Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Mijn PC werkt de laatste tijd weer verschrikkelijk traag :s

Ik heb HJT uitgevoerd en hieronder vinden jullie het resultaat. Zou iemand eens willen nakijken of er geen zaken zijn die ik moet verwijderen?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:03:55, on 15/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\WINDOWS\system32\divxsm.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN: home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [synTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC

O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE Uw Norton-programma opnieuw installeren na het uitvoeren van het Norton-verwijderingsprogramma

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hogent.be

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hogent.be

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 11468 bytes

Geplaatst:

Je logje is perfect in orde, daar zitten zeker geen probleemgevallen in. Je werkt natuurlijk wel met Symantec, wat sowieso al een vertragend effect zal hebben, maar dat kan niet alleen de oorzaak zijn. Om zeker te zijn even dieper kijken of er nog wat te ontdekken valt.

Download Combofix en zet het op je Bureaublad.

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

Indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Hang het log van Combofix aan je volgende bericht.

Geplaatst:

Alvast bedankt!

Dit is de log-file die ik kreeg na het uitvoeren van ComboFix:

ComboFix 08-05-12.1 - Nick 2008-05-15 12:43:43.3 - FAT32x86

Gestart vanuit: C:\Documents and Settings\Nick\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\#SharedObjects\F6J5FR5F\iforex.com

C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\#SharedObjects\F6J5FR5F\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Nick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\WINDOWS\system32\fcfgikdi.ini

C:\WINDOWS\system32\fnuxepav.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))

.

2034-03-03 10:21 . 2034-03-03 10:21 <DIR> d-------- C:\Program Files\Mozilla Thunderbird

2008-05-09 17:03 . 2008-05-09 17:03 <DIR> d--hs---- C:\FOUND.003

2008-05-06 15:05 . 2008-05-06 15:05 <DIR> d--hs---- C:\FOUND.002

2008-04-29 12:56 . 2008-04-29 12:56 <DIR> d--hs---- C:\FOUND.001

2008-04-22 18:04 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-04-22 18:04 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-04-22 18:04 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-04-22 12:30 . 2008-04-22 12:30 <DIR> d--hs---- C:\FOUND.000

2008-04-22 12:07 . 2008-04-22 12:07 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

2008-04-15 15:09 . 2008-04-15 15:09 <DIR> d-------- C:\Program Files\ADJ Video Decoder

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-14 16:02 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-04-14 16:02 --------- d-----w C:\Documents and Settings\Nick\Application Data\skypePM

2008-04-14 16:00 --------- d-----w C:\Program Files\Skype

2008-04-14 16:00 --------- d-----w C:\Program Files\Common Files\Skype

2008-04-14 16:00 --------- d-----w C:\Documents and Settings\Nick\Application Data\Skype

2008-04-14 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2008-04-10 19:14 --------- d-----w C:\Documents and Settings\Nick\Application Data\3M

2008-04-07 10:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-07 10:42 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-04-07 10:42 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-04-07 10:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-07 08:27 --------- d-----w C:\Program Files\Norton Internet Security

2008-04-07 08:26 --------- d-----w C:\Program Files\Symantec

2008-04-07 08:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-04-03 16:33 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-02 22:08 --------- d-----w C:\Program Files\Trend Micro

2008-04-02 12:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PrevxCSI

2008-03-27 17:20 --------- d-----w C:\Program Files\Azureus

2008-03-25 17:19 --------- d-----w C:\Program Files\Zattoo

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-22 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus

2008-03-22 09:41 --------- d-----w C:\Documents and Settings\Nick\Application Data\Azureus

2008-03-21 07:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk

2008-03-20 18:32 --------- d-----w C:\Program Files\PowerDataRecovery

2008-03-20 11:44 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-03-20 11:44 47,360 ----a-w C:\Documents and Settings\Nick\Application Data\pcouffin.sys

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:58 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-04-19 08:43 87,608 ----a-w C:\Documents and Settings\Nick\Application Data\ezpinst.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-03_12.57.24.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-20 08:01:24 1,846,016 ------w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys

+ 2007-03-06 01:58:22 15,584 ------w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe

+ 2007-03-06 01:58:22 22,752 ------w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll

+ 2007-03-06 01:58:46 725,728 ------w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll

- 2007-03-06 00:58:22 15,584 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll

+ 2007-03-06 01:58:22 15,584 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll

- 2007-03-06 00:58:28 216,800 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe

- 2007-03-06 00:58:22 22,752 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll

+ 2007-03-06 01:58:22 22,752 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll

- 2007-03-06 00:58:46 725,728 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe

+ 2007-03-06 01:58:46 725,728 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe

- 2007-03-06 00:59:38 389,856 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll

+ 2008-02-20 05:23:40 147,968 ------w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll

+ 2008-02-20 18:53:42 45,568 ------w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll

+ 2007-03-06 01:58:22 15,584 ------w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe

+ 2007-03-06 01:58:22 22,752 ------w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll

+ 2007-03-06 01:58:46 725,728 ------w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll

+ 2008-03-01 12:49:06 124,928 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll

+ 2008-03-01 12:49:06 347,136 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll

+ 2008-03-01 12:49:08 214,528 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll

+ 2008-03-01 12:49:08 132,608 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll

+ 2008-03-01 12:49:08 63,488 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll

+ 2008-02-22 09:39:56 70,656 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe

+ 2008-03-01 12:49:08 153,088 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll

+ 2008-03-01 12:49:08 230,400 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll

+ 2008-02-15 05:44:26 161,792 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat

+ 2008-03-01 12:49:08 383,488 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll

+ 2008-03-01 12:49:08 388,608 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll

+ 2008-03-01 12:49:12 6,067,712 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll

+ 2008-03-01 12:49:12 44,544 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll

+ 2008-03-01 12:49:12 267,776 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll

+ 2008-02-22 09:39:56 13,824 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe

+ 2008-02-22 09:40:22 625,664 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

+ 2008-03-01 12:49:12 27,648 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll

+ 2008-03-01 12:49:14 459,264 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll

+ 2008-03-01 12:49:14 52,224 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll

+ 2008-03-01 12:49:18 3,593,216 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

+ 2008-03-01 12:49:20 478,208 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll

+ 2008-03-01 12:49:20 193,024 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll

+ 2008-03-01 12:49:22 671,232 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll

+ 2008-03-01 12:49:22 102,912 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll

+ 2008-03-01 12:49:22 44,544 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll

+ 2008-03-01 12:49:22 105,984 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll

+ 2008-03-01 12:49:22 1,162,752 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll

+ 2008-03-01 12:49:22 233,472 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll

+ 2008-03-01 12:49:24 827,392 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

+ 2007-03-06 01:58:22 15,584 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe

+ 2007-03-06 01:58:22 22,752 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll

+ 2007-03-06 01:58:46 725,728 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll

+ 2008-02-20 06:53:40 282,624 ------w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll

+ 2007-03-06 01:58:22 15,584 ------w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe

+ 2007-03-06 01:58:22 22,752 ------w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll

+ 2007-03-06 01:58:46 725,728 ------w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll

+ 2007-03-06 01:58:22 15,584 ------w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe

+ 2007-03-06 01:58:22 22,752 ------w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll

+ 2007-03-06 01:58:46 725,728 ------w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll

+ 2007-03-08 15:38:00 1,843,712 ------w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys

+ 2006-06-26 17:45:40 148,480 ------w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll

+ 2004-08-04 03:00:00 45,568 ------w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll

+ 2007-06-19 13:33:12 282,112 ------w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll

+ 2008-05-15 10:36:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2007-03-13 12:47:06 325,232 ----a-w C:\WINDOWS\Downloaded Program Files\clt05PIN.dll

+ 2007-03-13 12:47:04 177,776 ----a-w C:\WINDOWS\Downloaded Program Files\clt06PIN.dll

+ 2008-01-18 10:17:22 204,800 ----a-w C:\WINDOWS\Downloaded Program Files\InstallerControl.dll

+ 2007-03-13 12:47:00 333,424 ----a-w C:\WINDOWS\Downloaded Program Files\nprdtinf.dll

+ 2006-12-06 07:11:48 224,768 ----a-w C:\WINDOWS\Downloaded Program Files\symdlmgr.dll

- 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe

+ 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe

+ 2007-12-07 01:18:00 124,928 ------w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll

+ 2007-12-19 21:57:24 347,136 ------w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll

+ 2007-12-07 01:18:00 214,528 ------w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll

+ 2007-12-07 01:18:00 133,120 ------w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll

+ 2007-12-07 01:18:00 63,488 ------w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll

+ 2007-12-06 10:04:24 70,656 ------w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe

+ 2007-12-07 01:18:00 153,088 ------w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll

+ 2007-12-07 01:18:00 230,400 ------w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll

+ 2007-12-06 03:59:52 161,792 ------w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll

+ 2007-12-07 01:18:02 383,488 ------w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll

+ 2007-12-07 01:18:02 384,512 ------w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll

+ 2007-12-07 01:18:04 6,066,176 ------w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll

+ 2007-12-07 01:18:04 44,544 ------w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll

+ 2007-12-07 01:18:04 267,776 ------w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll

+ 2007-12-06 10:00:58 13,824 ------w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe

+ 2007-12-06 10:04:44 625,664 ------w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe

+ 2007-12-07 01:18:04 27,648 ------w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll

+ 2007-12-07 01:18:04 459,264 ------w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll

+ 2007-12-07 01:18:04 52,224 ------w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll

+ 2007-12-08 04:18:08 3,592,192 ------w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll

+ 2007-12-07 01:18:06 478,208 ------w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll

+ 2007-12-07 01:18:06 193,024 ------w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll

+ 2007-12-07 01:18:06 671,232 ------w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll

+ 2007-12-07 01:18:08 102,912 ------w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll

+ 2008-01-11 04:52:56 44,544 ------w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll

+ 2007-03-06 01:58:28 216,800 ------w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:59:38 389,856 ------w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll

+ 2007-12-07 01:18:08 105,984 ------w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll

+ 2007-12-07 01:18:08 1,159,680 ------w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll

+ 2007-12-07 01:18:08 233,472 ------w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll

+ 2007-12-07 01:18:08 824,832 ------w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

+ 2006-10-27 13:04:08 497,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL

+ 2006-10-27 13:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE

+ 2006-10-26 18:09:36 136,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL

+ 2006-10-27 13:04:06 624,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL

+ 2006-10-26 18:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL

+ 2006-10-26 21:00:12 1,841,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL

+ 2006-10-27 13:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE

+ 2006-10-27 13:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL

- 2008-03-13 10:59:42 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2008-05-15 06:30:14 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0413-0000-0000000FF1CE}\O12ConvIcon.exe

- 2008-03-13 11:00:20 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-05-15 06:46:42 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-03-13 11:00:20 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-05-15 06:46:44 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-03-13 11:00:20 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-05-15 06:46:44 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-03-13 11:00:20 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-05-15 06:46:44 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-03-13 11:00:20 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-05-15 06:46:44 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-03-13 11:00:20 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-05-15 06:46:44 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-03-13 11:00:22 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-05-15 06:46:44 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-03-13 11:00:20 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-05-15 06:46:44 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-03-13 11:00:20 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-05-15 06:46:44 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-03-13 11:00:20 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-05-15 06:46:44 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-03-13 11:00:22 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-05-15 06:46:44 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-03-13 11:00:20 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-05-15 06:46:42 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-01-24 17:38:16 12,288 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-04-03 13:47:32 12,288 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-01-24 17:38:16 282,624 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\fpicon.exe

+ 2008-04-03 13:47:32 282,624 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\fpicon.exe

- 2008-01-24 17:38:16 135,168 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-04-03 13:47:32 135,168 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-01-24 17:38:16 27,136 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-04-03 13:47:32 27,136 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-01-24 17:38:16 4,096 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-04-03 13:47:32 4,096 ----a-r C:\WINDOWS\Installer\{90170413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2006-07-28 21:52:22 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin

+ 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe

+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe

+ 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe

+ 2004-08-04 03:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV

+ 2004-08-04 03:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV

+ 2004-08-04 03:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV

+ 2004-08-04 03:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV

- 2007-12-07 01:18:00 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-03-01 13:05:10 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2004-08-04 03:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin

- 2007-12-07 01:18:00 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-03-01 13:05:10 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

- 2004-08-04 03:00:00 561,179 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll

+ 2008-03-25 04:50:26 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll

+ 2004-08-03 21:07:58 2,944 ----a-w C:\WINDOWS\system32\dllcache\drmkaud.sys

- 2007-12-19 21:57:24 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-03-01 13:05:10 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-07 01:18:00 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-03-01 13:05:10 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-12-07 01:18:00 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-03-01 13:05:10 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-12-07 01:18:00 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-03-01 13:05:10 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

- 2007-12-07 01:18:00 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-03-01 13:05:10 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-12-07 01:18:00 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-03-01 13:05:10 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-12-07 01:18:02 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-03-01 13:05:12 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2007-12-07 01:18:02 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-03-01 13:05:12 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2007-12-07 01:18:04 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-03-01 13:05:14 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2007-12-07 01:18:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-03-01 13:05:14 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2007-12-07 01:18:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-03-01 13:05:14 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2007-12-07 01:18:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-03-01 13:05:14 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2004-08-04 03:00:00 2,000 ----a-w C:\WINDOWS\system32\dllcache\keyboard.drv

+ 2004-08-04 05:00:00 2,560 ----a-w C:\WINDOWS\system32\dllcache\lz32.dll

+ 2004-08-04 03:00:00 2,032 ----a-w C:\WINDOWS\system32\dllcache\mouse.drv

- 2004-08-04 03:00:00 512,029 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll

- 2004-08-04 03:00:00 319,517 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

- 2007-12-07 01:18:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-03-01 13:05:14 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2007-12-07 01:18:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-03-01 13:05:14 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2007-12-07 01:18:06 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-03-01 13:05:16 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2004-08-04 03:00:00 1,507,356 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll

- 2004-08-04 03:00:00 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

- 2004-08-04 03:00:00 53,279 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll

- 2004-08-04 03:00:00 241,693 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

- 2004-08-04 03:00:00 213,023 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll

- 2004-08-04 03:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

+ 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

- 2007-12-07 01:18:06 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-03-01 13:05:16 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2004-08-04 03:00:00 421,919 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

+ 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

- 2004-08-04 03:00:00 315,423 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

+ 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

- 2004-08-04 03:00:00 552,989 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

- 2004-08-04 03:00:00 258,077 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll

+ 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll

- 2007-12-07 01:18:06 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-03-01 13:05:16 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2004-08-04 03:00:00 831,519 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

+ 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

- 2004-08-04 03:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

+ 2004-08-04 03:00:00 2,944 ----a-w C:\WINDOWS\system32\dllcache\null.sys

- 2007-12-07 01:18:08 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-03-01 13:05:16 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-01-11 04:52:56 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-03-01 13:05:16 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2004-08-04 03:00:00 1,744 ----a-w C:\WINDOWS\system32\dllcache\sound.drv

- 2007-12-07 01:18:08 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-03-01 13:05:16 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

- 2007-12-07 01:18:08 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-03-01 13:05:18 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2004-08-04 03:00:00 2,176 ----a-w C:\WINDOWS\system32\dllcache\vga.drv

- 2007-12-07 01:18:08 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-03-01 13:05:18 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-12-07 01:18:08 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-03-01 13:05:18 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2004-08-04 03:00:00 2,864 ----a-w C:\WINDOWS\system32\dllcache\winsock.dll

+ 2004-08-04 03:00:00 2,112 ----a-w C:\WINDOWS\system32\dllcache\winspool.exe

+ 2004-08-04 03:00:00 2,736 ----a-w C:\WINDOWS\system32\dllcache\wowdeb.exe

- 2006-06-26 17:45:40 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-02-20 05:39:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2004-08-03 21:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys

+ 2008-01-26 09:52:18 2,560 ----a-w C:\WINDOWS\system32\drivers\mchInjDrv.sys

+ 2004-08-04 03:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys

- 2008-03-07 11:39:54 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

+ 2006-09-02 19:34:34 11,968 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

- 2008-03-07 11:39:54 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

+ 2006-09-02 19:34:42 144,832 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

- 2008-03-07 11:39:54 39,984 ----a-w C:\WINDOWS\system32\drivers\symids.sys

+ 2006-09-02 19:34:50 39,104 ----a-w C:\WINDOWS\system32\drivers\symids.sys

- 2008-03-07 11:39:54 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

+ 2006-09-02 19:34:46 33,216 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

- 2008-03-07 11:39:58 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

+ 2006-09-02 19:35:06 36,032 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

- 2008-03-07 11:39:54 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

+ 2006-09-02 19:34:56 26,432 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

- 2008-03-07 11:39:54 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

+ 2006-09-02 19:35:00 186,048 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

- 2007-12-19 21:57:24 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-03-01 13:05:10 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-07 01:18:00 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-03-01 13:05:10 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-12-07 01:18:00 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-03-01 13:05:10 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-03-30 11:40:32 352,176 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-04-10 10:23:54 348,992 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2007-12-07 01:18:00 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-03-01 13:05:10 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-12-06 10:04:24 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-02-29 08:58:12 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-12-07 01:18:00 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-03-01 13:05:10 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-12-07 01:18:00 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-03-01 13:05:10 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-12-06 03:59:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-02-15 05:44:26 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-12-07 01:18:02 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-03-01 13:05:12 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-12-07 01:18:02 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-03-01 13:05:12 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-12-07 01:18:04 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-03-01 13:05:14 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-12-07 01:18:04 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-03-01 13:05:14 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-12-07 01:18:04 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-03-01 13:05:14 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-12-06 10:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-02-22 10:00:52 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-12-13 22:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-02-21 23:23:36 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2007-12-13 22:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-02-21 23:23:40 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2007-12-13 23:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2007-12-07 01:18:04 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-03-01 13:05:14 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2004-08-04 03:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv

- 2007-02-22 12:39:48 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll

+ 2007-10-11 12:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll

+ 2004-08-04 03:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll

+ 2008-04-11 11:56:58 72,368 ---ha-w C:\WINDOWS\system32\mlfcache.dat

+ 2004-08-04 03:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv

- 2008-03-05 15:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe

- 2004-08-04 03:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll

- 2004-08-04 03:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll

- 2007-12-07 01:18:04 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-03-01 13:05:14 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-12-07 01:18:04 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-03-01 13:05:14 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-12-08 04:18:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-03-01 16:35:16 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-07 01:18:06 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-03-01 13:05:16 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2004-08-04 03:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll

- 2004-08-04 03:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

- 2004-08-04 03:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll

- 2004-08-04 03:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll

- 2004-08-04 03:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

- 2004-08-04 03:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll

+ 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll

- 2007-12-07 01:18:06 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-03-01 13:05:16 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2004-08-04 03:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll

+ 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll

- 2004-08-04 03:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll

+ 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll

- 2004-08-04 03:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll

- 2004-08-04 03:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll

+ 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll

- 2007-12-07 01:18:06 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-03-01 13:05:16 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2004-08-04 03:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll

+ 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll

- 2004-08-04 03:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll

+ 2004-08-04 03:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv

- 2007-12-07 01:18:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-03-01 13:05:16 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-01-11 04:52:56 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-03-01 13:05:16 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2004-08-04 03:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv

- 2006-11-17 13:14:34 16,176 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-10-08 12:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll

- 2008-03-07 12:03:40 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll

+ 2006-09-02 19:35:16 613,056 ----a-w C:\WINDOWS\system32\SymNeti.dll

- 2008-03-07 12:03:38 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll

+ 2006-09-02 19:35:10 239,808 ----a-w C:\WINDOWS\system32\SymRedir.dll

- 2007-12-07 01:18:08 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-03-01 13:05:16 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-12-07 01:18:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-03-01 13:05:18 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2004-08-04 03:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv

- 2007-12-07 01:18:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-03-01 13:05:18 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2007-12-07 01:18:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-03-01 13:05:18 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2004-08-04 03:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll

+ 2004-08-04 03:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe

+ 2004-08-04 03:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe

+ 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe

+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

+ 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"@"="C:\Program Files\Internet Explorer\IEXPLORE.exe" [2008-02-29 10:58 625664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11 102491]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11 692315]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25 98304]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26 118784]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 18:28 344064]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 11:58 3080192]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-09 13:02 185896]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 09:04 84640]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 03:22 26248]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-09-27 16:04:17 1421328]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]

--a------ 2006-01-24 18:00 397312 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2004-08-04 05:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

--a------ 2005-12-06 17:11 458752 C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-03-09 13:02 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\U-Torrent\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\BearShare\\BearShare.exe"=

"C:\\Program Files\\Zattoo\\zattood.exe"=

"C:\\Program Files\\Zattoo\\Zattoo1.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-01-26 11:52]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\drivers\ctredrv.sys []

S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2003-10-29 12:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbc5036-7bc5-11dc-865a-00163616bd0a}]

\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c13cc5b0-725e-11dc-861c-0013021384a3}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

*Newly Created Service* - INT15.SYS

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-07 08:37:50 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Nick.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 12:47:38

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-05-15 12:49:04

ComboFix-quarantined-files.txt 2008-05-15 10:49:02

ComboFix3.txt 2008-04-03 10:57:48

ComboFix2.txt 2008-04-03 14:07:50

Pre-Run: 8,703,803,392 bytes beschikbaar

Post-Run: 8,937,537,536 bytes beschikbaar

608 --- E O F --- 2008-05-15 06:47:17

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\FOUND.003

C:\FOUND.002

C:\FOUND.001

C:\FOUND.000

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat eens horen hoe het nu met de snelheid gesteld is.

  • 1 maand later...
Geplaatst:

Bij gebrek aan reactie sluiten we dit onderwerp. Mocht je dit onderwerp toch nog terug willen openen, geef dan een seintje aan één van de moderators.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.