Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Reinstalled computer, possible external hdd worms

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Reinstalled computer, possible external hdd worms

Unread postby Shorty_sx » November 25th, 2008, 10:37 pm

Dear MalWare Removal staff,

My PC has had a pretty bad couple of months with a few backdoor trojans at some point, being really slow (not necessarly malware) and so on.
Couple of days ago I got another virus (something running the process kamsoft.exe, had a .bat file in my C dir)
It stopped me from seeing my hidden files, even if i changed the option, or even if i edited the registry myself.

I'm fairly sure I got this from my friend's laptop (over shared USB flash drives, and my external hard drive) since both of them have the similar problems (but quite a few more).

Anyway, I reinstalled my computer completely (backed up my files on my external hard disk) but the problem still showed up as the external hdd reinfected the new copy of windows.

I used SDFix, ComboFix, Malwarebyte's and Kaspersky Online Scanner to the best of my ability and removed a few .bats autorun.inf (or something like that) from both my C drive and my external (F:) in this case.

Unfortuantely, I forgot the save the old logs for the exact removed files and so on (also created my script and dropped it into combofix, getting rid of a few files I thought were 'iffy')

Regardless, since its a fresh copy of windows, I'm guessing the cleaning process right now won't be too long.

Here's what I would like to do, and kindly asking your help for:

    Rid my external HDD from any trace of this or any other malware
    - without formating the external hdd (F) since the data there is priceless to me
    - anything on C drive or my computer in general is 'expendable', thus can be deleted, reinstalled or whatever

    Learn how to protect my external HDD from this happening again
    - I read that programs such as Avira Antivir, when installed on an external hard drive, can actually monitor even when it is not connected to my PC (if connected it to another infected PC, providing the antivirus can detect the malware, it will protect my hdd from becoming infected)

    Just to get a clear start, once I manage to do the above I would prefer to go ahead and format/reinstall my PC one more time.

    I am trying to solve this as soon as possible, have my university exams in the next week, so help will be very appreciated (even more than usual :P)

Here's what I can tell you thus far, as well as the logs from the scans performed just before this post.

At the moment hidden files can be viewed, computer is at decent speed.
Everything 'appears clean'. Kaspersky (over the past few scans) has found infectinos in the System Volume Information folder on my external hdd (F:) (I deleted all of them).
the original kamsoft.exe and a few other of its components were deleted with combofix.
I recognize the mm.Bot folder and it should be legit.

Logs: HJT (uninstall list at the bottom if it can help), SDFix, ComboFix (Kaspersky Online is running at the moment, will be added when done)

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:00 AM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "F:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 2773 bytes


SDFix Log


SDFix: Version 1.205
Run by Shorty on Thu 11/27/2008 at 02:32 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Shorty\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 02:35:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"

Finished!

ComboFix Log

ComboFix 08-11-26.01 - Shorty 2008-11-27 2:19:56.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT 1:00]
Running from: c:\documents and settings\Shorty\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-27 01:43 . 2008-11-27 01:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-27 01:40 . 2008-11-27 01:40 0 --a------ c:\windows\ativpsrm.bin
2008-11-25 23:29 . 2008-11-25 23:29 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:05 . 2008-11-25 19:05 <DIR> d-------- c:\documents and settings\Shorty\Application Data\Malwarebytes
2008-11-25 19:05 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 19:04 . 2008-11-25 19:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 19:04 . 2008-11-25 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 19:04 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 18:49 . 2008-11-25 23:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 18:49 . 2008-11-25 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 18:44 . 2008-11-25 18:44 <DIR> d-------- c:\program files\Uniblue
2008-11-25 18:44 . 2008-11-25 18:44 <DIR> d-------- c:\documents and settings\Shorty\Application Data\Uniblue
2008-11-25 18:32 . 2008-11-25 18:32 <DIR> d-------- c:\program files\CCleaner
2008-11-25 17:58 . 2008-11-25 17:58 <DIR> d-------- c:\windows\ERUNT
2008-11-25 17:15 . 2008-11-25 17:22 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-25 17:15 . 2008-11-25 17:15 <DIR> d-------- c:\windows\Sun
2008-11-25 17:15 . 2008-11-25 17:15 <DIR> d---s---- c:\documents and settings\Shorty\UserData
2008-11-25 17:13 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 17:13 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 17:13 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 17:13 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 17:13 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 17:13 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-25 17:13 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 17:10 . 2008-11-25 17:10 <DIR> d-------- c:\windows\Cache
2008-11-25 17:10 . 2008-11-25 17:10 <DIR> d-------- C:\Online documentation
2008-11-25 17:10 . 2008-11-25 17:10 836 --a------ C:\tmpFile.dat
2008-11-25 17:09 . 2008-11-25 17:09 <DIR> d-------- C:\$CTJTMP
2008-11-25 17:09 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-25 17:02 . 2008-11-25 17:02 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-11-25 17:02 . 2008-11-25 17:04 <DIR> d-------- C:\ATI-CPanel
2008-11-25 17:01 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 16:09 659 ----a-w C:\pnpID.dat
2008-11-25 16:02 808 ----a-w c:\windows\system32\drivers\alcxinit.dat
2008-11-25 16:01 --------- d-----w c:\program files\Java
2008-11-25 15:58 --------- d-----w c:\program files\CONEXANT
2008-11-25 15:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 15:47 --------- d-----w c:\program files\microsoft frontpage
2008-11-25 15:46 --------- d-----w c:\program files\Common Files\Java
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-26_23.49.14.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-09 12:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 17:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-11-27 00:49:14 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-10-21 335872]
"avgnt"="f:\avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 c:\windows\SOUNDMAN.EXE]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2008-11-25 36224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\ij.bat
\Shell\explore\Command - C:\ij.bat
\Shell\open\Command - C:\ij.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\ij.bat
\Shell\explore\Command - F:\ij.bat
\Shell\open\Command - F:\ij.bat

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - CATCHME
*Newly Created Service* - SSMDRV
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 02:21:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-11-27 2:22:01
ComboFix-quarantined-files.txt 2008-11-27 01:21:45
ComboFix2.txt 2008-11-27 01:17:01
ComboFix3.txt 2008-11-26 23:33:47
ComboFix4.txt 2008-11-26 23:22:17
ComboFix5.txt 2008-11-27 01:19:44

Pre-Run: 155,464,634,368 bytes free
Post-Run: 155,455,676,416 bytes free

121 --- E O F --- 2008-11-26 22:47:19


Uninstall List from HJT

Adobe Reader 6.0
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SoftK56 Data Fax
Spybot - Search & Destroy
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Windows Installer 3.1 (KB893803)

Kaspersky Online Scanner

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 25, 2008 22:56:48
Records in database: 1416848
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 29944
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:02:09


File name / Threat name / Threats count
F:\Games\Diablo Stuff\mm.BOT\mm.BOT.546.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
F:\Games\Diablo Stuff\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
F:\Games\Diablo Stuff\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
F:\Games\Diablo Stuff\mm.BOT\Tools\mm.FList\mm.FList.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ad 1
F:\Programs\Programs\SciTE4AutoIt3.exe Infected: not-a-virus:Monitor.Win32.Hooker.s 1

The selected area was scanned.
Shorty_sx
Regular Member
 
Posts: 17
Joined: August 31st, 2008, 11:15 am
Advertisement
Register to Remove

Re: Reinstalled computer, possible external hdd worms

Unread postby Carolyn » November 29th, 2008, 12:56 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.

I am currently looking at your log now and will be back as soon as possible with your instructions.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Reinstalled computer, possible external hdd worms

Unread postby Carolyn » November 29th, 2008, 1:15 pm

Hello,

Download and run Flash_Disinfector

Download Flash_Disinfector from here and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone, mp3 player, and so on,
Please do so and allow the utility to clean up those drives as well.

-----------------------------------------------------------

Run a custom CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
KILLALL::

File::
F:\Programs\Programs\SciTE4AutoIt3.exe
C:\ij.bat
F:\ij.bat
D:\Setup.exe

Folder::
F:\Games\Diablo Stuff\mm.BOT

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


-----------------------------------------------------------

Disable Autorun

The best way to prevent spreading infections via removable media is to disable Autorun.

Please read the following article for more information and instructions for disabling Autorun.

http://miekiemoes.blogspot.com/2008/11/ ... -asap.html

-----------------------------------------------------------

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies
      • Clean all the entries in the Windows Explorer section
      • Clean all entries in the System section
      • Clean all entries in the Advanced section
      • Clean any others that you choose
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it
      • Clean all in the Opera section if you use it
      • Clean Sun Java in the Internet Section
      • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO
CCleaner should be run with the above settings for each User Account!

-----------------------------------------------------------

  1. Click here to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
  2. Click on Scan your PC now.
  3. A new window will open.
  4. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
  5. Click on Free online scan.
  6. You will be prompted to install an ActiveX. Please allow it.
  7. Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
  8. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  9. The scan will start. It takes a while, please be patient.
  10. Once done, click on View Report.
  11. You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.

-----------------------------------------------------------

Please post the following in your next reply:
  • The ComboFix log
  • The Panda report
  • A fresh HijackThis log
  • A description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Reinstalled computer, possible external hdd worms

Unread postby Shorty_sx » November 29th, 2008, 5:45 pm

Hello Carolyn!

Thank you for the reply, I followed your instructions, disabled Autorun (thank for the articles you posted, quite interesting. since i have XP home, I disabled it from the cdrom folder in the reg like instructed in the article, that applies to USB drives as well right?)

The Flash_Disinfector ran, however it was literally instant. Everything went as you explained it, but I'm wondering if the scan is really supposed to be instant (considering my external hdd had at least 250 gb filled up)?

Panda's interface was slightly different, but I registered an acount and performed a full scan which should be the equivalent of a MyComputer scan.

Windows Update has been on overdrive (due to the Reinstall), everything is running smoothly, but then again so it was before. I just want to say again that I do plan on reinstalling my computer (again) once my externall hdd is clean.

Thanks a lot for helping me out!

I'll be waiting for your response

Here are the logs:

ComboFix Log:

ComboFix 08-11-29.02 - Shorty 2008-11-30 21:14:13.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.291 [GMT 1:00]
Running from: c:\documents and settings\Shorty\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shorty\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\ij.bat
D:\Setup.exe
F:\ij.bat
f:\programs\Programs\SciTE4AutoIt3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Shorty\Application Data\google\runhh6110411.exe
F:\Autorun.inf
f:\games\Diablo Stuff\mm.BOT
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-1\amblxbow.cof
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-1\curindx.wav
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-1\wavindx.wav
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-2\amblxbow.cof
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-2\curindx.wav
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-2\wavindx.wav
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-3\amblxbow.cof
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-3\curindx.wav
f:\games\Diablo Stuff\mm.BOT\Config\KeySet-3\wavindx.wav
f:\games\Diablo Stuff\mm.BOT\Config\mm.BOT.ini
f:\games\Diablo Stuff\mm.BOT\Config\mm.BOT.Sequences.ini
f:\games\Diablo Stuff\mm.BOT\Config\mm.BotState.ini
f:\games\Diablo Stuff\mm.BOT\Config\mm.MultiKeys.ini
f:\games\Diablo Stuff\mm.BOT\Config\mm.PKID.ini
f:\games\Diablo Stuff\mm.BOT\Config\mm.PKIDORIGINAL.ini
f:\games\Diablo Stuff\mm.BOT\Config\mm.PlayKeys.ini
f:\games\Diablo Stuff\mm.BOT\Config\mmcl.PKID.Compiler.exe
f:\games\Diablo Stuff\mm.BOT\Config\System\d2-cdkey.exe
f:\games\Diablo Stuff\mm.BOT\Config\System\listfile.dat
f:\games\Diablo Stuff\mm.BOT\Config\System\LMPQAPI.DLL
f:\games\Diablo Stuff\mm.BOT\Config\System\mm.Boxes.Ref.ini
f:\games\Diablo Stuff\mm.BOT\Config\System\mm.PKID.Ref
f:\games\Diablo Stuff\mm.BOT\Config\System\mm.PKID.Usr.CH
f:\games\Diablo Stuff\mm.BOT\Config\System\mm.PKID.Usr.ID
f:\games\Diablo Stuff\mm.BOT\Config\System\mm.PKID.Usr.PK
f:\games\Diablo Stuff\mm.BOT\Config\System\MPQ2K.exe
f:\games\Diablo Stuff\mm.BOT\Config\System\Process.exe
f:\games\Diablo Stuff\mm.BOT\Config\System\SFmpq.dll
f:\games\Diablo Stuff\mm.BOT\Config\System\staredit.exe
f:\games\Diablo Stuff\mm.BOT\Config\System\Storm.dll
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\CharTut.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\FAQ.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\automap.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\bar.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\coldskills.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\controls1.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\controls2.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\controls3.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\controls4.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Desktop.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\favicon.ico
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\fireskills.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\lightskills.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\merc_main.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\mmbotlogo.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Notepad.ico
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Pindle.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Program.ico
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Screenshot054.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Screenshot065.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Screenshot072.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Screenshot090.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Screenshot101.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Screenshot169.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\skillskeys.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\SoulSpawn.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\stats_ctaswitch.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Thumbs.db
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\Update.ico
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\img\video.jpg
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\Installation.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\KeysSwapping.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\LMenu.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\MainPage.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\MercTut.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\MySorce.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\PKID.ByGroups.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\PKID.ByItems.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\PkIdListing.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\PkIdSamples.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\PkIdSyntax.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\SeqCommands.htm
f:\games\Diablo Stuff\mm.BOT\Documents\Htm\SeqExamples.htm
f:\games\Diablo Stuff\mm.BOT\Documents\img\favicon.ico
f:\games\Diablo Stuff\mm.BOT\Documents\img\Home.ico
f:\games\Diablo Stuff\mm.BOT\Documents\img\Notepad.ico
f:\games\Diablo Stuff\mm.BOT\Documents\img\Program.ico
f:\games\Diablo Stuff\mm.BOT\Documents\img\Update.ico
f:\games\Diablo Stuff\mm.BOT\Documents\mm.BOT.History.txt
f:\games\Diablo Stuff\mm.BOT\IpRefresh.exe
f:\games\Diablo Stuff\mm.BOT\Logs\_STATS.ini
f:\games\Diablo Stuff\mm.BOT\Logs\ArchiveCurrent.exe
f:\games\Diablo Stuff\mm.BOT\Logs\Compiler.txt
f:\games\Diablo Stuff\mm.BOT\Logs\DeleteCurrent.exe
f:\games\Diablo Stuff\mm.BOT\Logs\Events_Bot.txt
f:\games\Diablo Stuff\mm.BOT\Logs\Good_Items.txt
f:\games\Diablo Stuff\mm.BOT\Logs\Picked_Items.txt
f:\games\Diablo Stuff\mm.BOT\Logs\ScanDrop_Items.txt
f:\games\Diablo Stuff\mm.BOT\Logs\SearchInLogs.exe
f:\games\Diablo Stuff\mm.BOT\Logs\Sold_Items.txt
f:\games\Diablo Stuff\mm.BOT\MacReset.exe
f:\games\Diablo Stuff\mm.BOT\mm.BOT.546.exe
f:\games\Diablo Stuff\mm.BOT\mm.Bot.chm
f:\games\Diablo Stuff\mm.BOT\mm.BOT.MANUAL.htm
f:\games\Diablo Stuff\mm.BOT\Scripts\Example.au3
f:\games\Diablo Stuff\mm.BOT\Scripts\mm.BOT.Include.au3
f:\games\Diablo Stuff\mm.BOT\Tools\ImportantRead.txt
f:\games\Diablo Stuff\mm.BOT\Tools\mm.FList\mm.FList.exe
f:\games\Diablo Stuff\mm.BOT\Tools\mm.FList\mm.FList.ini
f:\games\Diablo Stuff\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe
f:\games\Diablo Stuff\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.ini
f:\games\Diablo Stuff\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe
f:\programs\Programs\SciTE4AutoIt3.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-30 11:42 . 2008-11-30 11:52 <DIR> d-------- c:\documents and settings\Shorty\Application Data\dvdcss
2008-11-29 01:55 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-29 01:55 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-29 01:55 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-29 01:55 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-29 01:55 . 2008-08-26 08:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-29 01:55 . 2008-08-26 08:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-29 01:55 . 2008-08-26 08:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-29 01:55 . 2008-08-26 08:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-29 01:55 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-27 19:24 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-27 19:24 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-11-27 19:24 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-27 18:55 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-27 18:55 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-27 18:55 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-27 18:55 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-27 18:04 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-11-27 18:03 . 2008-11-27 18:03 <DIR> d-------- c:\program files\MSBuild
2008-11-27 18:03 . 2008-11-27 18:03 <DIR> d-------- c:\program files\Microsoft Works
2008-11-27 18:02 . 2008-11-27 18:02 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-27 17:59 . 2008-11-27 18:02 <DIR> d-------- c:\windows\SHELLNEW
2008-11-27 17:59 . 2008-11-29 03:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 17:58 . 2008-11-27 17:58 <DIR> dr-h----- C:\MSOCache
2008-11-27 15:30 . 2008-11-27 15:30 <DIR> d-------- c:\program files\uTorrent
2008-11-27 15:27 . 2008-11-30 10:27 <DIR> d-------- c:\documents and settings\Shorty\Application Data\uTorrent
2008-11-27 14:55 . 2008-11-27 14:55 <DIR> d-------- c:\program files\VideoLAN
2008-11-27 14:55 . 2008-11-27 14:56 <DIR> d-------- c:\documents and settings\Shorty\Application Data\vlc
2008-11-27 12:21 . 2008-11-27 12:21 <DIR> d-------- c:\documents and settings\Shorty\Application Data\AdobeUM
2008-11-27 12:20 . 2008-11-27 12:20 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-27 01:40 . 2008-11-27 01:40 0 --a------ c:\windows\ativpsrm.bin
2008-11-25 23:29 . 2008-11-25 23:29 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:05 . 2008-11-25 19:05 <DIR> d-------- c:\documents and settings\Shorty\Application Data\Malwarebytes
2008-11-25 19:05 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 19:04 . 2008-11-25 19:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 19:04 . 2008-11-25 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 19:04 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 18:49 . 2008-11-25 23:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 18:49 . 2008-11-25 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 18:44 . 2008-11-25 18:44 <DIR> d-------- c:\documents and settings\Shorty\Application Data\Uniblue
2008-11-25 18:39 . 2008-11-30 03:00 1,393 --a------ c:\windows\imsins.BAK
2008-11-25 18:32 . 2008-11-25 18:32 <DIR> d-------- c:\program files\CCleaner
2008-11-25 17:58 . 2008-11-25 17:58 <DIR> d-------- c:\windows\ERUNT
2008-11-25 17:15 . 2008-11-28 09:50 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-25 17:15 . 2008-11-25 17:15 <DIR> d-------- c:\windows\Sun
2008-11-25 17:13 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 17:13 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 17:13 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 17:13 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 17:13 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 17:13 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-25 17:13 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 17:10 . 2008-11-25 17:10 <DIR> d-------- c:\windows\Cache
2008-11-25 17:10 . 2008-11-25 17:10 <DIR> d-------- C:\Online documentation
2008-11-25 17:10 . 2008-11-25 17:10 836 --a------ C:\tmpFile.dat
2008-11-25 17:09 . 2008-11-25 17:09 <DIR> d-------- C:\$CTJTMP
2008-11-25 17:09 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-25 17:02 . 2008-11-25 17:02 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-11-25 17:02 . 2008-11-25 17:04 <DIR> d-------- C:\ATI-CPanel
2008-11-25 17:01 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 16:09 659 ----a-w C:\pnpID.dat
2008-11-25 16:02 808 ----a-w c:\windows\system32\drivers\alcxinit.dat
2008-11-25 16:01 --------- d-----w c:\program files\Java
2008-11-25 15:58 --------- d-----w c:\program files\CONEXANT
2008-11-25 15:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 15:47 --------- d-----w c:\program files\microsoft frontpage
2008-11-25 15:46 --------- d-----w c:\program files\Common Files\Java
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-26_23.49.14.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w c:\windows\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2008-11-27 17:03:25 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-11-27 17:03:23 65,536 ----a-w c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2008-11-27 17:03:26 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-11-27 17:03:23 1,215,328 ----a-w c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2008-11-27 17:03:23 82,784 ----a-w c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2008-11-27 17:03:19 31,560 ----a-w c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2008-11-27 17:03:24 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-11-27 17:03:19 16,712 ----a-w c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2008-11-27 17:02:22 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-11-27 17:02:53 1,612,592 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2008-11-27 17:02:53 1,276,720 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-11-27 17:02:53 150,320 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-11-27 17:03:19 404,296 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2008-11-27 17:02:54 88,896 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-11-27 17:02:54 146,232 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2008-11-27 17:03:12 17,208 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2008-11-27 17:02:53 920,376 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-11-27 17:02:54 35,648 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-11-29 02:08:08 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-11-27 17:02:54 232,248 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2008-11-27 17:02:53 20,280 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-11-29 02:04:58 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-11-27 17:03:23 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-11-27 17:02:53 371,496 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-11-27 17:02:54 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-11-27 17:03:23 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-11-27 17:03:25 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-11-27 17:02:53 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-11-27 17:02:20 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2008-11-27 17:02:22 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2008-11-27 17:03:02 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2008-11-27 17:03:19 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-11-27 17:03:19 12,616 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2008-11-27 17:03:13 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2008-11-27 17:03:12 12,632 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-11-27 17:03:13 12,112 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2008-11-27 17:03:15 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2008-11-27 17:03:08 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2008-11-27 17:03:17 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2008-11-27 17:03:09 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-11-27 17:03:09 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2008-11-27 17:03:23 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
- 2008-11-26 22:45:39 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-11-27 10:58:36 1,265,664 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-11-26 22:45:41 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-11-27 10:58:36 1,232,896 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-11-27 10:58:44 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_31e06061\CustomMarshalers.dll
+ 2008-11-27 11:00:15 3,391,488 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6faae64\mscorlib.dll
+ 2008-11-27 11:00:11 1,470,464 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_cd75d77a\System.Design.dll
+ 2008-11-27 10:58:52 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_1921c7b8\System.Drawing.Design.dll
+ 2008-11-27 11:00:12 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_72122d36\System.Drawing.dll
+ 2008-11-27 11:00:02 3,018,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c9709ce8\System.Windows.Forms.dll
+ 2008-11-27 11:00:06 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9c53c4a4\System.Xml.dll
+ 2008-11-27 10:58:43 1,966,080 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c124b753\System.dll
+ 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2008-11-25 16:58:44 610,304 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-11-27 01:30:58 749,568 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-11-25 16:58:44 151,552 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-11-27 01:30:58 151,552 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2004-08-04 12:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2004-08-04 12:00:00 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w c:\windows\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-08-20 05:38:40 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-08-20 05:38:40 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-08-20 05:38:40 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2004-08-04 12:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2004-08-04 12:00:00 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2004-08-04 12:00:00 139,264 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2004-08-04 12:00:00 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2004-08-04 12:00:00 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-08-19 09:30:39 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2004-08-04 12:00:00 81,920 -c--a-w c:\windows\ie7\ieencode.dll
+ 2008-08-20 05:38:41 251,392 -c--a-w c:\windows\ie7\iepeers.dll
+ 2004-08-04 12:00:00 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2004-08-04 12:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2004-08-04 12:00:00 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2004-08-04 12:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-08-20 05:38:41 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w c:\windows\ie7\jscript.dll
+ 2008-08-20 05:38:44 16,384 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2004-08-04 12:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2004-08-04 12:00:00 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-08-20 05:38:47 3,060,224 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-08-20 05:38:43 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2004-08-04 12:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-08-20 05:38:41 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-08-20 05:38:41 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-08-20 05:38:41 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 17:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 17:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-08-20 05:38:45 615,936 -c--a-w c:\windows\ie7\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w c:\windows\ie7\vbscript.dll
+ 2004-08-04 12:00:00 848,384 -c--a-w c:\windows\ie7\vgx.dll
+ 2004-08-04 12:00:00 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-08-20 05:38:43 659,456 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:31:54 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 16:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-02-12 15:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 17:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 17:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 17:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2006-10-26 18:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 18:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 14:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 20:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 14:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 14:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 14:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 14:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 19:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 19:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 19:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 19:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 19:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 19:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 14:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 19:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 19:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 19:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 19:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 19:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 19:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 14:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 19:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 14:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 18:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 20:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 14:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 19:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 19:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 23:48:08 234,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-26 18:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 18:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 14:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 13:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 13:04:58 75,576 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-26 18:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 14:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 19:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 14:37:44 338,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 14:38:02 6,191,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 14:37:44 284,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-26 23:47:54 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-27 14:37:40 34,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 14:37:44 300,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-26 23:47:44 33,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 14:37:56 2,689,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 14:38:00 3,508,544 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 14:37:40 117,584 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 14:37:50 768,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 14:37:52 1,359,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-26 23:48:24 377,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 14:37:58 3,071,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 14:37:44 284,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-26 23:48:00 197,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-26 23:48:18 317,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-26 23:48:40 1,555,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-26 23:47:42 31,016 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-26 23:47:40 22,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-26 23:48:02 224,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 14:38:04 7,053,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-26 23:48:42 2,210,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-26 23:48:18 363,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-26 23:47:40 16,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 14:37:56 2,738,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 14:37:38 35,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-26 23:48:02 222,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 14:37:50 1,163,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 14:38:00 4,746,536 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 14:37:54 1,396,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-26 23:48:34 955,680 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 14:37:40 268,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-26 23:48:26 572,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 14:37:48 631,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-26 19:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 19:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 14:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 14:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 14:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 20:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-26 18:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 19:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 14:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 14:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 20:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 12:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 14:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 13:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 18:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 19:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 20:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 19:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 12:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 14:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 18:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 12:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 18:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 18:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 19:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 14:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 19:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 19:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 19:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 14:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 19:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 19:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 19:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 14:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 19:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 19:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 19:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 14:39:36 687,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 14:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-26 19:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 19:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-26 19:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 14:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-26 19:23:00 782,720 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-26 19:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 15:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 17:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 14:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 14:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 14:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 14:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 20:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 14:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 14:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-11-27 17:02:54 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 18:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 19:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 13:05:00 77,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-26 19:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 14:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 19:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 20:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 20:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 13:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-26 19:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 19:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 19:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 19:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 20:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 14:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 13:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 13:04:48 29,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 13:05:04 126,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 13:05:02 86,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 13:04:56 58,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 13:04:48 27,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 13:04:54 51,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 13:04:44 19,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 13:04:58 76,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-29 23:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 22:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 21:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 14:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2008-11-27 17:02:54 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 14:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 14:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 14:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 13:05:08 1,181,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 20:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 20:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 13:05:08 530,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2007-08-28 22:38:10 500,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2008-11-29 02:05:36 251,272 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTPIA.DLL
+ 2007-08-24 02:43:28 138,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2008-11-29 02:11:51 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-29 02:11:51 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-29 02:11:51 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-29 02:11:51 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-29 02:11:51 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-29 02:11:51 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-29 02:11:51 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-29 02:11:51 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-29 02:11:51 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-29 02:11:51 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-29 02:11:51 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-29 02:11:51 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-29 02:07:38 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2004-07-15 00:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 20:30:52 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 00:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 20:30:52 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 23:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 19:57:52 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 18:09:14 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 19:57:58 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 23:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 19:56:30 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 23:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 19:58:00 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 13:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 19:50:46 2,142,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 19:58:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 23:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 19:57:00 2,523,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 23:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 19:57:28 2,514,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 15:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 15:11:26 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 00:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1468\_PerfCounter.dll
- 2004-07-15 13:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 20:35:38 1,232,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 13:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 20:35:46 1,265,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2006-06-03 11:40:49 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2004-08-04 12:00:00 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2004-08-04 12:00:00 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2004-08-04 12:00:00 61,440 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 17:39:20 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2004-08-04 12:00:00 99,840 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00:00 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
- 2008-08-20 05:38:40 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-20 05:38:40 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-20 05:38:40 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 38,912 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 17:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2004-08-04 12:00:00 34,304 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00:00 216,576 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00:00 323,584 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-08-19 09:30:39 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 81,920 -c--a-w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 17:45:18 78,336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
- 2008-08-20 05:38:41 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 48,640 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00:00 62,976 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 17:39:12 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2004-08-04 12:00:00 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2004-08-04 12:00:00 35,840 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 17:36:06 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2008-08-20 05:38:41 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2007-12-18 14:40:58 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-08-20 05:38:44 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 22,016 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 17:32:30 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2008-08-20 05:38:47 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 12:54:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:38:43 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 56,832 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2004-08-04 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-08-20 05:38:41 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-20 05:38:41 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 96,256 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-20 05:38:41 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 37,888 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-20 05:38:45 615,936 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2007-12-18 14:40:58 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 17:54:10 413,696 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2004-08-04 12:00:00 848,384 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2004-08-04 12:00:00 49,152 -c--a-w c:\windows\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:50 49,152 -c--a-w c:\windows\system32\dllcache\wdigest.dll
- 2004-08-04 12:00:00 276,480 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-20 05:38:43 659,456 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2008-08-20 05:38:40 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-20 05:38:40 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-20 05:38:40 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll
+ 2007-08-23 00:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
+ 2006-10-26 13:10:06 33,088 ----a-w c:\windows\system32\FM20ENU.DLL
- 2008-11-26 22:48:10 90,296 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-27 23:05:49 263,024 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2004-08-04 12:00:00 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00:00 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2004-08-04 12:00:00 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00:00 81,920 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-20 05:38:41 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-04 12:00:00 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2004-08-04 12:00:00 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2004-08-04 12:00:00 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
+ 2006-10-26 12:45:04 207,360 ----a-w c:\windows\system32\INKED.DLL
- 2008-08-20 05:38:41 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w c:\windows\system32\jscript.dll
- 2008-08-20 05:38:44 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00:00 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-11-28 14:13:56 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-03 15:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2004-07-14 23:24:50 155,648 ----a-w c:\windows\system32\mscoree.dll
+ 2006-12-22 11:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2004-08-04 12:00:00 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-08-20 05:38:47 3,060,224 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 12:54:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:38:43 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00:00 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2004-08-04 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-08-20 05:38:41 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2006-07-24 09:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
- 2008-08-20 05:38:41 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll
+ 2006-12-22 12:02:36 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
+ 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2004-08-04 12:00:00 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll
- 2008-11-26 22:45:27 52,764 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-30 11:42:44 53,608 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-26 22:45:27 380,350 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-30 11:42:44 383,254 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-20 05:38:41 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2006-07-24 09:50:40 39,728 ----a-w c:\windows\system32\SCP32.DLL
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2006-10-26 18:56:16 864,080 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-10-26 18:56:14 67,408 ----a-w c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-10-26 18:56:16 864,080 ----a-w c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2006-10-26 18:56:14 67,408 ----a-w c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2006-10-26 18:56:12 33,104 ----a-w c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
- 2005-02-25 03:35:05 22,752 ----a-w c:\windows\system32\spupdsvc.exe
+ 2006-09-06 16:43:16 22,752 ----a-w c:\windows\system32\spupdsvc.exe
- 2004-08-04 12:00:00 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-20 05:38:45 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2006-07-24 09:50:40 47,920 ----a-w c:\windows\system32\VBAME.DLL
- 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll
- 2004-08-04 12:00:00 49,152 ----a-w c:\windows\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w c:\windows\system32\wdigest.dll
- 2004-08-04 12:00:00 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-08-20 05:38:43 659,456 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2006-10-26 12:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2006-07-14 15:51:52 121,856 ------w c:\windows\system32\xmllite.dll
+ 2006-10-26 12:40:34 95,744 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2007-08-22 23:18:08 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-10-26 12:40:36 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-10-26 12:40:36 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 12:40:36 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2007-08-22 23:18:08 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2007-08-22 23:18:08 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2007-08-22 23:18:08 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-10-26 12:40:36 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 12:40:36 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 12:40:36 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 12:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2007-08-22 23:18:08 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2007-08-22 23:18:08 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2007-08-22 23:18:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2007-08-22 23:18:08 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-10-26 12:40:36 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 12:40:36 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 12:40:36 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 12:40:36 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 12:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 12:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 12:40:36 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 12:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 12:40:36 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2007-08-22 23:18:08 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2007-08-22 23:18:08 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2007-08-22 23:18:08 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2007-08-22 23:18:08 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2007-08-22 23:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2007-08-22 23:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2007-08-22 23:18:08 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2007-08-22 23:18:08 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2007-08-22 23:18:08 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-10-21 335872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 c:\windows\SOUNDMAN.EXE]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2008-11-25 36224]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 21:17:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-30 21:19:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-30 20:19:21
ComboFix2.txt 2008-11-27 01:22:02
ComboFix3.txt 2008-11-27 01:17:01
ComboFix4.txt 2008-11-26 23:33:47
ComboFix5.txt 2008-11-30 20:12:43

Pre-Run: 144,700,727,296 bytes free
Post-Run: 145,043,853,312 bytes free

850 --- E O F --- 2008-11-30 02:00:48


Panda Report:


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-30 22:14:47
PROTECTIONS: 0
MALWARE: 27
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@casalemedia[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@tradedoubler[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@com[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@burstnet[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@adtech[1].txt
00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@fe.lea.lycos[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@zedo[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Shorty\Cookies\shorty@go[1].txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Shorty\Desktop\Flash_Disinfector.exe[C:\Documents and Settings\Shorty\Desktop\Flash_Disinfector.exe][nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No F:\Flash_Disinfector.exe[F:\Flash_Disinfector.exe][nircmd.exe]
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP6\A0000541.inf
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\Qoobox\Quarantine\C\autorun.inf.vir
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP5\A0000534.inf
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP5\A0000488.inf
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP5\A0000439.inf
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP4\A0000337.inf
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP4\A0000376.inf
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP4\A0000391.inf
00463484 W32/Autorun.AMZ.worm Virus/Worm No 0 Yes No C:\Documents and Settings\Shorty\Desktop\SDFix\backups_old\backups.zip[backups/autorun.inf]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP7\A0000897.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP21\A0002244.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP7\snapshot\MFEX-3.DAT
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP21\A0002228.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP7\A0000844.sys
03738686 Generic Malware Virus/Trojan No 0 Yes No F:\Programs\Programs\SDFix\CATCHME.EXE
03738686 Generic Malware Virus/Trojan No 0 No No F:\Programs\Programs\SDFix.exe[F:\Programs\Programs\SDFix.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Shorty\Desktop\SDFix\catchme.exe
03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP5\A0000518.sys
04174935 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{4104F517-5725-495C-9080-1D09874F0D07}\RP20\A0002143.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location 2
;===================================================================================================================================================================================
No C:\Documents and Settings\Shorty\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] 2
No F:\Programs\Programs\Warkeys-1.7.0.1b.exe[Warkeys Update.exe] 2
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 2
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 2
184379 MEDIUM MS08-001 2
182048 HIGH MS07-069 2
182046 HIGH MS07-067 2
182043 HIGH MS07-064 2
179553 HIGH MS07-061 2
176382 HIGH MS07-057 2
176383 HIGH MS07-058 2
170907 HIGH MS07-046 2
170906 HIGH MS07-045 2
170904 HIGH MS07-043 2
164915 HIGH MS07-035 2
164913 HIGH MS07-033 2
164911 HIGH MS07-031 2
160623 HIGH MS07-027 2
157262 HIGH MS07-022 2
157261 HIGH MS07-021 2
157260 HIGH MS07-020 2
157259 HIGH MS07-019 2
156477 HIGH MS07-017 2
150253 HIGH MS07-016 2
150249 HIGH MS07-013 2
150248 HIGH MS07-012 2
150247 HIGH MS07-011 2
150243 HIGH MS07-008 2
150242 HIGH MS07-007 2
150241 MEDIUM MS07-006 2
141034 HIGH MS06-076 2
141033 MEDIUM MS06-075 2
137571 HIGH MS06-070 2
133387 MEDIUM MS06-065 2
133386 MEDIUM MS06-064 2
133385 MEDIUM MS06-063 2
133379 HIGH MS06-057 2
129977 MEDIUM MS06-053 2
129976 MEDIUM MS06-052 2
126093 HIGH MS06-051 2
126092 MEDIUM MS06-050 2
126087 HIGH MS06-046 2
126086 MEDIUM MS06-045 2
126082 HIGH MS06-041 2
126081 HIGH MS06-040 2
123421 HIGH MS06-036 2
123420 HIGH MS06-035 2
120825 MEDIUM MS06-032 2
120823 MEDIUM MS06-030 2
120818 HIGH MS06-025 2
120815 HIGH MS06-022 2
117384 MEDIUM MS06-018 2
114666 HIGH MS06-015 2
108744 MEDIUM MS06-008 2
108743 MEDIUM MS06-007 2
108742 MEDIUM MS06-006 2
104567 HIGH MS06-002 2
104237 HIGH MS06-001 2
96574 HIGH MS05-053 2
93395 HIGH MS05-051 2
93394 HIGH MS05-050 2
93454 MEDIUM MS05-049 2
;===================================================================================================================================================================================


New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:04 PM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

--
End of file - 3868 bytes
Shorty_sx
Regular Member
 
Posts: 17
Joined: August 31st, 2008, 11:15 am

Re: Reinstalled computer, possible external hdd worms

Unread postby Carolyn » November 29th, 2008, 6:17 pm

Hello,

The Flash_Disinfector ran, however it was literally instant.


Yes, it does take only an instant. It does not do a full scan of the drive. I believe it only looks to delete any autorun.inf files that may be present on the drives.

I followed your instructions, disabled Autorun


Remember to do that again after you reinstall the operating system.

Also, be sure to thoroughly scan that external hard drive for malware. You do not want to get reinfected.

----------------------------------------------------

Formatting your hard drive and reinstalling Windows are fairly involved processes.
Here is a link with information that will be helpful: Reformatting Windows by wng_z3r0

Here are some important points to keep in mind before you begin this process:

Some Re-installation Notes (taken from When should I re-format? How should I reinstall?)


* Be sure to back-up all data before re-formatting the computer's hard drive. This includes address books, documents, music, settings, saved games, and anything else not obsolete.

The re-format process will wipe the computer's hard drive clean, destroying all data and programs.

* PCs are made so they can be reformatted. But sometimes, especially with major brand-name computers, there are special procedures that require reading the manual, visiting the manufacturer's website, or, if the manufacturer has gone out of business, searching on http://www.google.com.

Some computers have the BIOS or re-installation software in small partitions on the hard drive.

- Do not re-partition the hard drive without carefully consulting the maker's manual and website.
- Check on the use of any partition, other than C:, before re-formatting it.

* Some computers require special drivers which are downloadable from the computer manufacturer's or vendor's website or device manufacturer's website. Use an uninfected computer to download these files to diskettes or a CD, and print out the installation instructions, in advance.

* Gather together the CDs, diskettes, and Internet addresses required to re-install the software.

* Since you should avoid searching the web until your computer is fully secured, it is a good idea to download any programs you will need to secure your computer prior to re-formatting. Use an uninfected computer to do this.

* Physically unplug the computer from the Internet before re-formatting.

* Leave the computer physically disconnected (unplugged) from the Internet until it is protected by a firewall (ICF, an NAT router, or other hardware or software firewall).

If the computer has a wireless card, remove or shield the card so that the computer cannot connect to any access points.)

* An unpatched computer without proper firewall protection can be infected within seconds of being connected to the Internet.

The computer must be protected by a hardware firewall, NAT router, or a software firewall before plugging it back in to the internet or you can be infected in a few seconds.

* When installing from a Windows XP SP2 CD, the installation will default to having the Windows XP SP2 Firewall activated, so the hazard is greatly reduced. With earlier service packs of Windows XP and earlier versions of Windows, you must manually turn on a firewall.



After your computer is back up and running with all of the Service Packs and Updates installed, here are some steps that can help you to keep your computer safe from malware:
  • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once,and not on a regular basis
  • Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Install and use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

  • Make Internet Explorer More Secure
    Upgrade to Internet Explorer 7, then please read and follow the recommendations at this SITE
Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.

  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.

  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:
    Stop and Disable the DNS Client Service
    Go to Start, Run and type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK



  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera
Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by miekiemoes: Prevention
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Reinstalled computer, possible external hdd worms

Unread postby Shorty_sx » November 29th, 2008, 7:26 pm

Thank you for the response!

So I take it everything looks clean?

If so then yes, I'll reinstall once again just to be sure. Thanks for your recomendations, a lot of them will come in handy (I especially like to IE7 link).

I do have one final question:

Could I (as I read somewhere online, refering to Avira Antivir) install an antivirus program ON my externall hdd so it runs on it and protects it (if I were to connect it to a random computer, that might be infected)?

Once again thank you for all the help, I'm very grateful!

edit: One more question - since I shouldnt install more than one Antivirus/Firewall program at a time, I was wondering if that meant 1 antivirus AND 1 firewall, or one OR the other. Looking at your suggestions and links, I'm considering installing Avira for antivirus, Comodo Firewall, Spyware Blaster and WinPatrol. That does seem like a lot, and somehow I have the feeling at least two of them do more or less the same thing, hence should not be installed at the same time. Could you please advise me on this?
Shorty_sx
Regular Member
 
Posts: 17
Joined: August 31st, 2008, 11:15 am

Re: Reinstalled computer, possible external hdd worms

Unread postby Carolyn » December 2nd, 2008, 11:37 am

Shorty_sx wrote:Thank you for the response!

So I take it everything looks clean?

If so then yes, I'll reinstall once again just to be sure. Thanks for your recomendations, a lot of them will come in handy (I especially like to IE7 link).

I do have one final question:

Could I (as I read somewhere online, refering to Avira Antivir) install an antivirus program ON my externall hdd so it runs on it and protects it (if I were to connect it to a random computer, that might be infected)?

Once again thank you for all the help, I'm very grateful!

edit: One more question - since I shouldnt install more than one Antivirus/Firewall program at a time, I was wondering if that meant 1 antivirus AND 1 firewall, or one OR the other. Looking at your suggestions and links, I'm considering installing Avira for antivirus, Comodo Firewall, Spyware Blaster and WinPatrol. That does seem like a lot, and somehow I have the feeling at least two of them do more or less the same thing, hence should not be installed at the same time. Could you please advise me on this?


I really do not know about installing Avira on an external HD, I haven't found any information to confirm that can be done. You might want to check the Avira forums HERE.

Every computer should have one anti-virus program with up-to-date definitions, a two-way firewall, at least one anti-malware program that offers real-time protection without installing a second anti-virus "engine", and a program that monitors for possible unwanted changes to the registry and startups. Think of it is a multi-layered defense. In a nut-shell, those recommended programs do work differently, so installing them will not violate the 1 firewall/1 antivirus rule.

I would add to your choices of programs Malwarebytes' Anti-malware or Superantispyware. Scan your computer with one of those programs every week or so... don't forget to update the program each time before you run the scan.

If you install Comodo Firewall along with Avira, be sure to install only the firewall and not the comodo antivirus component. Also, I recommend turning off the Defense+ feature in Comodo Firewall - I think it is overkill and you will find it extremely annoying.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Reinstalled computer, possible external hdd worms

Unread postby Shorty_sx » December 2nd, 2008, 1:49 pm

Thank you for the advice Carolyn, I will do exactly that. I already have Malwarebyte's antimalware installed and will add the other ones now. Re-reinstalled my PC, everything is working very smoothly, no problems what so ever. Music libraries are fine, drivers are fine, autorun (grr) is off!

Thank you once again for all the help, I greately appreciate it! Early happy holidays from me,

Vic
Shorty_sx
Regular Member
 
Posts: 17
Joined: August 31st, 2008, 11:15 am

Re: Reinstalled computer, possible external hdd worms

Unread postby NonSuch » December 3rd, 2008, 6:03 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware