Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Second Hijack this post, with combofix log.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Second Hijack this post, with combofix log.

Unread postby dosdaplace » February 10th, 2009, 2:24 pm

first the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:41 AM, on 2/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKCU\..\Run: [Slulewe] rundll32.exe "C:\Users\Steve\AppData\Local\itikopib.dll",e
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRU Web Service (MRUWebService) - Unknown owner - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5523 bytes

and now the combofix log.

ComboFix 09-02-10.01 - Steve 2009-02-10 10:08:22.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3326.2088 [GMT -8:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\senekauqqvfovi.sys
c:\windows\system32\senekafctlivcs.dll
c:\windows\system32\senekamoqcyoxb.dll
c:\windows\system32\senekaucgsbtex.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Service_SENEKA
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-03 09:38 . 2009-02-03 09:38 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-03 09:37 . 2009-02-03 09:37 <DIR> d-------- c:\users\Steve\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-01 21:25 . 2009-02-01 21:25 <DIR> d-------- C:\rsit
2009-01-28 19:35 . 2009-01-28 19:35 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-01-25 17:38 . 2009-01-25 17:38 <DIR> d-------- c:\program files\Bonjour
2009-01-22 00:07 . 2009-02-01 21:25 <DIR> d-------- c:\program files\Trend Micro
2009-01-16 04:34 . 2009-01-16 04:34 40,448 --a------ c:\windows\System32\chert7-303352.exe
2009-01-16 04:34 . 2009-01-16 04:34 40,448 --a------ c:\windows\Gcofaq.dll
2009-01-15 16:44 . 2009-01-15 16:48 <DIR> d-a------ c:\users\All Users\TEMP
2009-01-15 16:44 . 2009-01-15 16:48 <DIR> d-a------ c:\programdata\TEMP
2009-01-15 16:31 . 2009-01-15 16:31 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 16:31 . 2009-01-15 16:31 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 16:31 . 2009-01-15 16:31 <DIR> d-------- c:\program files\iTunes
2009-01-15 16:31 . 2009-01-15 16:31 <DIR> d-------- c:\program files\iPod
2009-01-15 16:31 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-15 16:31 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-15 15:52 . 2009-01-15 15:53 <DIR> d-------- c:\program files\BACKUP MUSIC
2009-01-15 11:02 . 2009-02-10 10:10 59,904 --a------ c:\windows\System32\drivers\TDSSnbcb.sys
2009-01-15 11:02 . 2009-02-10 10:10 27,136 --a------ c:\windows\System32\TDSScrrx.dll
2009-01-15 11:02 . 2009-01-15 11:02 2 --a------ C:\1154955852
2009-01-15 08:31 . 2009-01-15 08:33 <DIR> d-------- c:\users\Steve\AppData\Roaming\mIRC
2009-01-14 08:41 . 2008-12-15 18:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:02 --------- d-----w c:\users\Steve\AppData\Roaming\Skype
2009-02-10 17:46 --------- d-----w c:\users\Steve\AppData\Roaming\DNA
2009-02-10 16:07 --------- d-----w c:\users\Steve\AppData\Roaming\skypePM
2009-02-10 04:14 --------- d-----w c:\program files\Steam
2009-02-10 03:25 --------- d-----w c:\program files\Common Files\Steam
2009-02-07 20:20 --------- d-----w c:\users\Steve\AppData\Roaming\BitTorrent
2009-02-05 19:12 --------- d-----w c:\users\Steve\AppData\Roaming\OpenOffice.org2
2009-01-29 03:35 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-29 03:35 --------- d-----w c:\programdata\avg8
2009-01-27 07:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-16 00:50 --------- d-----w c:\program files\Rainmeter
2009-01-16 00:31 --------- d-----w c:\program files\Common Files\Apple
2009-01-14 17:15 --------- d-----w c:\program files\Windows Mail
2009-01-07 04:44 --------- d-----w c:\program files\DNA
2009-01-07 04:44 --------- d-----w c:\program files\BitTorrent
2009-01-01 01:33 --------- d-----w c:\program files\Cepstral
2008-12-15 00:41 --------- d-----w c:\program files\QuickTime
2008-12-13 00:36 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-10 05:14 --------- d-----w c:\program files\Bethesda Softworks
2008-08-28 02:00 22,328 ----a-w c:\users\Steve\AppData\Roaming\PnkBstrK.sys
2008-05-12 12:03 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-05-12 12:03 56 ---ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"Fvekurediqata"="c:\windows\Gcofaq.dll" [2009-01-16 40448]
"Slulewe"="c:\users\Steve\AppData\Local\itikopib.dll" [2009-01-15 134144]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-06-05 1261568]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13531680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1601304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Fvekurediqata"="c:\windows\Gcofaq.dll" [2009-01-16 40448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2008-11-25 357712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6EDD6F1D-0FA5-49EB-9C2C-D52E1E8490EC}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"UDP Query User{11CD9327-8474-43BC-8B1F-4ED5E78550A7}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"TCP Query User{35D82BD2-91E8-4232-A1BF-9DB64615797F}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"UDP Query User{81DDCA83-2EB8-4C92-8149-1B260114B28F}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"TCP Query User{F69B3EA3-824F-4D6D-88AE-6D2D738AC959}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"UDP Query User{34AC868B-A8D4-4BCE-9B56-4C4415176075}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"TCP Query User{88BEF903-650C-4590-921D-A878C0EAEE97}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"UDP Query User{7D3008DB-F6FD-4E7E-A242-4F8A6F0482C1}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"TCP Query User{D65C0AA8-AFC3-479A-B418-C30DEBB715FE}c:\\program files\\steam\\steamapps\\dosdaplace7\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\source sdk base\hl2.exe:hl2
"UDP Query User{47DD9967-D18A-4989-95AC-EAA73588016A}c:\\program files\\steam\\steamapps\\dosdaplace7\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\source sdk base\hl2.exe:hl2
"TCP Query User{237FCCD5-284A-4A6D-902A-B78A012BB1E9}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{4EDC86F7-62B0-43B1-B5AE-9000F8E16494}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{337A4B1F-1BBC-4A5C-846C-128A665F6198}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{8D17CD53-2DD5-4462-BC99-A3CD0E34A8EE}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"{943779FC-2B86-4BA5-954A-CC028376B627}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{970F7159-4780-491A-92FF-C79BF5BA2768}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{5E5387F0-A44C-4030-98E1-6B8B1494C20F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{830B74C2-B1B5-4928-A96B-DEE303737C91}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{F9703490-5F72-480B-BBCC-39A939621B9E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{2C4135D2-65BA-4F18-BC7A-22DDF72F5F7F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{0D90456C-918A-46D8-97B8-89F68D9E9979}c:\\users\\steve\\program files\\dna\\btdna.exe"= UDP:c:\users\steve\program files\dna\btdna.exe:btdna.exe
"UDP Query User{F550A65B-ECA3-42A3-8971-F7052D0682B1}c:\\users\\steve\\program files\\dna\\btdna.exe"= TCP:c:\users\steve\program files\dna\btdna.exe:btdna.exe
"TCP Query User{7C59B802-33CF-4B02-A769-D7E8180040EF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{7050C388-3242-4349-AA7B-D3C03E472A0C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{960D9F87-D4A4-4540-AE14-5F1F940B3752}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{D47C7A14-9905-49BB-B870-CB9BA65987EB}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{CE3DCF33-1CB7-4682-8185-18D0FD8EA477}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{1E257C38-61A9-40D4-A39E-4B5F2B7A0A14}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C7018113-09C2-43E6-8703-A8274232B62C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{730379EA-027C-4D59-8D18-64D82638DA75}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{25E28ADC-2209-4539-8150-D738ECBE0E05}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{FBB1921C-D7D9-4636-998E-76FA7D5C1850}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{E9E5EB39-49EE-410A-9B62-1E2497FDB48D}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{D8717E91-76FD-4DD9-B70B-2343BC54A8DE}c:\\users\\steve\\desktop\\wotlk_intro_en.avi-downloader.exe"= UDP:c:\users\steve\desktop\wotlk_intro_en.avi-downloader.exe:wotlk_intro_en.avi-downloader.exe
"UDP Query User{D77F6B49-D8DC-40BD-B97B-37804BD4E1B5}c:\\users\\steve\\desktop\\wotlk_intro_en.avi-downloader.exe"= TCP:c:\users\steve\desktop\wotlk_intro_en.avi-downloader.exe:wotlk_intro_en.avi-downloader.exe
"TCP Query User{48A33046-E630-4EF9-BAC2-65039A898141}c:\\program files\\steam\\steamapps\\dosdaplace7\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\day of defeat source\hl2.exe:hl2
"UDP Query User{D73BA953-6510-4E3B-8B25-0D448CF75A92}c:\\program files\\steam\\steamapps\\dosdaplace7\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\day of defeat source\hl2.exe:hl2
"{033119F5-E3B9-4A4A-8C9F-7593F1E91FB3}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{70AFA893-8AC7-4052-84C6-403F52BC0576}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B925D189-C21F-49B6-B69F-29EC09D14B0F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CB60A031-02C8-450E-BDA4-D85F1972FE6B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{5338A1AD-9FFA-4668-BBAE-5B9C0753424C}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0B9783E9-36DA-48CC-B2A8-E2BBFB7CD77C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{2483366D-1FE5-4622-B9F6-8354F5888495}c:\\program files\\steam\\steamapps\\coganatior\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\coganatior\counter-strike source\hl2.exe:hl2
"UDP Query User{7B7B883C-8F33-42BA-B0BC-D0FDB85CE2EC}c:\\program files\\steam\\steamapps\\coganatior\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\coganatior\counter-strike source\hl2.exe:hl2
"TCP Query User{EAAB3D0E-B212-4908-9017-4B7867AFAB7F}c:\\users\\steve\\desktop\\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe"= UDP:c:\users\steve\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe:wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe
"UDP Query User{9C462AD0-7211-4B1C-BC39-B286C50FA8E3}c:\\users\\steve\\desktop\\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe"= TCP:c:\users\steve\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe:wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe
"{0D5C9414-695B-4471-8454-FB52C817BBE7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{E6646362-1533-4BEA-9A51-AE69D0CFE5D1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{742DDCF5-B4E0-4299-93FD-460C84C86E6E}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{D4EA8730-866A-45A4-8E5B-0703BA15414B}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{68B42BD2-9B31-4CED-B906-8083EA640FB0}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{F84225C7-1373-4BD7-8DF3-2706EE5E8A9E}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{57F5BCC4-373E-4A97-8607-8E2737E6A597}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9B53E8E1-803A-4572-98EC-E3DF50DFF440}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{BC1F4FD7-B60F-4651-8897-0F323B368D78}"= UDP:990:LocalSubnet:LocalSubnet|IF={FB1AEB9C-A9F1-4D18-B8C9-F4061648343F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{67BD2016-C1EA-4837-8D2B-69FF62309176}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{69531F1D-7C08-493E-944E-C833D2B5AD77}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{2923EAF7-F3C0-4F57-8C1E-068B231CBC1F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{30E234F9-528F-4B01-B700-C2B80AA6FB75}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{2471588F-18CF-4DBB-899B-6F27069CBB08}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{68D170E1-B16D-4DA1-A21D-132910673221}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{36EE3443-E750-425F-8979-AE1F5F89F0E0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0484C1B5-B341-4E24-8D14-97A69710171B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F4F99A92-15A7-404A-BEF1-F633B33C155C}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 5100f810\\launcher.exe"= UDP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 5100f810\launcher.exe:launcher.exe
"UDP Query User{8BD01338-D9E6-4D28-A6E2-6E184AC7836E}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 5100f810\\launcher.exe"= TCP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 5100f810\launcher.exe:launcher.exe
"{C81CFFE8-D3E9-4005-926A-CF426C136476}"= UDP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{EAA4ABDB-4656-400C-8F05-2D21B62728E7}"= TCP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"TCP Query User{B2C8274E-70EC-429D-AE12-0D3AE4C03F63}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 54e064c0\\launcher.exe"= UDP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 54e064c0\launcher.exe:launcher.exe
"UDP Query User{1B9542FA-DC7D-4843-93BA-F7A4EDDE8538}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 54e064c0\\launcher.exe"= TCP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 54e064c0\launcher.exe:launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [2007-06-14 143256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-28 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-09 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-09 298264]
R2 Cepstral License Server;Cepstral License Server;c:\program files\Cepstral\bin\CepstralLicSrv.exe [2008-06-24 57344]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\System32\drivers\PAC7302.SYS [2008-10-14 457856]
S2 MRUWebService;MRU Web Service;"c:\program files\Marvell\61xx\Apache2\bin\Apache.exe" -k runservice --> c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19a6e400-53d1-11dd-91da-001e8c72009b}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41c425c4-fe85-11d5-b863-806e6f6e6963}]
\shell\AutoRun\command - D:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d94761-1fa1-11dd-a76d-806e6f6e6963}]
\shell\AutoRun\command - d:\bin\Assetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\User_Feed_Synchronization-{6871C9F5-9450-44AF-A7C4-13F6667379BD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 18:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5AF42A3-94F3-42BD-F634-3604832C897D} - c:\windows\system32\hsjefi8wunkmdf.dll
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
SharedTaskScheduler-{C5AF42A3-94F3-42BD-F634-3604832C897D} - c:\windows\system32\hsjefi8wunkmdf.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5jn85h6.default\
1 file(s) moved.
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5jn85h6.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\users\Steve\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 10:14:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\vghd\VirtuaGirl_Downloader.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-02-10 10:18:16 - machine was rebooted [Steve]
ComboFix-quarantined-files.txt 2009-02-10 18:18:12

Pre-Run: 442,099,236,864 bytes free
Post-Run: 442,954,805,248 bytes free

265 --- E O F --- 2009-02-10 02:48:39

Thank you so much for the help guys.
dosdaplace
Active Member
 
Posts: 7
Joined: January 22nd, 2009, 4:25 am
Advertisement
Register to Remove

Re: Second Hijack this post, with combofix log.

Unread postby Katana » March 1st, 2009, 12:30 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

You must reply within 5 days

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Second Hijack this post, with combofix log.

Unread postby dosdaplace » March 2nd, 2009, 1:03 am

first off i just wanted to say thank you for all of the help.
Second i dont know how this would affect my logs or if it even will but whenever i log in i stop three processes, two duplicate rundll's and a userintlogon.

here are the logs.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Steve at 2009-03-01 21:00:24
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 412 GB (61%) free of 674 GB
Total RAM: 3326 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:25 PM, on 3/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Steve\Desktop\RSIT.exe
C:\Users\Steve\Desktop\Steve.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKCU\..\Run: [Slulewe] rundll32.exe "C:\Users\Steve\AppData\Local\itikopib.dll",e
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Startup: Sprint media monitor.lnk = C:\Windows\RM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRU Web Service (MRUWebService) - Unknown owner - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6107 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Defraggler Volume C Task.job
C:\Windows\tasks\User_Feed_Synchronization-{6871C9F5-9450-44AF-A7C4-13F6667379BD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-08 352256]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-02-06 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-06-05 1261568]
"SoundTray"=C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2007-05-21 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-28 1601304]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"Fvekurediqata"=C:\Windows\Gcofaq.dll [2009-01-16 40448]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"MRT"=C:\Windows\system32\MRT.exe [2009-02-03 21244864]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-15 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-15 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-20 2153472]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"Fvekurediqata"=C:\Windows\Gcofaq.dll [2009-01-16 40448]
"Slulewe"=C:\Users\Steve\AppData\Local\itikopib.dll [2009-01-15 134144]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-02-06 3572984]

C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sprint media monitor.lnk - C:\Windows\RM.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19a6e400-53d1-11dd-91da-001e8c72009b}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41c425c4-fe85-11d5-b863-806e6f6e6963}]
shell\AutoRun\command - D:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8725a7c3-2015-11dd-82d4-806e6f6e6963}]
shell\AutoRun\command - D:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d94761-1fa1-11dd-a76d-806e6f6e6963}]
shell\AutoRun\command - D:\Bin\Assetup.exe


======List of files/folders created in the last 1 months======

2009-03-01 20:24:32 ----D---- C:\Users\Steve\AppData\Roaming\Smith Micro
2009-03-01 20:22:45 ----D---- C:\Windows\LastGood
2009-03-01 20:22:32 ----D---- C:\Program Files\Samsung
2009-03-01 20:21:09 ----N---- C:\Windows\RM.exe
2009-03-01 20:21:06 ----D---- C:\ProgramData\Tarma Installer
2009-03-01 20:21:06 ----D---- C:\Program Files\Sprint Instinct Applications
2009-02-26 07:43:56 ----N---- C:\Windows\system32\pxinsi64.exe
2009-02-26 07:43:56 ----N---- C:\Windows\system32\pxcpyi64.exe
2009-02-26 07:43:56 ----N---- C:\Windows\system32\pxcpya64.exe
2009-02-26 07:43:55 ----N---- C:\Windows\system32\vxblock.dll
2009-02-26 07:43:55 ----N---- C:\Windows\system32\pxwave.dll
2009-02-26 07:43:55 ----N---- C:\Windows\system32\pxmas.dll
2009-02-26 07:43:55 ----N---- C:\Windows\system32\pxinsa64.exe
2009-02-26 07:43:55 ----N---- C:\Windows\system32\pxhpinst.exe
2009-02-26 07:43:55 ----N---- C:\Windows\system32\pxdrv.dll
2009-02-26 07:43:55 ----N---- C:\Windows\system32\px.dll
2009-02-25 20:31:09 ----D---- C:\Users\Steve\AppData\Roaming\Auslogics
2009-02-25 20:31:07 ----D---- C:\Program Files\Auslogics
2009-02-24 12:53:19 ----D---- C:\Program Files\CCleaner
2009-02-24 07:15:35 ----D---- C:\Program Files\MozBackup
2009-02-19 22:32:23 ----D---- C:\Program Files\Microsoft Web Designer Tools
2009-02-19 22:32:05 ----RHD---- C:\MSOCache
2009-02-17 18:07:46 ----D---- C:\Windows\system32\AGEIA
2009-02-17 18:07:46 ----D---- C:\Program Files\AGEIA Technologies
2009-02-17 18:03:40 ----D---- C:\Users\Steve\AppData\Roaming\SystemRequirementsLab
2009-02-16 19:34:09 ----D---- C:\Program Files\Recuva
2009-02-12 03:01:53 ----A---- C:\Windows\system32\MRT.INI
2009-02-11 19:41:55 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 19:41:54 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 19:41:53 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 19:41:52 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 19:41:52 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 19:41:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 19:41:51 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-11 19:41:51 ----A---- C:\Windows\system32\iertutil.dll
2009-02-10 10:18:18 ----D---- C:\Windows\temp
2009-02-10 10:18:17 ----A---- C:\ComboFix.txt
2009-02-10 10:14:04 ----A---- C:\Windows\system32\senekaxsxqtpvn.dll
2009-02-10 10:13:57 ----A---- C:\Windows\system32\senekayuodieqq.dll
2009-02-10 10:01:07 ----A---- C:\Windows\zip.exe
2009-02-10 10:01:07 ----A---- C:\Windows\VFIND.exe
2009-02-10 10:01:07 ----A---- C:\Windows\SWXCACLS.exe
2009-02-10 10:01:07 ----A---- C:\Windows\SWSC.exe
2009-02-10 10:01:07 ----A---- C:\Windows\SWREG.exe
2009-02-10 10:01:07 ----A---- C:\Windows\sed.exe
2009-02-10 10:01:07 ----A---- C:\Windows\NIRCMD.exe
2009-02-10 10:01:07 ----A---- C:\Windows\grep.exe
2009-02-10 10:01:07 ----A---- C:\Windows\fdsv.exe
2009-02-10 10:01:03 ----D---- C:\ComboFix
2009-02-10 09:59:54 ----D---- C:\Windows\ERDNT
2009-02-10 09:59:53 ----D---- C:\Qoobox
2009-02-03 09:38:03 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-03 09:37:35 ----D---- C:\Users\Steve\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

======List of files/folders modified in the last 1 months======

2009-03-01 21:00:22 ----D---- C:\Users\Steve\AppData\Roaming\BitTorrent
2009-03-01 21:00:10 ----D---- C:\Windows\Prefetch
2009-03-01 20:30:08 ----D---- C:\Users\Steve\AppData\Roaming\Skype
2009-03-01 20:22:57 ----D---- C:\Windows\tracing
2009-03-01 20:22:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-01 20:22:49 ----D---- C:\Windows\system32\catroot
2009-03-01 20:22:49 ----D---- C:\Windows\inf
2009-03-01 20:22:45 ----D---- C:\Windows
2009-03-01 20:22:36 ----SHD---- C:\Windows\Installer
2009-03-01 20:22:33 ----RD---- C:\Program Files
2009-03-01 20:22:23 ----SHD---- C:\System Volume Information
2009-03-01 20:21:06 ----HD---- C:\ProgramData
2009-03-01 20:21:00 ----D---- C:\Windows\System32
2009-03-01 20:13:14 ----D---- C:\Users\Steve\AppData\Roaming\skypePM
2009-03-01 01:34:03 ----D---- C:\Program Files\Steam
2009-02-28 04:34:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-26 07:58:03 ----D---- C:\Program Files\Winamp
2009-02-26 07:55:26 ----SD---- C:\Users\Steve\AppData\Roaming\Microsoft
2009-02-26 07:55:26 ----D---- C:\Windows\system32\drivers
2009-02-26 07:55:21 ----D---- C:\ProgramData\avg8
2009-02-26 07:46:27 ----D---- C:\Program Files\DivX
2009-02-26 07:45:12 ----D---- C:\Windows\system32\Tasks
2009-02-26 07:03:50 ----D---- C:\Windows\system32\LogFiles
2009-02-26 07:01:39 ----D---- C:\Windows\Debug
2009-02-24 15:25:12 ----D---- C:\Windows\Minidump
2009-02-24 13:03:29 ----D---- C:\Windows\Tasks
2009-02-24 12:51:03 ----D---- C:\Users\Steve\AppData\Roaming\vghd
2009-02-24 12:19:10 ----RSD---- C:\Windows\assembly
2009-02-24 12:19:06 ----D---- C:\Windows\winsxs
2009-02-24 12:18:43 ----SD---- C:\ProgramData\Microsoft
2009-02-24 12:18:43 ----D---- C:\ProgramData\Microsoft Help
2009-02-24 12:18:43 ----D---- C:\Program Files\Microsoft.NET
2009-02-24 12:18:43 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-24 12:18:42 ----D---- C:\Program Files\Common Files
2009-02-24 12:18:34 ----RSD---- C:\Windows\Fonts
2009-02-24 12:18:33 ----D---- C:\Program Files\MSBuild
2009-02-21 09:41:07 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-02-21 09:40:58 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-02-20 11:17:59 ----D---- C:\Windows\system32\catroot2
2009-02-20 08:56:19 ----D---- C:\Windows\Microsoft.NET
2009-02-17 18:10:27 ----D---- C:\ProgramData\NVIDIA
2009-02-17 18:07:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-17 18:03:44 ----SD---- C:\Windows\Downloaded Program Files
2009-02-17 18:03:44 ----D---- C:\Program Files\SystemRequirementsLab
2009-02-16 00:33:40 ----D---- C:\Program Files\Veoh Networks
2009-02-12 03:00:18 ----D---- C:\Program Files\Windows Mail
2009-02-11 21:00:09 ----HD---- C:\$AVG8.VAULT$
2009-02-10 10:18:19 ----D---- C:\Windows\system32\en-US
2009-02-10 10:14:45 ----A---- C:\Windows\system.ini
2009-02-10 10:12:25 ----SHD---- C:\Boot
2009-02-10 10:12:25 ----D---- C:\Windows\system32\config
2009-02-10 10:11:07 ----D---- C:\Windows\AppPatch
2009-02-10 10:10:06 ----A---- C:\Windows\system32\TDSScrrx.dll
2009-02-10 10:09:20 ----D---- C:\Windows\system32\WDI
2009-02-10 09:46:20 ----D---- C:\Users\Steve\AppData\Roaming\DNA
2009-02-09 19:25:57 ----D---- C:\Program Files\Common Files\Steam
2009-02-07 14:37:55 ----D---- C:\Program Files\Mozilla Firefox
2009-02-05 11:12:39 ----D---- C:\Users\Steve\AppData\Roaming\OpenOffice.org2
2009-02-03 15:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-02-03 09:38:10 ----D---- C:\ProgramData\Adobe
2009-02-03 09:38:07 ----D---- C:\Program Files\adobe
2009-02-03 09:37:35 ----D---- C:\Users\Steve\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-28 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-28 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-01-28 107272]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-07-18 342528]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-15 7740320]
R3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-06-26 246784]
S1 seneka;seneka; C:\Windows\system32\drivers\senekalifdopgu.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-20 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-20 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-06-06 86016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-28 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Cepstral License Server;Cepstral License Server; C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [2008-06-24 57344]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-15 207392]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-21 70968]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-02-21 189672]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 MRUWebService;MRU Web Service; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe -k runservice []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-20 33800]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-05 316664]

-----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:49 PM, on 3/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Steve\Desktop\RSIT.exe
C:\Users\Steve\Desktop\Steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Fvekurediqata] rundll32.exe "C:\Windows\Gcofaq.dll",e
O4 - HKCU\..\Run: [Slulewe] rundll32.exe "C:\Users\Steve\AppData\Local\itikopib.dll",e
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Startup: Sprint media monitor.lnk = C:\Windows\RM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MRU Web Service (MRUWebService) - Unknown owner - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6074 bytes

thank you again
dosdaplace
Active Member
 
Posts: 7
Joined: January 22nd, 2009, 4:25 am

Re: Second Hijack this post, with combofix log.

Unread postby Katana » March 2nd, 2009, 4:47 am

Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

bittorrent
DNA


Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

I will be removing all related files and folders during the cleaning process


----------------------------------------------------------- -----------------------------------------------------------

Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If requested, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------- -----------------------------------------------------------
Step 2


Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
    Please visit this webpage for instructions on using ComboFix:
    http://www.bleepingcomputer.com/combofi ... e-combofix

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • Combofix Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Second Hijack this post, with combofix log.

Unread postby dosdaplace » March 3rd, 2009, 3:21 pm

first the anti malware log

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 6.0.6001 Service Pack 1

3/3/2009 11:00:40 AM
mbam-log-2009-03-03 (11-00-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 203140
Time elapsed: 54 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fvekurediqata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fvekurediqata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\slulewe (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Gcofaq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Steve\AppData\Local\itikopib.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\senekaxsxqtpvn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekayuodieqq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\senekalifdopgu.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekaslrpsxoq.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\TDSScrrx.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\TDSSnbcb.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

now the combofix log

ComboFix 09-03-02.03 - Steve 2009-03-03 11:07:44.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3326.2430 [GMT -8:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-03 11:11 . 2009-03-03 11:11 261,123,487 --a------ c:\windows\MEMORY.DMP
2009-03-03 10:05 . 2009-03-03 10:05 <DIR> d-------- c:\users\Steve\AppData\Roaming\Malwarebytes
2009-03-03 10:05 . 2009-03-03 10:05 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-03 10:05 . 2009-03-03 10:05 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-03 10:05 . 2009-03-03 10:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 10:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-03 10:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-01 20:24 . 2009-03-01 20:24 <DIR> d-------- c:\users\Steve\AppData\Roaming\Smith Micro
2009-03-01 20:22 . 2009-03-01 20:22 <DIR> d-------- c:\program files\Samsung
2009-03-01 20:21 . 2009-03-01 20:21 <DIR> d-------- c:\users\All Users\Tarma Installer
2009-03-01 20:21 . 2009-03-01 20:21 <DIR> d-------- c:\programdata\Tarma Installer
2009-03-01 20:21 . 2009-03-02 18:30 <DIR> d-------- c:\program files\Sprint Instinct Applications
2009-03-01 20:21 . 2008-06-04 23:59 222,552 --a------ c:\windows\RM.exe
2009-02-26 07:43 . 2006-01-06 08:52 109,568 --------- c:\windows\System32\pxinsi64.exe
2009-02-26 07:43 . 2006-01-06 08:52 108,544 --------- c:\windows\System32\pxcpyi64.exe
2009-02-26 07:43 . 2006-01-06 08:52 20,640 --------- c:\windows\System32\drivers\PxHelp20.sys
2009-02-25 20:31 . 2009-02-25 20:31 <DIR> d-------- c:\users\Steve\AppData\Roaming\Auslogics
2009-02-25 20:31 . 2009-02-25 20:31 <DIR> d-------- c:\program files\Auslogics
2009-02-24 12:53 . 2009-02-24 12:53 <DIR> d-------- c:\program files\CCleaner
2009-02-24 07:15 . 2009-02-24 07:15 <DIR> d-------- c:\program files\MozBackup
2009-02-19 22:32 . 2009-02-19 22:32 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-02-19 22:32 . 2009-02-19 22:32 <DIR> dr-h----- C:\MSOCache
2009-02-17 18:07 . 2009-02-17 18:07 <DIR> d-------- c:\windows\System32\AGEIA
2009-02-17 18:07 . 2009-02-17 18:07 <DIR> d-------- c:\program files\AGEIA Technologies
2009-02-17 18:03 . 2009-02-17 18:03 <DIR> d-------- c:\users\Steve\AppData\Roaming\SystemRequirementsLab
2009-02-16 19:34 . 2009-02-16 19:34 <DIR> d-------- c:\program files\Recuva
2009-02-12 03:01 . 2009-02-12 03:01 118 --a------ c:\windows\System32\MRT.INI
2009-02-11 19:41 . 2009-01-14 19:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:41 . 2009-01-14 22:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-03 09:38 . 2009-02-03 09:38 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-03 09:37 . 2009-02-03 09:37 <DIR> d-------- c:\users\Steve\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 19:01 --------- d-----w c:\users\Steve\AppData\Roaming\Skype
2009-03-03 17:37 --------- d-----w c:\users\Steve\AppData\Roaming\skypePM
2009-03-03 06:36 --------- d-----w c:\program files\Steam
2009-03-03 03:04 --------- d---a-w c:\programdata\TEMP
2009-03-03 02:30 --------- d-----w c:\users\Steve\AppData\Roaming\BitTorrent
2009-03-02 04:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 15:58 --------- d-----w c:\program files\Winamp
2009-02-26 15:55 --------- d-----w c:\programdata\avg8
2009-02-26 15:46 --------- d-----w c:\program files\DivX
2009-02-24 20:51 --------- d-----w c:\users\Steve\AppData\Roaming\vghd
2009-02-24 20:18 --------- d-----w c:\programdata\Microsoft Help
2009-02-24 20:18 --------- d-----w c:\program files\MSBuild
2009-02-24 20:18 --------- d-----w c:\program files\Microsoft.NET
2009-02-21 17:41 70,968 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-21 17:41 138,584 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-21 17:40 189,672 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 02:10 --------- d-----w c:\programdata\NVIDIA
2009-02-18 02:07 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-18 02:03 --------- d-----w c:\program files\SystemRequirementsLab
2009-02-16 08:33 --------- d-----w c:\program files\Veoh Networks
2009-02-12 11:00 --------- d-----w c:\program files\Windows Mail
2009-02-10 17:46 --------- d-----w c:\users\Steve\AppData\Roaming\DNA
2009-02-10 03:25 --------- d-----w c:\program files\Common Files\Steam
2009-02-05 19:12 --------- d-----w c:\users\Steve\AppData\Roaming\OpenOffice.org2
2009-02-02 05:25 --------- d-----w c:\program files\Trend Micro
2009-01-29 03:35 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-29 03:35 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-29 03:35 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-01-26 01:38 --------- d-----w c:\program files\Bonjour
2009-01-16 12:34 40,448 ----a-w c:\windows\System32\chert7-303352.exe
2009-01-16 00:50 --------- d-----w c:\program files\Rainmeter
2009-01-16 00:31 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 00:31 --------- d-----w c:\program files\iTunes
2009-01-16 00:31 --------- d-----w c:\program files\iPod
2009-01-16 00:31 --------- d-----w c:\program files\Common Files\Apple
2009-01-15 23:53 --------- d-----w c:\program files\BACKUP MUSIC
2009-01-15 16:33 --------- d-----w c:\users\Steve\AppData\Roaming\mIRC
2009-01-07 19:28 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2009-01-07 04:44 --------- d-----w c:\program files\DNA
2009-01-07 04:44 --------- d-----w c:\program files\BitTorrent
2008-12-12 19:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 19:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-10 17:45 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2008-12-10 05:28 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-04 17:28 24,344 ----a-w c:\windows\System32\PhysXDevice.dll
2008-08-28 02:00 22,328 ----a-w c:\users\Steve\AppData\Roaming\PnkBstrK.sys
2008-05-12 12:03 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-05-12 12:03 56 ---ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-02-10_10.16.55.91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-20 06:30:43 245,760 ----a-w c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll
+ 2009-02-20 06:30:43 135,168 ----a-w c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
+ 2009-02-20 06:30:43 18,944 ----a-w c:\windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll
+ 2009-02-20 06:30:47 6,656 ----a-w c:\windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll
+ 2009-02-20 06:30:45 176,128 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll
+ 2009-02-20 06:30:45 126,976 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.InteropA.dll
+ 2009-02-20 06:30:45 118,784 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
+ 2009-02-20 06:30:45 172,032 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll
+ 2009-02-20 06:30:46 40,960 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll
+ 2009-02-20 06:30:46 249,856 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll
+ 2009-02-20 06:30:46 57,344 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll
+ 2009-02-20 06:30:47 7,680 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll
+ 2009-02-20 06:30:46 114,688 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll
+ 2009-02-20 06:30:47 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2009-02-20 06:30:47 8,704 ----a-w c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll
+ 2009-02-20 06:30:08 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-02-20 06:30:11 737,280 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-02-20 06:30:11 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-02-20 06:30:11 794,624 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-02-20 06:30:11 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-02-20 06:30:45 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
+ 2009-02-20 06:30:10 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-02-20 06:30:45 671,744 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
+ 2009-02-20 06:30:45 356,352 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.9.0\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.9.0.dll
+ 2009-02-20 06:30:45 368,640 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll
+ 2009-02-20 06:30:12 40,960 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-02-20 06:30:12 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-02-20 06:30:12 663,552 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-02-20 06:30:12 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-02-20 06:30:08 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-02-20 06:30:08 282,624 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-02-20 06:30:13 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-02-20 06:30:14 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-02-20 06:30:07 496,672 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-02-20 06:30:14 327,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-02-20 06:30:15 1,253,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-02-20 06:30:13 10,240 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-02-20 06:30:08 517,152 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-02-20 06:30:14 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-02-20 16:55:46 589,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\78ca08c79036543c31b2089be2ca9377\EnvDTE.ni.dll
+ 2009-02-20 16:55:49 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\6b56af31a60770654633756b9d2db3fa\EnvDTE80.ni.dll
+ 2009-02-20 16:55:49 45,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\473bd872b1764c1f996db941776c6088\EnvDTE90.ni.dll
+ 2009-02-20 16:55:50 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\2867d6975dcacb6ca61bd76045e386cc\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-02-20 16:55:52 1,892,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\89b45a645222f9aef19baa9d9a1e5383\Microsoft.Build.Engine.ni.dll
+ 2009-02-20 16:55:52 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\497955c1d17648990c3a3bd7cf2ecaa3\Microsoft.Build.Framework.ni.dll
+ 2009-02-20 16:55:54 1,966,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9c5199d690fd60ed39e8f20730263169\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-02-20 16:55:55 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bfdafec92f9d015d995d2f95fffff8bc\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-02-20 16:55:56 19,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\a36df8369d4d31487f6c378677c92e27\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-02-20 16:55:59 315,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0a95bedffee466d7abf572f5ec5bd2cf\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2009-02-20 16:56:01 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1421f705014ec52a6865bd5d6e2a1237\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2009-02-20 16:55:59 1,982,464 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\685e32b0a5a01e5baf136a084af62ea7\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2009-02-20 16:56:01 942,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\696343537bf08bb12a3bf591b77b1e97\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2009-02-20 16:56:01 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7b3152e2136a724438d3e7c559b89253\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2009-02-20 16:56:00 901,120 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e9c14e394cf9b8a071b431d8618de9c0\Microsoft.VisualStudio.Shell.ni.dll
+ 2009-02-20 16:55:47 155,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\81d70fca7aaf82c2890bfc5e1e644d8a\MSBuild.ni.exe
+ 2009-02-20 16:56:06 102,400 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\26e397507b87251fea471bb217afbd0e\System.AddIn.Contract.ni.dll
+ 2009-02-20 16:56:05 696,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\9ccfb52d02fb0d9fa007a36904bf6ff0\System.AddIn.ni.dll
+ 2009-02-20 16:53:26 2,347,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\4c177c394027f9a0da85a3505b2652f7\System.Core.ni.dll
+ 2009-02-20 16:56:06 184,320 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\8d68b6b50f207e88987467417b230c53\System.Data.DataSetExtensions.ni.dll
+ 2009-02-20 16:53:30 2,588,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\b987c33b348d1679f01ef49efab94201\System.Data.Linq.ni.dll
+ 2009-02-20 16:56:07 937,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\329dfd8debde991c0ba2cd8cba7746d3\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-02-20 16:56:08 356,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\8577eda645bc10a0320a5c51167cc950\System.Management.Instrumentation.ni.dll
+ 2009-02-20 16:56:09 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\17df725c679fa1953ed2f4916589eca0\System.Net.ni.dll
+ 2009-02-20 16:56:12 1,556,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\336c3a204c86960730758874d4b8ba95\System.ServiceModel.Web.ni.dll
+ 2009-02-20 16:56:14 2,416,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a8a98eb45853f2b3e88a7ae417718101\System.Web.Extensions.ni.dll
+ 2009-02-20 16:56:14 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\feb801113de4e3f679a6b38b256523db\System.Web.Extensions.Design.ni.dll
+ 2009-02-20 16:56:16 77,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\c79ee0048845878426bf6a48fa5d7708\System.Windows.Presentation.ni.dll
+ 2009-02-20 16:56:18 1,531,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\1141e73f795266e186d8305e760dac32\System.WorkflowServices.ni.dll
+ 2009-02-20 16:56:18 458,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\688bcbbcc735398955c9b8706780c955\System.Xml.Linq.ni.dll
+ 2009-02-20 16:47:14 962,560 ----a-w c:\windows\assembly\tmp\2HQ09IS1\Microsoft.Windows.Design.Developer.dll
+ 2009-02-20 16:42:28 135,168 ----a-w c:\windows\assembly\tmp\3IS2CMW6\Microsoft.CompactFramework.Design.Model.dll
+ 2009-02-20 16:47:14 188,416 ----a-w c:\windows\assembly\tmp\5FOX6GPY\Microsoft.VisualStudio.Xaml.LanguageService.dll
+ 2009-02-20 16:42:28 73,728 ----a-w c:\windows\assembly\tmp\6LU3DMV5\Microsoft.CompactFramework.Design.SmartPhone2004.dll
+ 2009-02-20 16:47:09 156,728 ----a-w c:\windows\assembly\tmp\6NX7IR2C\Microsoft.Workflow.DebugController.dll
+ 2009-02-20 16:42:43 61,440 ----a-w c:\windows\assembly\tmp\9IR0AJS1\Microsoft.Smartdevice.Connectivity.dll
+ 2009-02-20 16:42:43 323,584 ----a-w c:\windows\assembly\tmp\CS1AJT2B\Microsoft.VisualStudio.OfficeTools.Designer.dll
+ 2009-02-20 16:47:00 110,592 ----a-w c:\windows\assembly\tmp\DS1AKT2B\Microsoft.Windows.Design.Extensibility.dll
+ 2009-02-20 16:42:39 339,968 ----a-w c:\windows\assembly\tmp\DS1BKT2C\Microsoft.VisualStudio.Tools.Office.Designer.Office2007.dll
+ 2009-02-20 16:42:29 184,320 ----a-w c:\windows\assembly\tmp\DU3CLV4D\Microsoft.CompactFramework.Design.WindowsCE.dll
+ 2009-02-20 16:42:38 450,560 ----a-w c:\windows\assembly\tmp\ET2BLU3C\Microsoft.VisualStudio.Tools.Office.ProgrammingModel.dll
+ 2009-02-20 16:46:59 53,248 ----a-w c:\windows\assembly\tmp\ET2CLV5E\WebDev.WebHost.dll
+ 2009-02-20 16:47:13 14,400 ----a-w c:\windows\assembly\tmp\FW5EOX6F\Microsoft.Workflow.ExpressionEvaluation.dll
+ 2009-02-20 16:47:13 99,384 ----a-w c:\windows\assembly\tmp\GQZ8HR0A\Microsoft.VisualStudio.ServiceModel.dll
+ 2009-02-20 16:42:28 159,744 ----a-w c:\windows\assembly\tmp\GW5EOX6F\Microsoft.CompactFramework.Design.SmartPhone.dll
+ 2009-02-20 16:47:09 749,568 ----a-w c:\windows\assembly\tmp\HX6FPY8H\Microsoft.VisualStudio.QualityTools.Resource.dll
+ 2009-02-20 16:42:28 69,632 ----a-w c:\windows\assembly\tmp\IX7GPY7H\Microsoft.CompactFramework.Design.PocketPC2004.dll
+ 2009-02-20 16:42:40 475,136 ----a-w c:\windows\assembly\tmp\IZ8HQ09K\Microsoft.VisualStudio.Tools.Applications.Project.dll
+ 2009-02-20 16:42:39 49,152 ----a-w c:\windows\assembly\tmp\L3CLV5FO\Microsoft.VisualStudio.Tools.Applications.BuildTasks.dll
+ 2009-02-20 16:42:40 94,208 ----a-w c:\windows\assembly\tmp\M1AJT2BK\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.dll
+ 2009-02-20 16:47:13 541,744 ----a-w c:\windows\assembly\tmp\N2BKT3CL\Microsoft.Workflow.VSDesigner.dll
+ 2009-02-20 16:47:14 28,672 ----a-w c:\windows\assembly\tmp\N2BLU3CL\Microsoft.Windows.Design.Host.dll
+ 2009-02-20 16:46:56 73,728 ----a-w c:\windows\assembly\tmp\N7GPZ8HQ\Microsoft.VisualBasic.PowerPacks.Vs.dll
+ 2009-02-20 16:42:28 651,264 ----a-w c:\windows\assembly\tmp\O3CLV4DM\Microsoft.CompactFramework.Design.dll
+ 2009-02-20 16:47:00 159,744 ----a-w c:\windows\assembly\tmp\P3DMV4EN\Microsoft.Windows.Design.Interaction.dll
+ 2009-02-20 16:46:57 8,704 ----a-w c:\windows\assembly\tmp\P4DMV4EN\Microsoft.VisualBasic.PowerPacks.VsPackage.dll
+ 2009-02-20 16:42:39 372,736 ----a-w c:\windows\assembly\tmp\Q5FOX6FP\Microsoft.Office.Tools.Common.v9.0.dll
+ 2009-02-20 16:47:14 1,191,936 ----a-w c:\windows\assembly\tmp\Q5HR1BLV\Microsoft.VisualStudio.Xaml.dll
+ 2009-02-20 16:42:29 49,152 ----a-w c:\windows\assembly\tmp\R6GPY7HQ\Microsoft.VisualStudio.DeviceConnectivity.Interop.9.0.dll
+ 2009-02-20 16:47:12 77,824 ----a-w c:\windows\assembly\tmp\R7HQ1ALV\Microsoft.VisualStudio.QualityTools.UnitTestFramework.dll
+ 2009-02-20 16:42:43 12,800 ----a-w c:\windows\assembly\tmp\T8HR09JS\Microsoft.VisualStudio.Tools.Office.Project.Excel.dll
+ 2009-02-20 16:42:41 303,104 ----a-w c:\windows\assembly\tmp\T9IR09JS\Microsoft.VisualStudio.Tools.Office.Ribbon.dll
+ 2009-02-20 16:42:39 69,632 ----a-w c:\windows\assembly\tmp\TAJS1BKU\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2009-02-20 16:42:39 106,496 ----a-w c:\windows\assembly\tmp\U9IR09JS\Microsoft.VisualStudio.Tools.Office.BuildTasks.dll
+ 2009-02-20 16:47:14 737,280 ----a-w c:\windows\assembly\tmp\U9IR0AJS\Microsoft.Windows.Design.Markup.dll
+ 2009-02-20 16:42:43 12,288 ----a-w c:\windows\assembly\tmp\VBKT2CLU\Microsoft.VisualStudio.Tools.Office.Project.Word.dll
+ 2009-02-20 16:42:38 143,360 ----a-w c:\windows\assembly\tmp\VCLV4DNW\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel.dll
+ 2009-02-20 16:42:38 835,584 ----a-w c:\windows\assembly\tmp\WCMV4DNW\Microsoft.CompactFramework.Build.Tasks.dll
+ 2009-02-20 16:47:00 106,496 ----a-w c:\windows\assembly\tmp\Y8HQZ9IR\Microsoft.Windows.Design.dll
+ 2009-02-20 16:42:28 200,704 ----a-w c:\windows\assembly\tmp\ZFOX6GPY\Microsoft.CompactFramework.Design.PocketPC.dll
+ 2009-02-20 16:47:14 164,872 ----a-w c:\windows\assembly\tmp\ZFOY7GPZ\WcfSvcHost.exe
- 2008-11-11 19:00:38 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2009-02-18 02:06:54 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-11-11 19:00:38 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2009-02-18 02:06:53 86,016 ----a-w c:\windows\inf\infstor.dat
- 2008-11-11 19:00:38 86,016 ----a-w c:\windows\inf\infstrng.dat
+ 2009-02-18 02:06:54 86,016 ----a-w c:\windows\inf\infstrng.dat
+ 2009-02-20 06:32:42 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2007-11-08 03:02:38 168,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2007-11-08 03:02:38 233,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2007-11-08 03:02:38 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2007-11-08 03:02:38 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2007-11-08 03:02:38 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2007-11-08 03:02:38 1,545,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2007-11-08 03:00:02 210,834 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\baseline.dat
+ 2007-11-08 00:26:34 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\DeleteTemp.exe
+ 2007-11-08 00:26:34 276,472 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\dlmgr.dll
+ 2007-11-08 00:26:34 1,059,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\gencomp.dll
+ 2007-11-08 00:26:34 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\HtmlLite.dll
+ 2007-11-08 00:26:34 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
+ 2007-11-08 00:26:34 112,128 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1025.dll
+ 2007-11-08 00:26:34 84,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1028.dll
+ 2007-11-08 00:26:34 124,416 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1029.dll
+ 2007-11-08 00:26:34 125,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1030.dll
+ 2007-11-08 00:26:34 129,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1031.dll
+ 2007-11-08 00:26:34 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1032.dll
+ 2007-11-08 00:26:34 120,832 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1035.dll
+ 2007-11-08 00:26:34 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1036.dll
+ 2007-11-08 00:26:34 110,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1037.dll
+ 2007-11-08 00:26:34 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1038.dll
+ 2007-11-08 00:26:34 127,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1040.dll
+ 2007-11-08 00:26:34 96,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1041.dll
+ 2007-11-08 00:26:34 93,696 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1042.dll
+ 2007-11-08 00:26:34 127,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1043.dll
+ 2007-11-08 00:26:34 120,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1044.dll
+ 2007-11-08 00:26:34 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1045.dll
+ 2007-11-08 00:26:34 121,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1046.dll
+ 2007-11-08 00:26:34 122,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1049.dll
+ 2007-11-08 00:26:34 120,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1053.dll
+ 2007-11-08 00:26:34 119,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1055.dll
+ 2007-11-08 00:26:34 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2052.dll
+ 2007-11-08 00:26:34 130,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2070.dll
+ 2007-11-08 00:26:34 130,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.3082.dll
+ 2007-11-08 00:26:34 109,568 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.dll
+ 2007-11-08 00:26:34 1,361,920 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\SITSetup.dll
+ 2007-11-08 00:26:34 1,045,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.dll
+ 2007-11-08 00:26:34 627,712 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs70uimgr.dll
+ 2007-11-08 00:26:34 411,136 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsbasereqs.dll
+ 2007-11-08 00:26:34 687,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsscenario.dll
+ 2007-11-08 00:26:34 102,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1025.dll
+ 2007-11-08 00:26:34 90,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1028.dll
+ 2007-11-08 00:26:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1029.dll
+ 2007-11-08 00:26:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1030.dll
+ 2007-11-08 00:26:34 111,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1031.dll
+ 2007-11-08 00:26:34 113,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1032.dll
+ 2007-11-08 00:26:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1035.dll
+ 2007-11-08 00:26:34 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1036.dll
+ 2007-11-08 00:26:34 101,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1037.dll
+ 2007-11-08 00:26:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1038.dll
+ 2007-11-08 00:26:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1040.dll
+ 2007-11-08 00:26:34 95,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1041.dll
+ 2007-11-08 00:26:34 92,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1042.dll
+ 2007-11-08 00:26:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1043.dll
+ 2007-11-08 00:26:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1044.dll
+ 2007-11-08 00:26:34 109,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1045.dll
+ 2007-11-08 00:26:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1046.dll
+ 2007-11-08 00:26:34 107,000 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1049.dll
+ 2007-11-08 00:26:34 105,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1053.dll
+ 2007-11-08 00:26:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1055.dll
+ 2007-11-08 00:26:34 89,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2052.dll
+ 2007-11-08 00:26:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2070.dll
+ 2007-11-08 00:26:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.3082.dll
+ 2007-11-08 00:26:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.dll
+ 2007-11-08 00:26:34 982,008 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapUI.dll
+ 2007-11-08 03:02:38 794,624 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2007-11-08 03:02:38 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2007-11-08 03:02:38 91,136 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2007-11-08 03:02:38 1,710,584 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2007-10-19 10:58:38 182,288 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2007-11-08 03:02:38 71,160 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2009-03-03 19:11:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-03 19:11:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-10 18:14:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-03 19:13:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-10 18:14:25 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-03 19:13:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelFrench.dll
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelGerman.dll
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelJapanese.dll
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelKorean.dll
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelPortugese.dll
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelSimplifiedChinese.dll
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelSpanish.dll
+ 2008-10-07 17:13:20 58,648 ----a-w c:\windows\System32\AgCPanelSwedish.dll
+ 2008-10-07 17:13:22 58,648 ----a-w c:\windows\System32\AgCPanelTraditionalChinese.dll
+ 2008-10-07 17:13:18 199,885 ----a-w c:\windows\System32\AGEIA\AG1011\app.bin
+ 2008-10-07 17:13:20 119,473 ----a-w c:\windows\System32\AGEIA\AG1011\diag.bin
+ 2008-10-07 17:13:20 214,629 ----a-w c:\windows\System32\AGEIA\AG1021\app.bin
+ 2008-10-07 17:13:20 116,977 ----a-w c:\windows\System32\AGEIA\AG1021\diag.bin
- 2009-02-10 16:05:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-02 04:23:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-10 16:05:40 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-02 04:23:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-10 16:05:40 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-02 04:23:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-10 18:02:11 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-03 19:07:27 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2006-01-06 17:06:33 573,952 ----a-w c:\windows\System32\DivX.dll
+ 2006-01-06 17:05:30 679,936 ----a-w c:\windows\System32\divx_xx07.dll
+ 2006-01-06 17:05:29 679,936 ----a-w c:\windows\System32\divx_xx0c.dll
+ 2006-01-06 17:05:29 663,552 ----a-w c:\windows\System32\divx_xx11.dll
+ 2006-01-06 17:06:34 778,240 ----a-w c:\windows\System32\DivXsm.exe
+ 2006-01-06 16:34:58 86,016 ----a-w c:\windows\System32\dpl100.dll
+ 2006-01-06 16:34:57 294,912 ----a-w c:\windows\System32\dpu10.dll
+ 2006-01-06 16:34:57 294,912 ----a-w c:\windows\System32\dpu11.dll
+ 2006-01-06 16:34:58 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
+ 2006-01-06 16:34:58 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
+ 2006-01-06 16:34:57 339,968 ----a-w c:\windows\System32\dpus11.dll
+ 2006-01-06 16:34:57 57,344 ----a-w c:\windows\System32\dpv11.dll
- 2008-03-25 02:52:00 7,438,848 ----a-w c:\windows\System32\drivers\nvlddmkm.sys
+ 2009-01-15 16:19:00 7,740,320 ----a-w c:\windows\System32\drivers\nvlddmkm.sys
+ 2009-01-15 16:19:00 795,104 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\dpinst.exe
+ 2009-01-15 16:19:00 663,552 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvapi.dll
+ 2009-01-15 16:19:00 135,168 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvcod.dll
+ 2009-01-15 16:19:00 13,683,232 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvcpl.dll
+ 2009-01-15 16:19:00 801,312 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvcplui.exe
+ 2009-01-15 16:19:00 1,560,576 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvcuda.dll
+ 2009-01-15 16:19:00 6,070,272 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvd3dum.dll
+ 2009-01-15 16:19:00 4,717,088 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvdisps.dll
+ 2009-01-15 16:19:00 3,496,480 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvgames.dll
+ 2009-01-15 16:19:00 7,740,320 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvlddmkm.sys
+ 2009-01-15 16:19:00 236,064 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvmccs.dll
+ 2009-01-15 16:19:00 45,056 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvmccsrs.dll
+ 2009-01-15 16:19:00 195,104 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvmccss.dll
+ 2009-01-15 16:19:00 92,704 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvmctray.dll
+ 2009-01-15 16:19:00 1,292,832 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvmobls.dll
+ 2009-01-15 16:19:00 9,617,408 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvoglv32.dll
+ 2009-01-15 16:19:00 641,568 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvsvc.dll
+ 2009-01-15 16:19:00 1,286,144 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvsvs.dll
+ 2009-01-15 16:19:00 453,152 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvudisp.exe
+ 2009-01-15 16:19:00 3,803,680 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvvitvs.dll
+ 2009-01-15 16:19:00 207,392 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvvsvc.exe
+ 2009-01-15 16:19:00 2,731,008 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvwgf2um.dll
+ 2009-01-15 16:19:00 2,751,008 ----a-w c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_2e303a96\nvwss.dll
+ 2006-01-06 16:34:58 200,704 ----a-w c:\windows\System32\dtu100.dll
- 2006-10-26 22:10:08 1,190,688 ----a-w c:\windows\System32\FM20.DLL
+ 2007-10-08 13:38:36 1,195,888 ----a-w c:\windows\System32\FM20.DLL
- 2008-12-02 18:11:58 380,832 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-02-20 16:50:43 381,632 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\System32\ieframe.dll
- 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\System32\iertutil.dll
- 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2006-01-06 16:17:35 1,044,480 ----a-w c:\windows\System32\libdivx.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\System32\mrt.exe
- 2008-01-21 02:33:42 458,240 ----a-w c:\windows\System32\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\System32\msfeeds.dll
- 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\System32\mshtml.dll
- 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\System32\mstime.dll
- 2008-03-25 02:52:00 425,984 ----a-w c:\windows\System32\nvapi.dll
+ 2009-01-15 16:19:00 663,552 ----a-w c:\windows\System32\nvapi.dll
- 2008-03-25 02:52:00 35,840 ----a-w c:\windows\System32\nvcod.dll
+ 2009-01-15 16:19:00 135,168 ----a-w c:\windows\System32\nvcod.dll
+ 2009-01-15 16:19:00 135,168 ----a-w c:\windows\System32\nvcod137.dll
- 2008-03-25 02:52:00 13,531,680 ----a-w c:\windows\System32\nvcpl.dll
+ 2009-01-15 16:19:00 13,683,232 ----a-w c:\windows\System32\nvcpl.dll
- 2008-03-25 02:52:00 764,448 ----a-w c:\windows\System32\nvcplui.exe
+ 2009-01-15 16:19:00 801,312 ----a-w c:\windows\System32\nvcplui.exe
+ 2009-01-15 16:19:00 1,560,576 ----a-w c:\windows\System32\nvcuda.dll
- 2008-03-25 02:52:00 5,537,792 ----a-w c:\windows\System32\nvd3dum.dll
+ 2009-01-15 16:19:00 6,070,272 ----a-w c:\windows\System32\nvd3dum.dll
- 2008-03-25 02:52:00 6,588,960 ----a-w c:\windows\System32\nvdisps.dll
+ 2009-01-15 16:19:00 4,717,088 ----a-w c:\windows\System32\nvdisps.dll
- 2008-03-25 02:52:00 3,476,000 ----a-w c:\windows\System32\nvgames.dll
+ 2009-01-15 16:19:00 3,496,480 ----a-w c:\windows\System32\nvgames.dll
- 2008-03-25 02:52:00 236,064 ----a-w c:\windows\System32\nvmccs.dll
+ 2009-01-15 16:19:00 236,064 ----a-w c:\windows\System32\nvmccs.dll
- 2008-03-25 02:52:00 45,056 ----a-w c:\windows\System32\nvmccsrs.dll
+ 2009-01-15 16:19:00 45,056 ----a-w c:\windows\System32\nvmccsrs.dll
- 2008-03-25 02:52:00 195,104 ----a-w c:\windows\System32\nvmccss.dll
+ 2009-01-15 16:19:00 195,104 ----a-w c:\windows\System32\nvmccss.dll
- 2008-03-25 02:52:00 92,704 ----a-w c:\windows\System32\nvmctray.dll
+ 2009-01-15 16:19:00 92,704 ----a-w c:\windows\System32\nvmctray.dll
- 2008-03-25 02:52:00 1,264,160 ----a-w c:\windows\System32\nvmobls.dll
+ 2009-01-15 16:19:00 1,292,832 ----a-w c:\windows\System32\nvmobls.dll
- 2008-03-25 02:52:00 8,949,760 ----a-w c:\windows\System32\nvoglv32.dll
+ 2009-01-15 16:19:00 9,617,408 ----a-w c:\windows\System32\nvoglv32.dll
- 2008-03-25 02:52:00 219,680 ----a-w c:\windows\System32\nvsvc.dll
+ 2009-01-15 16:19:00 641,568 ----a-w c:\windows\System32\nvsvc.dll
+ 2009-01-15 16:19:00 1,286,144 ----a-w c:\windows\System32\nvsvs.dll
- 2008-03-25 02:52:00 442,368 ----a-w c:\windows\System32\nvudisp.exe
+ 2009-01-15 16:19:00 453,152 ----a-w c:\windows\System32\nvudisp.exe
- 2008-03-25 02:52:00 3,783,200 ----a-w c:\windows\System32\nvvitvs.dll
+ 2009-01-15 16:19:00 3,803,680 ----a-w c:\windows\System32\nvvitvs.dll
- 2008-03-25 02:52:00 118,784 ----a-w c:\windows\System32\nvvsvc.exe
+ 2009-01-15 16:19:00 207,392 ----a-w c:\windows\System32\nvvsvc.exe
- 2008-03-25 02:52:00 2,213,888 ----a-w c:\windows\System32\nvwgf2um.dll
+ 2009-01-15 16:19:00 2,731,008 ----a-w c:\windows\System32\nvwgf2um.dll
- 2008-03-25 02:52:00 2,636,320 ----a-w c:\windows\System32\nvwss.dll
+ 2009-01-15 16:19:00 2,751,008 ----a-w c:\windows\System32\nvwss.dll
- 2009-02-10 18:12:23 105,170 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-28 12:34:39 105,170 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-10 18:12:23 604,214 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-28 12:34:39 604,214 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-25 16:38:10 288,024 ----a-w c:\windows\System32\PhysXCompatCplUI.exe
+ 2008-11-26 16:55:02 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe
+ 2008-10-07 17:13:30 197,912 ----a-w c:\windows\System32\physxcudart_20.dll
+ 2006-01-06 16:52:42 372,736 ------w c:\windows\System32\px.dll
+ 2006-01-06 16:52:42 56,832 ------w c:\windows\System32\pxcpya64.exe
+ 2006-01-06 16:52:43 421,888 ------w c:\windows\System32\pxdrv.dll
+ 2006-01-06 16:52:42 61,440 ------w c:\windows\System32\pxhpinst.exe
+ 2006-01-06 16:52:42 56,320 ------w c:\windows\System32\pxinsa64.exe
+ 2006-01-06 16:52:43 172,032 ------w c:\windows\System32\pxmas.dll
+ 2006-01-06 16:52:42 339,968 ------w c:\windows\System32\pxwave.dll
+ 2006-01-06 16:34:58 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
- 2009-01-16 00:03:29 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-24 20:19:39 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-24 20:19:39 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat_previous
+ 2006-01-06 16:17:35 200,704 ----a-w c:\windows\System32\ssldivx.dll
- 2004-12-07 17:11:34 258,352 ----a-w c:\windows\System32\unicows.dll
+ 2006-01-06 05:48:01 245,408 ----a-w c:\windows\System32\unicows.dll
- 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2006-01-06 16:52:42 28,672 ------w c:\windows\System32\vxblock.dll
- 2009-02-10 18:09:20 11,140 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-987608043-2537006508-763268719-1000_UserData.bin
+ 2009-03-03 19:05:53 12,466 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-987608043-2537006508-763268719-1000_UserData.bin
- 2009-02-10 18:09:20 81,568 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 19:05:53 82,524 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-10 18:12:28 4,078 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-26 04:41:46 4,078 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-10 18:09:19 55,318 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-03 19:05:52 56,864 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-11 02:42:32 255,794 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-02-26 04:39:03 260,680 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-02-20 16:42:23 2,372,088 ----a-w c:\windows\winsxs\InstallTemp\20090220084217593.0\mfc90d.dll
+ 2009-02-20 16:42:24 2,399,744 ----a-w c:\windows\winsxs\InstallTemp\20090220084217593.0\mfc90ud.dll
+ 2009-02-20 16:42:24 80,896 ----a-w c:\windows\winsxs\InstallTemp\20090220084217593.0\mfcm90d.dll
+ 2009-02-20 16:42:24 80,896 ----a-w c:\windows\winsxs\InstallTemp\20090220084217593.0\mfcm90ud.dll
+ 2009-02-20 16:42:19 1,156,600 ----a-w c:\windows\winsxs\InstallTemp\20090220084217943.0\mfc90.dll
+ 2009-02-20 16:42:19 1,162,744 ----a-w c:\windows\winsxs\InstallTemp\20090220084217943.0\mfc90u.dll
+ 2009-02-20 16:42:19 59,904 ----a-w c:\windows\winsxs\InstallTemp\20090220084217943.0\mfcm90.dll
+ 2009-02-20 16:42:19 59,904 ----a-w c:\windows\winsxs\InstallTemp\20090220084217943.0\mfcm90u.dll
+ 2009-02-20 16:42:22 41,472 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90chs.dll
+ 2009-02-20 16:42:23 41,984 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90cht.dll
+ 2009-02-20 16:42:23 60,928 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90deu.dll
+ 2009-02-20 16:42:23 54,272 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90enu.dll
+ 2009-02-20 16:42:23 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90esn.dll
+ 2009-02-20 16:42:24 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90esp.dll
+ 2009-02-20 16:42:24 60,416 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90fra.dll
+ 2009-02-20 16:42:24 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90ita.dll
+ 2009-02-20 16:42:24 47,104 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90jpn.dll
+ 2009-02-20 16:42:24 46,592 ----a-w c:\windows\winsxs\InstallTemp\20090220084222001.0\mfc90kor.dll
+ 2009-02-20 16:43:24 91,648 ----a-w c:\windows\winsxs\InstallTemp\20090220084320684.0\vcomp90d.dll
+ 2009-02-20 16:43:24 54,272 ----a-w c:\windows\winsxs\InstallTemp\20090220084320871.0\vcomp90.dll
+ 2009-02-20 16:45:32 179,704 ----a-w c:\windows\winsxs\InstallTemp\20090220084532829.0\atl90.dll
+ 2009-02-20 16:45:41 245,248 ----a-w c:\windows\winsxs\InstallTemp\20090220084533349.0\msvcm90.dll
+ 2009-02-20 16:45:41 851,456 ----a-w c:\windows\winsxs\InstallTemp\20090220084533349.0\msvcp90.dll
+ 2009-02-20 16:45:42 627,200 ----a-w c:\windows\winsxs\InstallTemp\20090220084533349.0\msvcr90.dll
+ 2009-02-20 16:45:41 332,800 ----a-w c:\windows\winsxs\InstallTemp\20090220084533458.0\msvcm90d.dll
+ 2009-02-20 16:45:42 1,117,184 ----a-w c:\windows\winsxs\InstallTemp\20090220084533458.0\msvcp90d.dll
+ 2009-02-20 16:45:42 1,352,704 ----a-w c:\windows\winsxs\InstallTemp\20090220084533458.0\msvcr90d.dll
+ 2009-02-20 16:45:38 2,946,552 ----a-w c:\windows\winsxs\InstallTemp\20090220084533565.0\mfc90d.dll
+ 2009-02-20 16:45:40 2,973,696 ----a-w c:\windows\winsxs\InstallTemp\20090220084533565.0\mfc90ud.dll
+ 2009-02-20 16:45:40 93,184 ----a-w c:\windows\winsxs\InstallTemp\20090220084533565.0\mfcm90d.dll
+ 2009-02-20 16:45:41 93,696 ----a-w c:\windows\winsxs\InstallTemp\20090220084533565.0\mfcm90ud.dll
+ 2009-02-20 16:45:43 108,032 ----a-w c:\windows\winsxs\InstallTemp\20090220084533674.0\vcomp90d.dll
+ 2009-02-20 16:45:38 1,671,160 ----a-w c:\windows\winsxs\InstallTemp\20090220084533789.0\mfc90.dll
+ 2009-02-20 16:45:40 1,679,864 ----a-w c:\windows\winsxs\InstallTemp\20090220084533789.0\mfc90u.dll
+ 2009-02-20 16:45:40 67,072 ----a-w c:\windows\winsxs\InstallTemp\20090220084533789.0\mfcm90.dll
+ 2009-02-20 16:45:40 67,072 ----a-w c:\windows\winsxs\InstallTemp\20090220084533789.0\mfcm90u.dll
+ 2009-02-20 16:45:38 41,472 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90chs.dll
+ 2009-02-20 16:45:38 41,984 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90cht.dll
+ 2009-02-20 16:45:39 60,928 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90deu.dll
+ 2009-02-20 16:45:39 54,272 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90enu.dll
+ 2009-02-20 16:45:39 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90esn.dll
+ 2009-02-20 16:45:39 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90esp.dll
+ 2009-02-20 16:45:39 60,416 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90fra.dll
+ 2009-02-20 16:45:39 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90ita.dll
+ 2009-02-20 16:45:39 47,104 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90jpn.dll
+ 2009-02-20 16:45:39 46,592 ----a-w c:\windows\winsxs\InstallTemp\20090220084535549.0\mfc90kor.dll
+ 2009-02-20 16:45:43 59,904 ----a-w c:\windows\winsxs\InstallTemp\20090220084535652.0\vcomp90.dll
+ 2009-02-20 16:46:32 3,624,440 ----a-w c:\windows\winsxs\InstallTemp\20090220084630988.0\mfc90.dll
+ 2009-02-20 16:46:34 3,631,096 ----a-w c:\windows\winsxs\InstallTemp\20090220084630988.0\mfc90u.dll
+ 2009-02-20 16:46:34 93,184 ----a-w c:\windows\winsxs\InstallTemp\20090220084630988.0\mfcm90.dll
+ 2009-02-20 16:46:35 93,184 ----a-w c:\windows\winsxs\InstallTemp\20090220084630988.0\mfcm90u.dll
+ 2009-02-20 16:46:32 41,472 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90chs.dll
+ 2009-02-20 16:46:33 41,984 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90cht.dll
+ 2009-02-20 16:46:33 60,928 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90deu.dll
+ 2009-02-20 16:46:33 54,272 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90enu.dll
+ 2009-02-20 16:46:33 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90esn.dll
+ 2009-02-20 16:46:33 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90esp.dll
+ 2009-02-20 16:46:33 60,416 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90fra.dll
+ 2009-02-20 16:46:34 59,392 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90ita.dll
+ 2009-02-20 16:46:34 47,104 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90jpn.dll
+ 2009-02-20 16:46:34 46,592 ----a-w c:\windows\winsxs\InstallTemp\20090220084631512.0\mfc90kor.dll
- 2009-01-14 16:39:43 113,580,431 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-24 20:19:06 121,120,488 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-15 04:15:58 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16809_none_a9ee2d39f5a1db5c\advpack.dll
+ 2009-01-15 04:14:44 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20996_none_aa1379db0f0b2a9a\advpack.dll
+ 2009-01-15 04:16:02 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16809_none_ebe936e9163ac15b\pngfilt.dll
+ 2009-01-15 04:18:35 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20996_none_ec0e838a2fa41099\pngfilt.dll
+ 2009-01-15 04:16:03 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\urlmon.dll
+ 2009-01-15 04:19:06 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_b32b2c3cf30487fd\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\urlmon.dll
+ 2009-01-16 04:59:50 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_b53baa48f00b8fd3\urlmon.dll
+ 2009-01-15 04:16:01 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16809_none_dee86e647f43f82e\mstime.dll
+ 2009-01-15 04:17:12 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20996_none_df0dbb0598ad476c\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18203_none_e0c8ab4e7c6ff115\mstime.dll
+ 2009-01-16 04:57:07 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22355_none_e11e391195b44f42\mstime.dll
+ 2009-01-15 04:16:00 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\jsproxy.dll
+ 2009-01-15 04:16:03 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
+ 2009-01-15 04:16:03 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\WininetPlugin.dll
+ 2009-01-15 04:16:04 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\jsproxy.dll
+ 2009-01-15 04:19:13 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
+ 2009-01-15 04:19:13 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\WininetPlugin.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\jsproxy.dll
+ 2009-01-15 06:11:16 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WininetPlugin.dll
+ 2009-01-16 04:56:01 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\jsproxy.dll
+ 2009-01-16 05:00:04 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
+ 2009-01-16 05:00:04 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\WininetPlugin.dll
+ 2008-01-21 02:34:01 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dat
+ 2009-01-15 04:16:00 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dll
+ 2008-01-21 02:34:01 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dat
+ 2009-01-15 04:15:42 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dll
+ 2009-01-15 04:15:59 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtmsft.dll
+ 2009-01-15 04:15:59 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtrans.dll
+ 2009-01-15 04:15:22 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtmsft.dll
+ 2009-01-15 04:15:22 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtrans.dll
+ 2009-01-15 04:16:00 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16809_none_5e09520c3d47b20a\msfeeds.dll
+ 2009-01-15 04:16:41 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.20996_none_5e2e9ead56b10148\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18203_none_5fe98ef63a73aaf1\msfeeds.dll
+ 2009-01-16 04:56:39 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22355_none_603f1cb953b8091e\msfeeds.dll
+ 2009-01-15 04:16:00 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16809_none_464bb12746361260\mshtmled.dll
+ 2009-01-15 04:16:46 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20996_none_4670fdc85f9f619e\mshtmled.dll
+ 2009-01-15 04:16:00 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16809_none_1165da5c24fac888\mshtml.dll
+ 2009-01-15 04:16:45 3,596,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20996_none_118b26fd3e6417c6\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none_134617462226c16f\mshtml.dll
+ 2009-01-16 04:56:43 3,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22355_none_139ba5093b6b1f9c\mshtml.dll
+ 2009-01-15 04:16:00 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16809_none_58be4726670f5491\icardie.dll
+ 2009-01-15 04:15:42 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20996_none_58e393c78078a3cf\icardie.dll
+ 2009-01-15 04:15:30 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\ieUnatt.exe
+ 2009-01-15 04:14:36 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
+ 2009-01-15 02:05:46 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\ieUnatt.exe
+ 2009-01-15 04:18:47 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
+ 2009-01-15 04:16:00 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\iertutil.dll
+ 2009-01-15 04:16:02 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\sqmapi.dll
+ 2009-01-15 04:15:44 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\iertutil.dll
+ 2009-01-15 04:18:57 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\sqmapi.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\iertutil.dll
+ 2008-01-21 02:34:16 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\sqmapi.dll
+ 2009-01-16 04:55:51 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\iertutil.dll
+ 2009-01-16 04:59:31 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\sqmapi.dll
+ 2009-01-15 04:15:30 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\ie4uinit.exe
+ 2009-01-15 04:16:00 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iernonce.dll
+ 2009-01-15 04:16:00 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iesetup.dll
+ 2009-01-15 02:05:40 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\ie4uinit.exe
+ 2009-01-15 04:15:44 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iernonce.dll
+ 2009-01-15 04:15:44 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iesetup.dll
+ 2009-01-15 04:16:00 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16809_none_2a18935467fa6c37\iebrshim.dll
+ 2009-01-15 04:15:42 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20996_none_2a3ddff58163bb75\iebrshim.dll
+ 2009-01-15 04:16:00 6,066,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieframe.dll
+ 2009-01-15 04:16:00 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieui.dll
+ 2009-01-15 04:15:44 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieframe.dll
+ 2009-01-15 04:15:44 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieui.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieframe.dll
+ 2008-01-21 02:34:25 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieui.dll
+ 2009-01-16 04:55:51 6,070,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieframe.dll
+ 2009-01-16 04:55:51 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieui.dll
+ 2009-01-15 04:15:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16809_none_e6bea0de9473aaed\ieinstal.exe
+ 2009-01-15 02:05:59 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20996_none_e6e3ed7faddcfa2b\ieinstal.exe
+ 2009-01-15 04:15:30 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16809_none_0b66d5fad6ee6a9f\ieuser.exe
+ 2009-01-15 02:06:01 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20996_none_0b8c229bf057b9dd\ieuser.exe
+ 2009-01-09 23:21:31 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16808_none_f0a9e19a6e4c873c\OESpamFilter.dat
+ 2009-01-08 23:21:51 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20995_none_f0cf2e3b87b5d67a\OESpamFilter.dat
+ 2009-01-08 23:21:09 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18202_none_f28a1e846b788023\OESpamFilter.dat
+ 2009-01-08 23:21:04 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22353_none_f2deabfd84bdc4f9\OESpamFilter.dat
+ 2009-02-20 06:29:32 161,784 ----a-w c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5\ATL90.dll
+ 2009-02-20 06:29:36 224,768 ----a-w c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcm90.dll
+ 2009-02-20 06:29:36 568,832 ----a-w c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcp90.dll
+ 2009-02-20 06:29:35 655,872 ----a-w c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcr90.dll
+ 2009-02-20 16:48:33 311,808 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_96748342450f6aa2\msvcm90d.dll
+ 2009-02-20 16:48:33 868,864 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_96748342450f6aa2\msvcp90d.dll
+ 2009-02-20 16:48:33 1,180,672 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.21022.8_none_96748342450f6aa2\msvcr90d.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-02-06 3572984]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-06-05 1261568]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1601304]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-03 21244864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6EDD6F1D-0FA5-49EB-9C2C-D52E1E8490EC}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"UDP Query User{11CD9327-8474-43BC-8B1F-4ED5E78550A7}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"TCP Query User{35D82BD2-91E8-4232-A1BF-9DB64615797F}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"UDP Query User{81DDCA83-2EB8-4C92-8149-1B260114B28F}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"TCP Query User{F69B3EA3-824F-4D6D-88AE-6D2D738AC959}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"UDP Query User{34AC868B-A8D4-4BCE-9B56-4C4415176075}c:\\program files\\steam\\steamapps\\dosdaplace7\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\counter-strike source\hl2.exe:hl2
"TCP Query User{88BEF903-650C-4590-921D-A878C0EAEE97}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"UDP Query User{7D3008DB-F6FD-4E7E-A242-4F8A6F0482C1}c:\\program files\\steam\\steamapps\\dosdaplace7\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\team fortress 2\hl2.exe:hl2
"TCP Query User{D65C0AA8-AFC3-479A-B418-C30DEBB715FE}c:\\program files\\steam\\steamapps\\dosdaplace7\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\source sdk base\hl2.exe:hl2
"UDP Query User{47DD9967-D18A-4989-95AC-EAA73588016A}c:\\program files\\steam\\steamapps\\dosdaplace7\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\source sdk base\hl2.exe:hl2
"TCP Query User{237FCCD5-284A-4A6D-902A-B78A012BB1E9}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{4EDC86F7-62B0-43B1-B5AE-9000F8E16494}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{337A4B1F-1BBC-4A5C-846C-128A665F6198}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{8D17CD53-2DD5-4462-BC99-A3CD0E34A8EE}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"{943779FC-2B86-4BA5-954A-CC028376B627}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{970F7159-4780-491A-92FF-C79BF5BA2768}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{5E5387F0-A44C-4030-98E1-6B8B1494C20F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{830B74C2-B1B5-4928-A96B-DEE303737C91}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{F9703490-5F72-480B-BBCC-39A939621B9E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{2C4135D2-65BA-4F18-BC7A-22DDF72F5F7F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{0D90456C-918A-46D8-97B8-89F68D9E9979}c:\\users\\steve\\program files\\dna\\btdna.exe"= UDP:c:\users\steve\program files\dna\btdna.exe:btdna.exe
"UDP Query User{F550A65B-ECA3-42A3-8971-F7052D0682B1}c:\\users\\steve\\program files\\dna\\btdna.exe"= TCP:c:\users\steve\program files\dna\btdna.exe:btdna.exe
"TCP Query User{7C59B802-33CF-4B02-A769-D7E8180040EF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{7050C388-3242-4349-AA7B-D3C03E472A0C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{960D9F87-D4A4-4540-AE14-5F1F940B3752}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{D47C7A14-9905-49BB-B870-CB9BA65987EB}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{CE3DCF33-1CB7-4682-8185-18D0FD8EA477}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{1E257C38-61A9-40D4-A39E-4B5F2B7A0A14}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C7018113-09C2-43E6-8703-A8274232B62C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{730379EA-027C-4D59-8D18-64D82638DA75}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{25E28ADC-2209-4539-8150-D738ECBE0E05}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{FBB1921C-D7D9-4636-998E-76FA7D5C1850}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{E9E5EB39-49EE-410A-9B62-1E2497FDB48D}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{D8717E91-76FD-4DD9-B70B-2343BC54A8DE}c:\\users\\steve\\desktop\\wotlk_intro_en.avi-downloader.exe"= UDP:c:\users\steve\desktop\wotlk_intro_en.avi-downloader.exe:wotlk_intro_en.avi-downloader.exe
"UDP Query User{D77F6B49-D8DC-40BD-B97B-37804BD4E1B5}c:\\users\\steve\\desktop\\wotlk_intro_en.avi-downloader.exe"= TCP:c:\users\steve\desktop\wotlk_intro_en.avi-downloader.exe:wotlk_intro_en.avi-downloader.exe
"TCP Query User{48A33046-E630-4EF9-BAC2-65039A898141}c:\\program files\\steam\\steamapps\\dosdaplace7\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\dosdaplace7\day of defeat source\hl2.exe:hl2
"UDP Query User{D73BA953-6510-4E3B-8B25-0D448CF75A92}c:\\program files\\steam\\steamapps\\dosdaplace7\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\dosdaplace7\day of defeat source\hl2.exe:hl2
"{033119F5-E3B9-4A4A-8C9F-7593F1E91FB3}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{70AFA893-8AC7-4052-84C6-403F52BC0576}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B925D189-C21F-49B6-B69F-29EC09D14B0F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CB60A031-02C8-450E-BDA4-D85F1972FE6B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{5338A1AD-9FFA-4668-BBAE-5B9C0753424C}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0B9783E9-36DA-48CC-B2A8-E2BBFB7CD77C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{2483366D-1FE5-4622-B9F6-8354F5888495}c:\\program files\\steam\\steamapps\\coganatior\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\coganatior\counter-strike source\hl2.exe:hl2
"UDP Query User{7B7B883C-8F33-42BA-B0BC-D0FDB85CE2EC}c:\\program files\\steam\\steamapps\\coganatior\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\coganatior\counter-strike source\hl2.exe:hl2
"TCP Query User{EAAB3D0E-B212-4908-9017-4B7867AFAB7F}c:\\users\\steve\\desktop\\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe"= UDP:c:\users\steve\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe:wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe
"UDP Query User{9C462AD0-7211-4B1C-BC39-B286C50FA8E3}c:\\users\\steve\\desktop\\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe"= TCP:c:\users\steve\desktop\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe:wow-2.4.2.8278-to-0.4.3.8478-enus-downloader.exe
"{0D5C9414-695B-4471-8454-FB52C817BBE7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{E6646362-1533-4BEA-9A51-AE69D0CFE5D1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{742DDCF5-B4E0-4299-93FD-460C84C86E6E}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{D4EA8730-866A-45A4-8E5B-0703BA15414B}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{68B42BD2-9B31-4CED-B906-8083EA640FB0}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{F84225C7-1373-4BD7-8DF3-2706EE5E8A9E}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{57F5BCC4-373E-4A97-8607-8E2737E6A597}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9B53E8E1-803A-4572-98EC-E3DF50DFF440}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{BC1F4FD7-B60F-4651-8897-0F323B368D78}"= UDP:990:LocalSubnet:LocalSubnet|IF={FB1AEB9C-A9F1-4D18-B8C9-F4061648343F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{67BD2016-C1EA-4837-8D2B-69FF62309176}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{69531F1D-7C08-493E-944E-C833D2B5AD77}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{2923EAF7-F3C0-4F57-8C1E-068B231CBC1F}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{30E234F9-528F-4B01-B700-C2B80AA6FB75}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{2471588F-18CF-4DBB-899B-6F27069CBB08}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{68D170E1-B16D-4DA1-A21D-132910673221}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{36EE3443-E750-425F-8979-AE1F5F89F0E0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0484C1B5-B341-4E24-8D14-97A69710171B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{F4F99A92-15A7-404A-BEF1-F633B33C155C}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 5100f810\\launcher.exe"= UDP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 5100f810\launcher.exe:launcher.exe
"UDP Query User{8BD01338-D9E6-4D28-A6E2-6E184AC7836E}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 5100f810\\launcher.exe"= TCP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 5100f810\launcher.exe:launcher.exe
"{C81CFFE8-D3E9-4005-926A-CF426C136476}"= UDP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{EAA4ABDB-4656-400C-8F05-2D21B62728E7}"= TCP:c:\program files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"TCP Query User{B2C8274E-70EC-429D-AE12-0D3AE4C03F63}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 54e064c0\\launcher.exe"= UDP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 54e064c0\launcher.exe:launcher.exe
"UDP Query User{1B9542FA-DC7D-4843-93BA-F7A4EDDE8538}c:\\users\\steve\\appdata\\local\\temp\\blizzard launcher temporary - 54e064c0\\launcher.exe"= TCP:c:\users\steve\appdata\local\temp\blizzard launcher temporary - 54e064c0\launcher.exe:launcher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [2007-06-14 143256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-09 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-28 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-09 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-09 298264]
R2 Cepstral License Server;Cepstral License Server;c:\program files\Cepstral\bin\CepstralLicSrv.exe [2008-06-24 57344]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\System32\drivers\PAC7302.SYS [2008-10-14 457856]
S2 MRUWebService;MRU Web Service;"c:\program files\Marvell\61xx\Apache2\bin\Apache.exe" -k runservice --> c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19a6e400-53d1-11dd-91da-001e8c72009b}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41c425c4-fe85-11d5-b863-806e6f6e6963}]
\shell\AutoRun\command - D:\BSAutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8725a7c3-2015-11dd-82d4-806e6f6e6963}]
\shell\AutoRun\command - D:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d94761-1fa1-11dd-a76d-806e6f6e6963}]
\shell\AutoRun\command - d:\bin\Assetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-25 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe []

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{6871C9F5-9450-44AF-A7C4-13F6667379BD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5jn85h6.default\
1 file(s) moved.
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p5jn85h6.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Steve\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 11:13:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000003DF4FA60558488CB80 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-03-03 11:16:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-03 19:16:01
ComboFix2.txt 2009-02-10 18:18:17

Pre-Run: 428,178,046,976 bytes free
Post-Run: 428,640,538,624 bytes free

813 --- E O F --- 2009-03-03 02:37:27

Things are running better now, havent had a crash yet but when i was running the malware program things got EXTREMELY laggy. Other than that, it seems better. One thing i have noticed though is that recently upon start up my computer has been prompting for me to start a windows defender program, what seems fishy about this is that when i dont let it run there is allready that process running but when i let it run there are two of them. If this is something to be concerned about i noticed that even on startup after running the malware and combo fix it popped up again.
Thnx for the help.
dosdaplace
Active Member
 
Posts: 7
Joined: January 22nd, 2009, 4:25 am

Re: Second Hijack this post, with combofix log.

Unread postby Katana » March 3rd, 2009, 5:20 pm

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Second Hijack this post, with combofix log.

Unread postby dosdaplace » March 3rd, 2009, 11:16 pm

So i shutdown my computer before leaving to class today and when i got back my computer will not start, windows gives an error, Windows failed to start. A recent hardware of software change might be the cause. it gives me some options, none of which work seeing as how even when i put my vista cd in my drive it will not allow me to repair. status: 0xc0000001 info: an unexpected error has occurred. I have no idea what to do, supposedly my SAM files are missing and the only way to replace them is to use xp to copy past them back into my drive, but i dont have xp nor would i be able to install it due to this error.
Thnx for the help
dosdaplace
Active Member
 
Posts: 7
Joined: January 22nd, 2009, 4:25 am

Re: Second Hijack this post, with combofix log.

Unread postby Katana » March 4th, 2009, 6:20 am

What on earth happened there ????

Have you tried starting in safe mode ? ( press F8 repeatedly during boot )

dosdaplace wrote:when i put my vista cd in my drive


Do you see an option to start Recovery Console ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Second Hijack this post, with combofix log.

Unread postby dosdaplace » March 4th, 2009, 10:42 am

I have no idea what happened it was working beautifully.
For some reason it wont let me start in any manner i've tried every safe mode there is and i always get the same message. What really gets me is that it wont let me repair from disk, nothing works.
dosdaplace
Active Member
 
Posts: 7
Joined: January 22nd, 2009, 4:25 am

Re: Second Hijack this post, with combofix log.

Unread postby Katana » March 5th, 2009, 5:00 am

Hi dosdaplace,

When you used the Vista disc, did you actually boot from it and get the option to "Repair" ?
Does it not give the option for Recovery Console when you boot from the disc ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Second Hijack this post, with combofix log.

Unread postby NonSuch » March 10th, 2009, 9:47 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware