20823_none_592c40778042970c\icardie.dll

+ 2008-04-25 04:22:36 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\ieUnatt.exe

+ 2008-04-25 04:22:36 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe

+ 2008-04-25 02:03:49 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\ieUnatt.exe

+ 2008-04-25 02:04:08 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe

+ 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\ie4uinit.exe

+ 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iernonce.dll

+ 2008-04-25 04:23:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iesetup.dll

+ 2008-04-25 02:03:38 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\ie4uinit.exe

+ 2008-04-25 04:07:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iernonce.dll

+ 2008-04-25 04:07:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iesetup.dll

+ 2008-04-25 04:23:06 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16681_none_29ba0dd8684286b9\iebrshim.dll

+ 2008-04-25 04:07:00 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20823_none_2a868ca5812daeb2\iebrshim.dll

+ 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieframe.dll

+ 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieui.dll

+ 2008-04-25 04:07:06 6,068,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieframe.dll

+ 2008-04-25 04:07:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieui.dll

+ 2008-04-25 04:22:36 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16681_none_e6601b6294bbc56f\ieinstal.exe

+ 2008-04-25 02:04:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20823_none_e72c9a2fada6ed68\ieinstal.exe

+ 2008-04-25 04:22:36 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16681_none_0b08507ed7368521\ieuser.exe

+ 2008-04-25 02:04:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20823_none_0bd4cf4bf021ad1a\ieuser.exe

+ 2008-04-23 04:27:01 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\mcmde.dll

+ 2008-04-23 05:11:51 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\mcmde.dll

+ 2008-05-02 22:21:56 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16688_none_f0535e6e6e8d6c76\OESpamFilter.dat

+ 2008-05-02 22:17:48 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20833_none_f10e0b498786feff\OESpamFilter.dat

+ 2008-05-02 22:18:31 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18071_none_f23d6afa6bb23015\OESpamFilter.dat

+ 2008-05-02 22:17:54 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22178_none_f2ce09cb84c98140\OESpamFilter.dat

+ 2008-05-10 01:21:06 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys

+ 2008-05-10 03:30:50 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll

+ 2008-05-10 01:15:20 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys

+ 2008-05-10 03:14:30 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll

+ 2008-05-10 01:33:10 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys

+ 2006-11-02 09:46:14 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll

+ 2008-05-10 01:20:02 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys

+ 2008-05-10 03:22:18 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll

+ 2008-04-23 04:27:00 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\EncDec.dll

+ 2008-04-23 05:11:36 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\EncDec.dll

+ 2008-04-23 04:42:37 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\EncDec.dll

+ 2008-04-23 04:34:41 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\EncDec.dll

+ 2008-04-23 04:27:04 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\psisdecd.dll

+ 2008-04-23 05:12:30 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\psisdecd.dll

+ 2008-04-23 04:42:37 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\psisdecd.dll

+ 2008-04-23 04:34:47 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\psisdecd.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-22 11:21 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 14:21 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-06 14:21 8429568]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-06 14:21 81920]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]

"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 12:37 303104 C:\Windows\sttray.exe]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 15:50 9728 C:\Windows\System32\HCIMNTR.DLL]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=C:\Windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Christoffer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]

path=C:\Users\Christoffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk

backup=C:\Windows\pss\Memeo AutoSync Launcher.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2006-11-28 01:12 2658304 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{D3034BAF-0A2F-4904-959D-0A089FFFCF06}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{7B56F511-2163-4D89-98FB-EF2876921F7F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{0D414694-014B-4C47-9196-29CCBD13FB15}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{3014C372-9812-475C-BE90-2E37CB9C1ECE}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{1E8439E5-36F3-4B52-B89D-D9865B52FF77}C:\\program files\\postal2stp\\system\\postal2.exe"= UDP:C:\program files\postal2stp\system\postal2.exe:Postal2

"UDP Query User{3A15DF79-1FD2-4DDC-BD3C-6C63FB499580}C:\\program files\\postal2stp\\system\\postal2.exe"= TCP:C:\program files\postal2stp\system\postal2.exe:Postal2

"TCP Query User{6116978F-1129-444F-8707-B83FEAEFB866}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{18056159-EB67-4B83-B8D4-63320A51DDE5}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{AB7E3FDB-B995-45EB-B8EB-3FA372DD2072}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{3556BA8B-258B-4DBC-8D58-0F67845D002F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{6AFF1992-4518-437F-8451-FE921912C166}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{874462FB-1ED9-4932-9BE7-E49C28A31950}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{A9AFB9ED-65E5-4075-A5AC-39F113B438EB}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{4CCD9D7A-9428-40C8-A729-AECDE98B96A1}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{D94E9AB2-ECE7-4C8F-BC58-4EFCD3C7FD29}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{1EA7239E-381D-48D2-A32B-206237507D60}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{1431EC66-0041-4DC8-849A-323D44F29747}C:\\users\\christoffer\\desktop\\spill\\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\users\christoffer\desktop\spill\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe

"UDP Query User{FD687846-6EB8-4768-AB83-D883F2622A85}C:\\users\\christoffer\\desktop\\spill\\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\users\christoffer\desktop\spill\[pc] tom clancys rainbow six vegas v1.04 [rip] [dopeman]\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe

"TCP Query User{97DA8C1A-0E23-46C2-A5FD-87802D9EE599}C:\\users\\christoffer\\desktop\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\users\christoffer\desktop\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe

"UDP Query User{0C0742F0-6E72-421F-9E1C-1E07F3EF97F3}C:\\users\\christoffer\\desktop\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\users\christoffer\desktop\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe

"TCP Query User{BA2EDDF2-DC07-44AA-B18A-3570B43AFD2E}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{A6C7F7B1-2F59-41B2-A043-E4CEB7600D72}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{4C66B071-0F8B-414C-A7F9-358F48F54DB1}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{085B888D-4567-442B-BD04-71EE0EFADCDD}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{EE7B20D0-B781-46FF-A274-8E1CB7638427}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{9D5F3EB0-C5CA-4DE9-ABD5-19168E4EBE0E}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"{322F81CA-7BB4-4E1E-A1B2-5627BA5A7657}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{A6900C78-043A-42E8-BEF2-CE98E6D360B9}C:\\users\\christoffer\\desktop\\sniper elite\\sniperelite.exe"= UDP:C:\users\christoffer\desktop\sniper elite\sniperelite.exe:sniperelite.exe

"UDP Query User{37D0ACC8-57A3-4792-9765-E6DA7697AD1C}C:\\users\\christoffer\\desktop\\sniper elite\\sniperelite.exe"= TCP:C:\users\christoffer\desktop\sniper elite\sniperelite.exe:sniperelite.exe

"TCP Query User{4955E280-1C7C-4803-9752-C7E7AEC0F865}C:\\users\\christoffer\\desktop\\sniper elite\\sniperelite.exe"= UDP:C:\users\christoffer\desktop\sniper elite\sniperelite.exe:sniperelite.exe

"UDP Query User{48A0A480-1E7E-4B13-AFCE-2B1767FBB8E1}C:\\users\\christoffer\\desktop\\sniper elite\\sniperelite.exe"= TCP:C:\users\christoffer\desktop\sniper elite\sniperelite.exe:sniperelite.exe

"TCP Query User{27A1D084-F078-45FF-AEF6-2E11C3CE68AD}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"UDP Query User{2322AFBF-5991-444C-8D58-5A6289BB2DB6}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"TCP Query User{68E1ECCE-84A0-4B76-84B0-B5293EF50114}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{43AFDF55-716C-46CC-9489-C6D3DFBC238F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{76363DF2-205F-423F-B532-51F01FE903DA}C:\\program files\\postal2stp\\system\\postal2.exe"= UDP:C:\program files\postal2stp\system\postal2.exe:Postal2

"UDP Query User{09156EB5-41D6-42AC-9D9D-5F4F90E8BE68}C:\\program files\\postal2stp\\system\\postal2.exe"= TCP:C:\program files\postal2stp\system\postal2.exe:Postal2

"TCP Query User{7C6C231B-2BD0-4362-996C-BEF7AC4275F5}C:\\program files\\activision\\thps2\\thawk2.exe"= UDP:C:\program files\activision\thps2\thawk2.exe:THawk2

"UDP Query User{DABF3B2E-2D78-4F0F-AA56-BBABEE7CABC9}C:\\program files\\activision\\thps2\\thawk2.exe"= TCP:C:\program files\activision\thps2\thawk2.exe:THawk2

"TCP Query User{0039332B-B8C9-4DA7-944F-1F237A2FA6F7}C:\\users\\christoffer\\desktop\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= UDP:C:\users\christoffer\desktop\rainbow six vegas 2\binaries\r6vegas2_game.exe:r6vegas2_game.exe

"UDP Query User{C06450AD-6F39-46D2-8F1A-294E199D925C}C:\\users\\christoffer\\desktop\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= TCP:C:\users\christoffer\desktop\rainbow six vegas 2\binaries\r6vegas2_game.exe:r6vegas2_game.exe

"TCP Query User{FA848F86-16C1-4209-8B6D-DEE6601E686A}C:\\users\\christoffer\\desktop\\spill\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= UDP:C:\users\christoffer\desktop\spill\rainbow six vegas 2\binaries\r6vegas2_game.exe:r6vegas2_game.exe

"UDP Query User{2C355D03-0969-47E0-8567-6A7DE8F4424F}C:\\users\\christoffer\\desktop\\spill\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= TCP:C:\users\christoffer\desktop\spill\rainbow six vegas 2\binaries\r6vegas2_game.exe:r6vegas2_game.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-02-04 23:16]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-04 23:16]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-04 23:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08af6695-338d-11dd-9936-0011507dad7a}]

\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18a4faaa-27d7-11dd-a8c1-806e6f6e6963}]

\shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ffd3335-2b0b-11dd-ae95-00197ee67383}]

\shell\AutoRun\command - K:\PlayDiskStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6e3846b-4390-11dd-a53e-00197ee67383}]

\shell\AutoRun\command - L:\setup.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-07-03 17:22:20 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job"

- C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe?Sched RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-WheelMouse - C:\Program Files\A4Tech\Mouse\Amoumain.exe

MSConfigStartUp-Comrade - C:\Program Files\GameSpy\Comrade\Comrade.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-07 22:37:50

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-07 22:38:31

ComboFix-quarantined-files.txt 2008-07-07 20:38:28

ComboFix2.txt 2008-06-06 21:24:06

ComboFix3.txt 2008-06-06 17:31:17

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 372,100,202,496 byte ledig

711 --- E O F --- 2008-07-04 11:13:37

norbat · 7. juli 2008

Ser greit ut dette

Christofferaa · 7. juli 2008

OK. TAKK

Christofferaa · 7. juli 2008

For å personlig få mer kunnskap om denne msn buggen, lurer jeg derfor på om man bare kan "få" viruset hvis man trykker på last ned knappen inne på linken.

Altså, får man viruset BARE av å trykke på linken? man må vel trykke på den beskjeden som kommer opp også, eller?

Takk

r2d290 · 8. juli 2008

Kommer litt an på. I noen tilfeller laster du automatisk ned viruset når du kommer inn på en side. I andre tilfeller må du selv laste det ned. I andre tilfeller igjen, installerer du til og med viruset selv, i tro på at det er et bra program...

[LØST] Hjelp! msn viiiiirus :/

Anbefalte innlegg

Lenke til kommentar

Videoannonse

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer