Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
2008-10-13 02:41 . 2008-10-13 02:41 335 --a------ C:\WINDOWS\mozregistry.dat
2008-10-05 15:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 21:14 . 2008-10-04 21:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 21:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-01 09:53 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-09-26 07:05 . 2008-09-26 07:05 <DIR> d-------- C:\rsit
2008-09-20 00:12 . 2008-09-20 00:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-19 11:54 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-19 11:54 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-19 11:54 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-19 11:44 . 2008-09-19 11:44 <DIR> d--hs---- C:\found.000
2008-09-19 09:31 . 2008-09-19 09:31 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-19 08:15 . 2008-09-19 08:15 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13 . 2008-10-01 09:21 <DIR> d-------- C:\WINDOWS\Motive
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-17 20:33 . 2008-04-13 19:12 8,461,312 --a------ C:\WINDOWS\system32\SET1DF.tmp
2008-09-17 20:32 . 2008-04-13 19:11 3,066,880 --a------ C:\WINDOWS\system32\SET312.tmp
2008-09-17 20:17 . 2008-09-17 20:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:15 . 2008-09-17 14:15 197 --a------ C:\WINDOWS\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 21:49 --------- d-----w C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-10-05 20:37 --------- d-----w C:\Program Files\Java
2008-10-05 01:52 --------- d-----w C:\Program Files\Viewpoint
2008-10-05 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-01 15:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-01 15:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-01 14:28 --------- d-----w C:\Program Files\Yahoo!
2008-10-01 14:28 --------- d-----w C:\Program Files\Common Files\Scanner
2008-10-01 14:27 --------- d-----w C:\Program Files\Symantec
2008-10-01 14:21 --------- d-----w C:\Program Files\Common Files\Vbox
2008-10-01 14:21 --------- d-----w C:\Program Files\Ahead
2008-10-01 14:21 --------- d-----w C:\Program Files\Absolute Poker
2008-10-01 04:44 --------- d-----w C:\Documents and Settings\Robert\Application Data\SuperNZB
2008-09-21 20:22 --------- d-----w C:\Program Files\Trend Micro
2008-09-19 18:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 17:38 --------- d-----w C:\Program Files\RM Converter
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-17 18:20 --------- d--h--r C:\Documents and Settings\Robert\Application Data\yahoo!
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2004-06-13 23:20 449 ----a-w C:\Documents and Settings\Robert\UpdateReg.reg
2002-10-16 07:39 19,552 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-08-04 02:56 17408 69fdf8b967ab39fef170454b6e943398 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 02:56 506368 d05b3d809fa8d9684807eeaa55237b7d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\system32\winlogon.exe
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1035776 84999af5063d29ab54ef88eba0409215 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\system32\services.exe
2004-08-04 02:56 14848 21cddf4ecaae17a98e020bc28960a04a C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\system32\lsass.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53 58880 af4b08cf909b94ef2568736f3111c9d7 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\system32\spoolsv.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-05_20.13.31.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-13 10:23:07 1,035,776 ----a-w C:\WINDOWS\explorer(2).exe
+ 2004-08-04 07:56:29 62,976 ----a-w C:\WINDOWS\ime\spgrmr(2).dll
+ 2004-08-04 07:56:45 250,880 ----a-w C:\WINDOWS\ime\sptip(2).dll
+ 2004-08-04 07:56:44 38,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc(2).dll
- 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 07:56:41 194,048 ----a-w C:\WINDOWS\system32\activeds(2).dll
+ 2004-08-04 07:56:41 101,888 ----a-w C:\WINDOWS\system32\actxprxy(2).dll
+ 2004-08-04 07:56:41 143,360 ----a-w C:\WINDOWS\system32\adsldpc(2).dll
+ 2004-08-04 07:56:41 99,840 ----a-w C:\WINDOWS\system32\advpack(2).dll
+ 2004-08-04 07:56:47 44,544 ----a-w C:\WINDOWS\system32\alg(2).exe
+ 2004-08-04 07:56:41 58,880 ----a-w C:\WINDOWS\system32\atl(2).dll
+ 2004-08-04 07:56:41 42,496 ----a-w C:\WINDOWS\system32\audiosrv(2).dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz(2).dll
+ 2004-08-04 07:56:41 84,992 ----a-w C:\WINDOWS\system32\avifil32(2).dll
+ 2004-08-04 07:56:41 28,672 ----a-w C:\WINDOWS\system32\batmeter(2).dll
+ 2004-08-04 07:55:59 63,488 ----a-w C:\WINDOWS\system32\browselc(2).dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui(2).dll
+ 2004-08-04 07:56:41 59,904 ----a-w C:\WINDOWS\system32\cabinet(2).dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv(2).dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut(2).dll
+ 2004-08-04 07:56:41 194,560 ----a-w C:\WINDOWS\system32\certcli(2).dll
+ 2004-08-04 07:56:00 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32(2).dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq(2).dll
+ 2004-08-04 07:56:41 57,856 ----a-w C:\WINDOWS\system32\clusapi(2).dll
+ 2004-08-04 07:56:41 47,104 ----a-w C:\WINDOWS\system32\cnbjmon(2).dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact(2).dll
+ 2004-08-04 07:56:41 792,064 ----a-w C:\WINDOWS\system32\comres(2).dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs(2).dll
+ 2004-08-04 07:56:41 163,840 ----a-w C:\WINDOWS\system32\credui(2).dll
+ 2004-08-04 07:56:41 597,504 ----a-w C:\WINDOWS\system32\crypt32(2).dll
+ 2004-08-04 07:56:41 33,280 ----a-w C:\WINDOWS\system32\cryptdll(2).dll
+ 2004-08-04 07:56:41 63,488 ----a-w C:\WINDOWS\system32\cryptnet(2).dll
+ 2004-08-04 07:56:41 60,416 ----a-w C:\WINDOWS\system32\cryptsvc(2).dll
+ 2004-08-04 07:56:41 512,512 ----a-w C:\WINDOWS\system32\cryptui(2).dll
+ 2004-08-04 07:56:41 101,888 ----a-w C:\WINDOWS\system32\cscdll(2).dll
+ 2004-08-04 07:56:41 326,656 ----a-w C:\WINDOWS\system32\cscui(2).dll
+ 2004-08-04 07:56:48 6,144 ----a-w C:\WINDOWS\system32\csrss(2).exe
+ 2004-08-04 07:56:48 15,360 ----a-w C:\WINDOWS\system32\ctfmon(2).exe
+ 2004-08-04 07:56:42 24,576 ----a-w C:\WINDOWS\system32\davclnt(2).dll
- 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2004-08-04 07:56:42 8,704 ----a-w C:\WINDOWS\system32\dciman32(2).dll
+ 2004-08-04 07:56:42 266,240 ----a-w C:\WINDOWS\system32\ddraw(2).dll
+ 2004-08-04 07:56:42 27,136 ----a-w C:\WINDOWS\system32\ddrawex(2).dll
+ 2004-08-04 07:56:42 68,608 ----a-w C:\WINDOWS\system32\digest(2).dll
+ 2004-08-04 07:56:42 23,552 ----a-w C:\WINDOWS\system32\dmserver(2).dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2).dll
+ 2004-08-04 07:56:42 14,336 ----a-w C:\WINDOWS\system32\drprov(2).dll
+ 2004-08-04 05:31:43 137,216 ----a-w C:\WINDOWS\system32\dssenh(2).dll
+ 2004-08-04 07:56:42 304,128 ----a-w C:\WINDOWS\system32\duser(2).dll
+ 2004-08-04 07:56:42 23,040 ----a-w C:\WINDOWS\system32\ersvc(2).dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es(2).dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent(2).dll
+ 2004-08-04 07:56:42 55,808 ----a-w C:\WINDOWS\system32\eventlog(2).dll
- 2008-05-01 07:11:51 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-13 06:54:02 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-08-04 07:56:42 344,064 ----a-w C:\WINDOWS\system32\hnetcfg(2).dll
+ 2004-08-04 07:56:42 11,264 ----a-w C:\WINDOWS\system32\icaapi(2).dll
+ 2004-08-04 07:56:42 35,840 ----a-w C:\WINDOWS\system32\imgutil(2).dll
+ 2004-08-04 07:56:42 33,280 ----a-w C:\WINDOWS\system32\inetmib1(2).dll
+ 2004-08-04 07:56:42 75,264 ----a-w C:\WINDOWS\system32\inetpp(2).dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi(2).dll
+ 2004-08-04 07:56:42 331,264 ----a-w C:\WINDOWS\system32\ipnathlp(2).dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript(2).dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos(2).dll
- 2006-06-19 21:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 23:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo(2).dll
+ 2004-08-04 07:56:42 97,280 ----a-w C:\WINDOWS\system32\loadperf(2).dll
+ 2004-08-04 07:56:50 14,848 ----a-w C:\WINDOWS\system32\lsass(2).exe
+ 2004-08-04 07:56:42 1,028,096 ----a-w C:\WINDOWS\system32\mfc42(2).dll
+ 2004-08-04 07:56:42 22,528 ----a-w C:\WINDOWS\system32\mfcsubs(2).dll
+ 2004-08-04 07:56:42 18,944 ----a-w C:\WINDOWS\system32\midimap(2).dll
+ 2004-08-04 07:56:42 586,240 ----a-w C:\WINDOWS\system32\mlang(2).dll
+ 2004-08-04 07:56:42 59,904 ----a-w C:\WINDOWS\system32\mpr(2).dll
+ 2004-08-04 07:56:42 87,040 ----a-w C:\WINDOWS\system32\mprapi(2).dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec(2).dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil(2).dll
+ 2004-08-04 07:56:42 71,680 ----a-w C:\WINDOWS\system32\msacm32(2).dll
+ 2004-08-04 07:56:42 86,016 ----a-w C:\WINDOWS\system32\msapsspc(2).dll
+ 2004-08-04 07:56:42 57,344 ----a-w C:\WINDOWS\system32\msasn1(2).dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms(2).dll
+ 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf(2).dll
+ 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled(2).dll
+ 2004-08-04 07:56:43 6,656 ----a-w C:\WINDOWS\system32\msidle(2).dll
+ 2004-08-04 07:56:43 4,608 ----a-w C:\WINDOWS\system32\msimg32(2).dll
+ 2004-08-04 07:56:43 159,232 ----a-w C:\WINDOWS\system32\msimtf(2).dll
+ 2004-08-04 07:56:43 25,088 ----a-w C:\WINDOWS\system32\mslbui(2).dll
+ 2004-08-04 07:56:43 30,208 ----a-w C:\WINDOWS\system32\mspatcha(2).dll
+ 2004-08-04 07:56:18 48,128 ----a-w C:\WINDOWS\system32\msprivs(2).dll
+ 2004-08-04 07:56:43 115,712 ----a-w C:\WINDOWS\system32\mstlsapi(2).dll
+ 2004-08-04 07:56:43 195,072 ----a-w C:\WINDOWS\system32\msutb(2).dll
+ 2004-08-04 07:56:43 413,696 ----a-w C:\WINDOWS\system32\msvcp60(2).dll
+ 2004-08-04 07:56:43 343,040 ----a-w C:\WINDOWS\system32\msvcrt(2).dll
+ 2004-08-04 05:58:25 61,440 ----a-w C:\WINDOWS\system32\msvcrt40(2).dll
+ 2004-08-04 07:56:43 120,832 ----a-w C:\WINDOWS\system32\msvfw32(2).dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock(2).dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu(2).dll
+ 2004-08-04 07:56:44 17,920 ----a-w C:\WINDOWS\system32\nddeapi(2).dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32(2).dll
+ 2004-08-04 07:56:44 622,080 ----a-w C:\WINDOWS\system32\netcfgx(2).dll
+ 2004-08-04 07:56:44 407,040 ----a-w C:\WINDOWS\system32\netlogon(2).dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman(2).dll
+ 2004-08-04 07:56:44 1,708,032 ----a-w C:\WINDOWS\system32\netshell(2).dll
+ 2004-08-04 07:56:44 248,832 ----a-w C:\WINDOWS\system32\newdev(2).dll
+ 2004-08-04 07:56:44 67,072 ----a-w C:\WINDOWS\system32\ntdsapi(2).dll
+ 2004-08-04 07:56:44 118,784 ----a-w C:\WINDOWS\system32\ntmarta(2).dll
+ 2004-08-04 07:56:44 143,872 ----a-w C:\WINDOWS\system32\ntshrui(2).dll
+ 2001-08-23 12:00:00 60,928 ----a-w C:\WINDOWS\system32\ocmanage(2).dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32(2).dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32(2).dll
- 2008-04-03 21:33:16 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-13 00:45:19 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-03 21:33:16 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-13 00:45:19 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2004-08-04 07:56:44 25,088 ----a-w C:\WINDOWS\system32\perfos(2).dll
+ 2004-08-04 07:56:44 15,360 ----a-w C:\WINDOWS\system32\pjlmon(2).dll
+ 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\powrprof(2).dll
+ 2004-08-04 07:56:44 27,648 ----a-w C:\WINDOWS\system32\profmap(2).dll
+ 2004-08-04 07:56:44 23,040 ----a-w C:\WINDOWS\system32\psapi(2).dll
+ 2004-08-04 07:56:44 96,768 ----a-w C:\WINDOWS\system32\psbase(2).dll
+ 2004-08-04 07:56:44 34,304 ----a-w C:\WINDOWS\system32\pstorsvc(2).dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp(2).dll
+ 2004-08-04 07:56:44 69,632 ----a-w C:\WINDOWS\system32\raschap(2).dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans(2).dll
+ 2004-08-04 07:56:44 206,336 ----a-w C:\WINDOWS\system32\rasppp(2).dll
+ 2004-08-04 07:56:44 112,128 ----a-w C:\WINDOWS\system32\rastls(2).dll
+ 2004-08-04 07:56:44 49,664 ----a-w C:\WINDOWS\system32\regapi(2).dll
+ 2004-08-04 07:56:44 59,904 ----a-w C:\WINDOWS\system32\regsvc(2).dll
+ 2008-10-13 06:52:30 3,253,928 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2004-08-04 07:56:44 58,880 ----a-w C:\WINDOWS\system32\resutils(2).dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4(2).dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss(2).dll
+ 2004-08-04 05:31:43 152,576 ----a-w C:\WINDOWS\system32\rsaenh(2).dll
+ 2004-08-04 07:56:44 44,032 ----a-w C:\WINDOWS\system32\rtutils(2).dll
+ 2004-08-04 07:56:44 180,224 ----a-w C:\WINDOWS\system32\scecli(2).dll
+ 2004-08-04 07:56:44 313,856 ----a-w C:\WINDOWS\system32\scesrv(2).dll
+ 2004-08-04 07:56:44 190,976 ----a-w C:\WINDOWS\system32\schedsvc(2).dll
+ 2004-08-04 07:56:44 18,944 ----a-w C:\WINDOWS\system32\seclogon(2).dll
+ 2004-08-04 07:56:44 55,808 ----a-w C:\WINDOWS\system32\secur32(2).dll
+ 2004-08-04 07:56:44 5,632 ----a-w C:\WINDOWS\system32\security(2).dll
+ 2004-08-04 07:56:44 38,912 ----a-w C:\WINDOWS\system32\sens(2).dll
+ 2004-08-04 07:56:44 6,656 ----a-w C:\WINDOWS\system32\sensapi(2).dll
+ 2001-08-23 12:00:00 259,584 ----a-w C:\WINDOWS\system32\Setup\comsetup(2).dll
+ 2004-08-04 07:56:42 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext(2).dll
+ 2004-08-04 07:56:42 132,608 ----a-w C:\WINDOWS\system32\Setup\fxsocm(2).dll
+ 2004-08-04 07:56:42 505,344 ----a-w C:\WINDOWS\system32\Setup\iis(2).dll
+ 2001-08-23 12:00:00 115,712 ----a-w C:\WINDOWS\system32\Setup\imsinsnt(2).dll
+ 2004-08-04 07:56:42 16,896 ----a-w C:\WINDOWS\system32\Setup\medctroc(2).dll
+ 2001-08-23 12:00:00 82,432 ----a-w C:\WINDOWS\system32\Setup\msdtcstp(2).dll
+ 2004-08-04 07:56:43 15,360 ----a-w C:\WINDOWS\system32\Setup\msgrocm(2).dll
+ 2004-08-04 07:56:43 169,984 ----a-w C:\WINDOWS\system32\Setup\msmqocm(2).dll
+ 2004-08-04 07:56:44 77,312 ----a-w C:\WINDOWS\system32\Setup\netoc(2).dll
+ 2004-08-04 07:56:44 62,976 ----a-w C:\WINDOWS\system32\Setup\ntoc(2).dll
+ 2004-08-04 07:56:44 15,872 ----a-w C:\WINDOWS\system32\Setup\ocgen(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll.OLD
+ 2004-08-04 07:56:44 101,376 ----a-w C:\WINDOWS\system32\Setup\setupqry(2).dll
+ 2004-08-04 07:56:46 33,792 ----a-w C:\WINDOWS\system32\Setup\tabletoc(2).dll
+ 2004-08-04 07:56:46 121,856 ----a-w C:\WINDOWS\system32\Setup\tsoc(2).dll
+ 2004-08-04 07:56:44 5,120 ----a-w C:\WINDOWS\system32\sfc(2).dll
+ 2004-08-04 07:56:44 140,288 ----a-w C:\WINDOWS\system32\sfc_os(2).dll
+ 2004-08-04 07:56:27 549,376 ----a-w C:\WINDOWS\system32\shdoclc(2).dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32(2).dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2).dll
+ 2004-08-04 07:56:45 151,552 ----a-w C:\WINDOWS\system32\shmedia(2).dll
+ 2004-08-04 07:56:45 151,552 ----a-w C:\WINDOWS\system32\shmedia(3).dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs(2).dll
+ 2004-08-04 07:56:45 18,944 ----a-w C:\WINDOWS\system32\snmpapi(2).dll
+ 2004-08-04 07:56:45 74,752 ----a-w C:\WINDOWS\system32\spoolss(2).dll
+ 2005-06-10 23:53:32 58,880 ----a-w C:\WINDOWS\system32\spoolsv(2).exe
+ 2004-08-04 07:56:45 67,584 ----a-w C:\WINDOWS\system32\srclient(2).dll
+ 2004-08-04 07:56:45 170,496 ----a-w C:\WINDOWS\system32\srsvc(2).dll
+ 2004-08-04 07:56:45 34,816 ----a-w C:\WINDOWS\system32\ssdpapi(2).dll
+ 2004-08-04 07:56:45 71,680 ----a-w C:\WINDOWS\system32\ssdpsrv(2).dll
+ 2004-08-04 07:56:45 67,584 ----a-w C:\WINDOWS\system32\sti(2).dll
+ 2004-08-04 07:56:45 121,856 ----a-w C:\WINDOWS\system32\stobject(2).dll
+ 2004-08-04 07:56:57 17,408 ----a-w C:\WINDOWS\system32\svchost(2).exe
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs(2).dll
+ 2004-08-04 07:56:46 181,760 ----a-w C:\WINDOWS\system32\tapi32(2).dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv(2).dll
+ 2004-08-04 07:56:46 45,568 ----a-w C:\WINDOWS\system32\tcpmon(2).dll
+ 2004-08-04 07:56:46 295,424 ----a-w C:\WINDOWS\system32\termsrv(2).dll
+ 2004-08-04 07:56:46 385,536 ----a-w C:\WINDOWS\system32\themeui(2).dll
+ 2004-08-04 07:56:46 90,624 ----a-w C:\WINDOWS\system32\trkwks(2).dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr(2).dll
+ 2004-08-04 07:56:46 132,608 ----a-w C:\WINDOWS\system32\upnp(2).dll
+ 2004-08-04 07:56:46 37,888 ----a-w C:\WINDOWS\system32\url(2).dll
+ 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon(2).dll
+ 2004-08-04 07:56:46 16,896 ----a-w C:\WINDOWS\system32\usbmon(2).dll
+ 2004-08-04 07:56:46 218,624 ----a-w C:\WINDOWS\system32\uxtheme(2).dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript(2).dll
+ 2004-08-04 07:56:46 18,944 ----a-w C:\WINDOWS\system32\version(2).dll
+ 2004-08-04 07:56:46 430,592 ----a-w C:\WINDOWS\system32\vssapi(2).dll
+ 2004-08-04 07:56:46 174,592 ----a-w C:\WINDOWS\system32\w32time(2).dll
+ 2004-08-04 07:56:42 185,856 ----a-w C:\WINDOWS\system32\wbem\framedyn(2).dll
+ 2004-08-04 07:56:46 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox(2).dll
+ 2004-08-04 07:56:46 49,152 ----a-w C:\WINDOWS\system32\wdigest(2).dll
+ 2004-08-04 07:56:46 276,480 ----a-w C:\WINDOWS\system32\webcheck(2).dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt(2).dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc(2).dll
+ 2004-08-04 07:56:46 351,232 ----a-w C:\WINDOWS\system32\winhttp(2).dll
+ 2008-06-23 15:38:34 659,456 ----a-w C:\WINDOWS\system32\wininet(2).dll
+ 2004-08-04 07:56:46 32,768 ----a-w C:\WINDOWS\system32\winipsec(2).dll
+ 2004-08-04 07:56:46 176,128 ----a-w C:\WINDOWS\system32\winmm(2).dll
+ 2004-08-04 07:56:46 16,896 ----a-w C:\WINDOWS\system32\winrnr(2).dll
+ 2004-08-04 07:56:46 99,328 ----a-w C:\WINDOWS\system32\winscard(2).dll
+ 2004-08-04 07:56:46 176,640 ----a-w C:\WINDOWS\system32\wintrust(2).dll
+ 2004-08-04 07:56:46 172,032 ----a-w C:\WINDOWS\system32\wldap32(2).dll
+ 2004-08-04 07:56:46 92,672 ----a-w C:\WINDOWS\system32\wlnotify(2).dll
+ 2004-08-04 07:56:35 5,632 ----a-w C:\WINDOWS\system32\wmi(2).dll
+ 2004-08-04 07:56:46 264,192 ----a-w C:\WINDOWS\system32\wow32(2).dll
+ 2004-08-04 07:56:46 82,944 ----a-w C:\WINDOWS\system32\ws2_32(2).dll
+ 2004-08-04 07:56:46 19,968 ----a-w C:\WINDOWS\system32\ws2help(2).dll
+ 2004-08-04 07:56:57 13,824 ----a-w C:\WINDOWS\system32\wscntfy(2).exe
+ 2004-08-04 07:56:46 81,408 ----a-w C:\WINDOWS\system32\wscsvc(2).dll
+ 2004-08-04 07:56:46 19,968 ----a-w C:\WINDOWS\system32\wshtcpip(2).dll
+ 2004-08-04 07:56:46 22,528 ----a-w C:\WINDOWS\system32\wsock32(2).dll
+ 2004-08-04 07:56:46 18,432 ----a-w C:\WINDOWS\system32\wtsapi32(2).dll
+ 2004-08-04 07:56:46 6,656 ----a-w C:\WINDOWS\system32\wuauserv(2).dll
+ 2004-08-04 07:56:46 51,712 ----a-w C:\WINDOWS\system32\wzcsapi(2).dll
+ 2004-08-04 07:56:46 359,936 ----a-w C:\WINDOWS\system32\wzcsvc(2).dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 393216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-07 180269]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-02-18 323584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"NoBandCustomize"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM95\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-01-31 09:42 1228800 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-07-14 14:30 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-19 00:14 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-07 06:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-09-09 17:35 1597440 C:\Program Files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-05-03 10:06 364544 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"MDM"=2 (0x2)
"C-DillaSrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"UpdReg"=C:\WINDOWS\Updreg.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2003-03-26 72032]
S1 af51f9f7;af51f9f7;C:\WINDOWS\system32\drivers\af51f9f7.sys [ ]
S2 pnpsvc;Plug and Play svc service;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-02-28 29056]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnpsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
\shell\autorun\command - G:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-14 C:\WINDOWS\Tasks\AB5C3A3B9183B003.job
- c:\docume~1\robert\applic~1\timeph~1\Slow Owns Wma.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\laefvq4y.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 13:38:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-10-14 13:41:36
ComboFix-quarantined-files.txt 2008-10-14 18:40:34
ComboFix2.txt 2008-10-12 01:12:51
ComboFix3.txt 2008-10-06 01:14:42
ComboFix4.txt 2008-09-20 05:06:10
ComboFix5.txt 2008-10-14 18:35:09
Pre-Run: 2,314,530,816 bytes free
Post-Run: 2,416,402,432 bytes free
491 --- E O F --- 2008-10-02 08:00:46