Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cp ussage 100% please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: cp ussage 100% please help

Unread postby hogter » April 24th, 2008, 8:04 pm

ComboFix 08-04-22.5 - Walter 2008-04-24 16:11:35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.809 [GMT -7:00]Running from: F:\Torrents\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2039-03-11 21:37 . 2006-11-02 02:46 1,137,664 --a------ C:\Windows\System32\themecpl.dll.original
2008-04-23 12:17 . 2008-04-23 12:17 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-23 12:17 . 2008-04-23 12:17 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-23 12:15 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-04-23 12:15 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-04-23 12:15 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-04-23 12:15 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-04-23 12:15 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-04-23 12:15 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-04-23 11:47 . 2008-04-23 11:47 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-22 20:20 . 2008-04-23 12:16 22,328 --a------ C:\Users\Walter\AppData\Roaming\PnkBstrK.sys
2008-04-22 20:16 . 2008-04-23 12:16 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-04-22 19:52 . 2008-04-23 23:14 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-04-22 19:52 . 2008-04-22 20:16 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-04-22 19:52 . 2008-04-23 23:17 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-04-22 19:42 . 2008-04-22 19:42 319 --a------ C:\Windows\game.ini
2008-04-22 18:17 . 2008-04-22 18:17 <DIR> d--hs---- C:\Windows\ftpcache
2008-04-22 17:17 . 2008-04-22 17:17 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-22 17:17 . 2008-04-22 17:17 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-22 15:53 . 2008-04-22 15:53 <DIR> d-------- C:\Users\All Users\ALM
2008-04-22 15:53 . 2008-04-22 15:53 <DIR> d-------- C:\ProgramData\ALM
2008-04-22 15:32 . 2008-04-22 15:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-22 14:46 . 2008-04-22 15:30 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Download Manager
2008-04-21 22:55 . 2008-04-24 16:02 <DIR> d-------- C:\Users\Walter\AppData\Roaming\LimeWire
2008-04-21 22:53 . 2008-04-21 22:54 <DIR> d-------- C:\Program Files\LimeWire
2008-04-16 09:30 . 2008-04-16 16:34 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-14 09:31 . 2008-04-14 09:31 <DIR> d-------- C:\Users\All Users\Trymedia
2008-04-14 09:31 . 2008-04-14 09:31 <DIR> d-------- C:\ProgramData\Trymedia
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-13 09:27 . 2008-04-13 09:27 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-05 14:25 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-01 16:01 . 2008-04-01 16:02 131,072 --a------ C:\Windows\System32\Ikeext.etl
2008-03-29 21:43 . 2008-03-29 21:43 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-29 21:42 . 2008-03-29 21:51 <DIR> d-------- C:\Windows\Internet Logs
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 16:40 . 2008-03-29 00:18 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Auslogics
2008-03-27 16:39 . 2008-03-27 16:39 <DIR> d-------- C:\Program Files\Auslogics
2008-03-26 23:49 . 2008-04-24 16:00 <DIR> d-------- C:\Program Files\Dl_cats
2008-03-26 23:40 . 2007-02-07 12:57 344,064 --a------ C:\Windows\System32\dlbtcoin.dll
2008-03-26 23:40 . 2006-08-28 15:57 126,059 --a------ C:\Windows\System32\dlbtceip.chm
2008-03-26 23:40 . 2005-08-18 05:26 40,960 --a------ C:\Windows\System32\dlbtvs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 23:09 --------- d---a-w C:\ProgramData\TEMP
2008-04-24 22:52 --------- d-----w C:\Users\Walter\AppData\Roaming\uTorrent
2008-04-24 11:16 --------- d-----w C:\ProgramData\Google Updater
2008-04-24 06:13 --------- d-----w C:\Program Files\Steam
2008-04-24 04:18 --------- d-----w C:\Program Files\City of Heroes
2008-04-23 22:18 --------- d-----w C:\Program Files\ATI
2008-04-23 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 23:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-22 03:40 --------- d-----w C:\Program Files\McAfee
2008-04-21 03:51 --------- d-----w C:\Program Files\Microsoft Games
2008-04-04 14:31 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-27 23:26 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-27 06:50 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2008-03-26 07:33 --------- d-----w C:\Program Files\Audible
2008-03-25 02:34 --------- d-----w C:\Program Files\HeroStats
2008-03-23 19:19 --------- d-----w C:\Program Files\GustoSoft
2008-03-19 21:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-19 21:28 --------- d-----w C:\Program Files\Common Files\Real
2008-03-19 21:27 --------- d-----w C:\Program Files\Real
2008-03-19 07:27 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-18 05:58 --------- d-----w C:\Program Files\Java
2008-03-18 05:56 --------- d-----w C:\Program Files\Common Files\Java
2008-03-18 05:46 --------- d-----w C:\Program Files\Trend Micro
2008-03-18 05:09 --------- d-----w C:\Users\high way to hell\AppData\Roaming\Talkback
2008-03-18 05:08 --------- d-----w C:\Users\high way to hell\AppData\Roaming\ATI
2008-03-18 04:56 128,949,234 ----a-w C:\Windows\DUMP449d.tmp
2008-03-17 09:39 --------- d-----w C:\Users\Walter\AppData\Roaming\iSilo
2008-03-17 09:39 --------- d-----w C:\Program Files\iSilo
2008-03-15 02:35 --------- d-----w C:\Users\Walter\AppData\Roaming\Talkback
2008-03-14 05:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-14 03:54 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 18:58 --------- d-----w C:\Users\Walter\AppData\Roaming\ATI
2008-03-13 18:58 --------- d-----w C:\ProgramData\ATI
2008-03-13 18:51 --------- d-----w C:\Program Files\ATI Technologies
2008-03-13 06:53 --------- d-----w C:\Program Files\CDisplay
2008-03-13 06:35 --------- d-----w C:\Users\Walter\AppData\Roaming\PC Tools
2008-03-13 06:35 --------- d-----w C:\Program Files\Google
2008-03-12 08:42 --------- d-----w C:\Program Files\Windows Live
2008-03-12 08:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 08:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-12 08:34 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-12 08:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 08:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 08:12 --------- d-----w C:\Program Files\Microsoft Works
2008-03-12 08:11 --------- d-----w C:\Program Files\MSBuild
2008-03-12 08:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-12 08:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-12 07:47 --------- d-----w C:\Program Files\Creative
2008-03-12 07:46 --------- d-----w C:\ProgramData\Creative
2008-03-12 07:45 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-12 07:45 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-12 07:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 07:41 --------- d-----w C:\Users\Walter\AppData\Roaming\Apple Computer
2008-03-12 07:41 --------- d-----w C:\Program Files\iTunes
2008-03-12 07:40 --------- d-----w C:\ProgramData\Apple Computer
2008-03-12 07:40 --------- d-----w C:\Program Files\QuickTime
2008-03-12 07:40 --------- d-----w C:\Program Files\iPod
2008-03-12 07:40 --------- d-----w C:\Program Files\Bonjour
2008-03-12 07:39 --------- d-----w C:\Program Files\Apple Software Update
2008-03-12 07:38 --------- d-----w C:\ProgramData\Apple
2008-03-12 07:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-12 07:31 --------- d-----w C:\Users\Walter\AppData\Roaming\GRETECH
2008-03-12 07:31 --------- d-----w C:\ProgramData\GRETECH
2008-03-12 07:30 --------- d-----w C:\Program Files\GRETECH
2008-03-12 07:30 --------- d-----w C:\Program Files\DAP
2008-03-12 07:07 50,688 ----a-w C:\Windows\System32\wbhelp2.dll
2008-03-12 06:51 --------- d-----w C:\ProgramData\McAfee
2008-03-12 06:49 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-12 06:46 --------- d-----w C:\Program Files\McAfee.com
2008-03-12 06:39 --------- d-----w C:\ProgramData\AOL OCP
2008-03-12 06:38 --------- d-----w C:\Users\Walter\AppData\Roaming\acccore
2008-03-12 06:38 --------- d-----w C:\Program Files\AIM6
2008-03-12 06:37 --------- d-----w C:\ProgramData\Viewpoint
2008-03-12 06:37 --------- d-----w C:\ProgramData\AOL
2008-03-12 06:37 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 06:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-12 06:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-12 06:23 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-12 06:23 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-12 06:22 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-12 06:22 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-12 06:21 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-12 06:21 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-12 06:21 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-12 06:21 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-12 06:21 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-12 06:21 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-12 06:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-12 06:21 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-12 06:21 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-12 06:21 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-12 06:21 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-12 06:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-12 06:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-12 06:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-12 06:20 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-12 06:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-12 06:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-12 06:19 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-12 06:19 22,016 ----a-w C:\Windows\System32\netiougc.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_15.49.44.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2008-03-12 05:09:05 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-23 19:14:43 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-03-12 05:09:05 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-04-23 19:14:43 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-03-12 05:09:05 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-23 19:14:44 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-03-12 05:09:01 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:36 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:02 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:37 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:02 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:37 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:02 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:38 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:03 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:39 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:03 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:39 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:03 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:40 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:04 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:40 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:04 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:41 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:05 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:44 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:05 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-04-23 19:14:44 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-03-12 05:09:06 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-04-23 19:14:45 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-03-12 05:09:06 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-04-23 19:14:45 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-03-12 05:09:06 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-04-23 19:14:45 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-03-12 05:09:04 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-23 19:14:43 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-04-12 20:00:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-23 22:14:21 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
- 2008-04-12 20:03:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-23 22:18:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-12 20:03:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-23 22:18:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\system\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\system\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\system\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\system\vga.drv
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\System32\acprgwiz.dll
+ 2008-03-12 06:18:49 2,048 ----a-w C:\Windows\System32\asferror.dll
+ 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\System32\bootstr.dll
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\System32\bridgeres.dll
- 2008-04-12 22:23:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-24 22:25:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-12 22:23:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-24 22:25:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-12 22:23:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-24 22:25:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-12 22:29:33 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-24 23:11:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-03-12 18:03:42 334,664 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-23 00:13:08 1,627,880 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 1998-05-08 04:57:22 143,872 ------w C:\Windows\System32\iacenc.dll
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\System32\iologmsg.dll
+ 1997-06-14 02:56:08 56,832 ------w C:\Windows\System32\iyvu9_32.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\System32\keyboard.drv
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\System32\lltdres.dll
+ 2007-07-27 21:49:02 196,683 ----a-w C:\Windows\System32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w C:\Windows\System32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w C:\Windows\System32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w C:\Windows\System32\lnod32upd.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\System32\mferror.dll
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\System32\mouse.drv
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\System32\msimsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\System32\msprivs.dll
+ 2008-03-12 06:18:31 2,048 ----a-w C:\Windows\System32\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\System32\neth.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\System32\netmsg.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\office_24.bin
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\System32\normaliz.dll
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\System32\oleaccrc.dll
+ 2008-02-11 16:39:26 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
+ 2008-02-11 16:39:18 237,568 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
+ 2008-02-08 20:53:46 110,592 ----a-w C:\Windows\System32\OnlineScannerLang.dll
+ 2008-02-05 15:48:04 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
- 2008-03-20 16:08:48 104,662 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-17 06:23:41 104,662 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-20 16:08:48 621,314 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-17 06:23:41 621,314 ----a-w C:\Windows\System32\perfh009.dat
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\System32\redir.exe
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\System32\rnr20.dll
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\System32\SampleRes.dll
- 2008-03-12 18:05:54 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-23 21:03:35 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\System32\sound.drv
+ 2008-03-12 06:15:14 2,048 ----a-w C:\Windows\System32\tzres.dll
+ 2004-12-07 17:11:34 258,352 ----a-w C:\Windows\System32\unicows.dll
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\System32\vga.drv
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\System32\wbem\WmiApRes.dll
- 2008-04-12 20:03:33 6,690 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561321763-1897004747-691077370-1000_UserData.bin
+ 2008-04-23 22:18:42 7,052 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561321763-1897004747-691077370-1000_UserData.bin
- 2008-04-12 20:03:33 45,102 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-23 22:18:41 45,626 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-12 20:11:03 31,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-23 22:18:34 32,890 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-10 21:52:03 176,334 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-04-22 23:08:05 177,354 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\System32\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\System32\WINSPOOL.EXE
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\System32\wmerror.dll
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\System32\WOWDEB.EXE
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6000.16386_none_92936507ab8702dd\acprgwiz.dll
+ 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.0.6000.16386_none_f64b4db1100349a8\bootstr.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6000.16386_none_1525f574c2807ea3\netmsg.dll
+ 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16386_none_1310947a0ca7000f\tzres.dll
+ 2008-03-12 06:15:14 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16589_none_131399240ca44662\tzres.dll
+ 2008-03-12 06:15:14 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20712_none_13e1e543258f6e5b\tzres.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\msimsg.dll
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\normaliz.dll
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iologgingdll_31bf3856ad364e35_6.0.6000.16386_none_b4a74430ff7bd85d\iologmsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.0.6000.16386_none_09e22f167e7ac9b3\msprivs.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16386_none_9a286d400fd699af\mferror.dll
+ 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16386_none_a57f2ea4437cfc78\asferror.dll
+ 2008-03-12 06:18:49 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16585_none_a57e3226437ddd6f\asferror.dll
+ 2008-03-12 06:18:49 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.20708_none_a66151155c57e6dd\asferror.dll
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.0.6000.16386_none_351e30f1ba0b5cbe\wmerror.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16386_none_86377e9e99eb1168\msxml3r.dll
+ 2008-03-12 06:20:12 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16500_none_8688000e99af9424\msxml3r.dll
+ 2008-03-12 06:20:13 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20613_none_8709cdcbb2d29be4\msxml3r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16386_none_86373a4699eb5e4b\msxml6r.dll
+ 2008-03-12 06:18:31 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25\msxml6r.dll
+ 2008-03-12 06:18:31 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20582_none_86bcd7cfb30c95e0\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6000.16386_none_4ffb8f84758bff07\neth.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_24.bin
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6000.16386_none_05b32edf092a8853\bridgeres.dll
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6000.16386_none_cf1f3538fd925a7b\lltdres.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\vga.drv
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\mouse.drv
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\redir.exe
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\vga.drv
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWDEB.EXE
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\oleaccrc.dll
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photosamples_31bf3856ad364e35_6.0.6000.16386_none_95425ac284e42b43\SampleRes.dll
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6000.16386_none_e12e74ad149badfc\rnr20.dll
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d411922ad8f1f\WmiApRes.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsm.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsy.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smimsgif.dll
+ 2008-04-23 19:15:55 96,256 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
+ 2008-04-23 19:15:58 1,101,824 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80.dll
+ 2008-04-23 19:15:58 1,093,120 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
+ 2008-04-23 19:15:58 69,632 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80.dll
+ 2008-04-23 19:15:58 57,856 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80u.dll
+ 2008-04-23 19:16:00 40,960 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHS.dll
+ 2008-04-23 19:16:00 45,056 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHT.dll
+ 2008-04-23 19:16:00 65,536 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80DEU.dll
+ 2008-04-23 19:16:00 57,344 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
+ 2008-04-23 19:16:00 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ESP.dll
+ 2008-04-23 19:16:00 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80FRA.dll
+ 2008-04-23 19:16:00 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ITA.dll
+ 2008-04-23 19:16:00 49,152 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80JPN.dll
+ 2008-04-23 19:16:00 49,152 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80KOR.dll
+ 2008-04-23 19:16:04 65,536 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
+ 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.16386_none_76336ee89b768fbf\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6000.16386_none_c6c5835b4cd99252\ServiceModelInstallRC.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-11 23:18 1232896]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 13:50 50528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 23:32 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:58 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-03-07 12:04 250368]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-12 00:07 3057152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 14:27 185896]
"DLBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 17:34 73728]
"dlbtmon.exe"="C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 18:23 431600]
"Support audio cool poll"="C:\ProgramData\Dale Owns Load.4r03bp" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 14:40:16 1697112]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-12 23:32:37 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5375C627-C2F3-4286-ADE7-7DAFBCD7E952}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{222D6355-B5D0-40A7-B61A-C1C9BA899DC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{68C64655-F588-4742-A6D0-D5925A3D5F93}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73FF717A-9533-43B4-BA66-B5FEEE31D5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E73C4CBD-C7AC-4F90-9817-FF364BCFED22}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7248949B-43BA-45A4-9947-AE667739DC23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9DFF5E04-65B8-44E1-8CFA-BB74DB01375B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9BA85FCB-941C-4FB2-A2B4-82FC8AAD062D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DE307A62-97EF-4BB1-86CA-71FFFE7B59B0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2C59216C-196D-4540-8418-233CA13AAED3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{628290DE-FDF5-4BB7-8EB7-C722DA091F29}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1177328-BF7F-4328-B5B1-A6DB734C957D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69193BC4-C2DF-4869-9532-EA30A8521921}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E24C346-F777-43F0-8B31-46C3BD0ADC67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77A54C50-DDCB-4391-AB88-8735C57A7668}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5D396C73-EF86-4D50-8AE3-3EFB2497E1D0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C556D100-0709-460E-9412-E0E742A821A3}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{3BA8FCCD-1B38-4F31-8B22-6DCD139DFB2E}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{177A5AE4-F818-429E-B295-43F610C04178}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{0CA471D2-6293-413B-B045-7A4DBF8505ED}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{ECB5E892-5649-4CEC-93C8-44A18B855F26}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{34C1A860-63AC-4F24-B256-F893E622795D}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{647D5EF8-B3C6-4F9D-8B47-5D81B8728B25}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{141CB9E7-63A7-426A-9BB8-DE44B80E6D82}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{A3A109FF-F29C-4C43-8B75-B42256D91804}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0AFC2C31-FF24-4812-8CC1-1264FBF0000A}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D72D6220-768C-49E9-9D5C-7AF937970D11}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{82537A76-1267-4184-AC58-6E0B8B4CB981}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{E8CD3F3B-233D-41FF-A16C-BC69A9B4E2B8}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{FEC98D29-3236-4C3D-B023-EF4D51E36C01}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{F6DBC820-BB49-4FC1-B67E-363B185B4C61}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{0A9A768C-327A-4801-A8A6-C76157BC55E6}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 41483;41483;C:\Windows\System32\41483.sys [2008-03-11 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28d059-efe8-11dc-a5fb-806e6f6e6963}]
\shell\AutoRun\command - D:\aoesetup.exe /autorun
\shell\directx\command - D:\DirectX\dxsetup.exe
\shell\dplay\command - D:\DirectX\dplay61a.exe
\shell\dxdiag\command - D:\goodies\ar40eng.exe
\shell\dxinfo\command - D:\goodies\DirectX\dxinfo.exe
\shell\dxtest\command - D:\DirectX\dxdiag.exe
\shell\dxtool\command - D:\goodies\DirectX\dxtool.exe
\shell\log\command - D:\goodies\machine\machine.exe -l
\shell\machine\command - D:\goodies\machine\machine.exe
\shell\setup\command - D:\aoesetup.exe /autorun
\shell\zone\command - D:\goodies\mszone\zoneA600.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 22:52:05 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-15 15:03:49 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 08:01:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-24 19:14:44 C:\Windows\Tasks\User_Feed_Synchronization-{8FF99394-19BE-4996-95CA-73822EBB8EA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 16:22:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-24 16:47:55
ComboFix-quarantined-files.txt 2008-04-24 23:47:41
ComboFix2.txt 2008-04-13 17:16:58
ComboFix3.txt 2008-04-12 22:50:29

Pre-Run: 10,591,862,784 bytes free
Post-Run: 10,769,350,656 bytes free

479 --- E O F --- 2008-03-12 08:56:46


and i tried seeing what is making it go CPU ussage 100% but i couldnt see it, but the time that i had opend the taskmanagr it would all be back to normal, exept syste, idle process. thats about it. i dont know if that is suppost to happened or not.
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm
Advertisement
Register to Remove

Re: cp ussage 100% please help

Unread postby hogter » April 24th, 2008, 8:14 pm

ComboFix 08-04-22.5 - Walter 2008-04-24 16:11:35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.809 [GMT -7:00]Running from: F:\Torrents\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2039-03-11 21:37 . 2006-11-02 02:46 1,137,664 --a------ C:\Windows\System32\themecpl.dll.original
2008-04-23 12:17 . 2008-04-23 12:17 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-23 12:17 . 2008-04-23 12:17 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-23 12:15 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-04-23 12:15 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-04-23 12:15 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-04-23 12:15 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-04-23 12:15 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-04-23 12:15 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-04-23 11:47 . 2008-04-23 11:47 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-22 20:20 . 2008-04-23 12:16 22,328 --a------ C:\Users\Walter\AppData\Roaming\PnkBstrK.sys
2008-04-22 20:16 . 2008-04-23 12:16 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-04-22 19:52 . 2008-04-23 23:14 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-04-22 19:52 . 2008-04-22 20:16 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-04-22 19:52 . 2008-04-23 23:17 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-04-22 19:42 . 2008-04-22 19:42 319 --a------ C:\Windows\game.ini
2008-04-22 18:17 . 2008-04-22 18:17 <DIR> d--hs---- C:\Windows\ftpcache
2008-04-22 17:17 . 2008-04-22 17:17 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-22 17:17 . 2008-04-22 17:17 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-22 15:53 . 2008-04-22 15:53 <DIR> d-------- C:\Users\All Users\ALM
2008-04-22 15:53 . 2008-04-22 15:53 <DIR> d-------- C:\ProgramData\ALM
2008-04-22 15:32 . 2008-04-22 15:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-22 14:46 . 2008-04-22 15:30 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Download Manager
2008-04-21 22:55 . 2008-04-24 16:02 <DIR> d-------- C:\Users\Walter\AppData\Roaming\LimeWire
2008-04-21 22:53 . 2008-04-21 22:54 <DIR> d-------- C:\Program Files\LimeWire
2008-04-16 09:30 . 2008-04-16 16:34 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-14 09:31 . 2008-04-14 09:31 <DIR> d-------- C:\Users\All Users\Trymedia
2008-04-14 09:31 . 2008-04-14 09:31 <DIR> d-------- C:\ProgramData\Trymedia
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-13 09:27 . 2008-04-13 09:27 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-05 14:25 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-04-01 16:01 . 2008-04-01 16:02 131,072 --a------ C:\Windows\System32\Ikeext.etl
2008-03-29 21:43 . 2008-03-29 21:43 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-29 21:42 . 2008-03-29 21:51 <DIR> d-------- C:\Windows\Internet Logs
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:40 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-29 21:39 . 2008-03-29 21:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 16:40 . 2008-03-29 00:18 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Auslogics
2008-03-27 16:39 . 2008-03-27 16:39 <DIR> d-------- C:\Program Files\Auslogics
2008-03-26 23:49 . 2008-04-24 16:00 <DIR> d-------- C:\Program Files\Dl_cats
2008-03-26 23:40 . 2007-02-07 12:57 344,064 --a------ C:\Windows\System32\dlbtcoin.dll
2008-03-26 23:40 . 2006-08-28 15:57 126,059 --a------ C:\Windows\System32\dlbtceip.chm
2008-03-26 23:40 . 2005-08-18 05:26 40,960 --a------ C:\Windows\System32\dlbtvs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 23:09 --------- d---a-w C:\ProgramData\TEMP
2008-04-24 22:52 --------- d-----w C:\Users\Walter\AppData\Roaming\uTorrent
2008-04-24 11:16 --------- d-----w C:\ProgramData\Google Updater
2008-04-24 06:13 --------- d-----w C:\Program Files\Steam
2008-04-24 04:18 --------- d-----w C:\Program Files\City of Heroes
2008-04-23 22:18 --------- d-----w C:\Program Files\ATI
2008-04-23 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 23:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-22 03:40 --------- d-----w C:\Program Files\McAfee
2008-04-21 03:51 --------- d-----w C:\Program Files\Microsoft Games
2008-04-04 14:31 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-27 23:26 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-27 06:50 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2008-03-26 07:33 --------- d-----w C:\Program Files\Audible
2008-03-25 02:34 --------- d-----w C:\Program Files\HeroStats
2008-03-23 19:19 --------- d-----w C:\Program Files\GustoSoft
2008-03-19 21:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-19 21:28 --------- d-----w C:\Program Files\Common Files\Real
2008-03-19 21:27 --------- d-----w C:\Program Files\Real
2008-03-19 07:27 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-18 05:58 --------- d-----w C:\Program Files\Java
2008-03-18 05:56 --------- d-----w C:\Program Files\Common Files\Java
2008-03-18 05:46 --------- d-----w C:\Program Files\Trend Micro
2008-03-18 05:09 --------- d-----w C:\Users\high way to hell\AppData\Roaming\Talkback
2008-03-18 05:08 --------- d-----w C:\Users\high way to hell\AppData\Roaming\ATI
2008-03-18 04:56 128,949,234 ----a-w C:\Windows\DUMP449d.tmp
2008-03-17 09:39 --------- d-----w C:\Users\Walter\AppData\Roaming\iSilo
2008-03-17 09:39 --------- d-----w C:\Program Files\iSilo
2008-03-15 02:35 --------- d-----w C:\Users\Walter\AppData\Roaming\Talkback
2008-03-14 05:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-14 03:54 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 18:58 --------- d-----w C:\Users\Walter\AppData\Roaming\ATI
2008-03-13 18:58 --------- d-----w C:\ProgramData\ATI
2008-03-13 18:51 --------- d-----w C:\Program Files\ATI Technologies
2008-03-13 06:53 --------- d-----w C:\Program Files\CDisplay
2008-03-13 06:35 --------- d-----w C:\Users\Walter\AppData\Roaming\PC Tools
2008-03-13 06:35 --------- d-----w C:\Program Files\Google
2008-03-12 08:42 --------- d-----w C:\Program Files\Windows Live
2008-03-12 08:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 08:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-12 08:34 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-12 08:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 08:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 08:12 --------- d-----w C:\Program Files\Microsoft Works
2008-03-12 08:11 --------- d-----w C:\Program Files\MSBuild
2008-03-12 08:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-12 08:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-12 07:47 --------- d-----w C:\Program Files\Creative
2008-03-12 07:46 --------- d-----w C:\ProgramData\Creative
2008-03-12 07:45 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-12 07:45 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-12 07:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 07:41 --------- d-----w C:\Users\Walter\AppData\Roaming\Apple Computer
2008-03-12 07:41 --------- d-----w C:\Program Files\iTunes
2008-03-12 07:40 --------- d-----w C:\ProgramData\Apple Computer
2008-03-12 07:40 --------- d-----w C:\Program Files\QuickTime
2008-03-12 07:40 --------- d-----w C:\Program Files\iPod
2008-03-12 07:40 --------- d-----w C:\Program Files\Bonjour
2008-03-12 07:39 --------- d-----w C:\Program Files\Apple Software Update
2008-03-12 07:38 --------- d-----w C:\ProgramData\Apple
2008-03-12 07:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-12 07:31 --------- d-----w C:\Users\Walter\AppData\Roaming\GRETECH
2008-03-12 07:31 --------- d-----w C:\ProgramData\GRETECH
2008-03-12 07:30 --------- d-----w C:\Program Files\GRETECH
2008-03-12 07:30 --------- d-----w C:\Program Files\DAP
2008-03-12 07:07 50,688 ----a-w C:\Windows\System32\wbhelp2.dll
2008-03-12 06:51 --------- d-----w C:\ProgramData\McAfee
2008-03-12 06:49 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-12 06:46 --------- d-----w C:\Program Files\McAfee.com
2008-03-12 06:39 --------- d-----w C:\ProgramData\AOL OCP
2008-03-12 06:38 --------- d-----w C:\Users\Walter\AppData\Roaming\acccore
2008-03-12 06:38 --------- d-----w C:\Program Files\AIM6
2008-03-12 06:37 --------- d-----w C:\ProgramData\Viewpoint
2008-03-12 06:37 --------- d-----w C:\ProgramData\AOL
2008-03-12 06:37 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 06:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-12 06:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-12 06:23 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-12 06:23 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-12 06:22 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-12 06:22 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-12 06:21 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-12 06:21 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-12 06:21 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-12 06:21 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-12 06:21 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-12 06:21 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-12 06:21 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-12 06:21 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-12 06:21 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-12 06:21 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-12 06:21 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-12 06:20 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-12 06:20 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-12 06:20 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-12 06:20 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-12 06:20 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-12 06:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-12 06:19 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-12 06:19 22,016 ----a-w C:\Windows\System32\netiougc.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_15.49.44.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2008-03-12 05:09:05 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-23 19:14:43 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-03-12 05:09:05 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-04-23 19:14:43 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-03-12 05:09:05 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-23 19:14:44 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-03-12 05:09:01 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:36 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:02 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:37 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:02 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:37 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:02 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:38 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:03 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:39 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:03 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:39 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:03 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:40 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:04 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:40 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:04 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:41 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:05 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-23 19:14:44 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-12 05:09:05 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-04-23 19:14:44 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-03-12 05:09:06 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-04-23 19:14:45 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-03-12 05:09:06 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-04-23 19:14:45 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-03-12 05:09:06 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-04-23 19:14:45 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-03-12 05:09:04 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-23 19:14:43 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-04-12 20:00:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-23 22:14:21 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
- 2008-04-12 20:03:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-23 22:18:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-12 20:03:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-23 22:18:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\system\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\system\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\system\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\system\vga.drv
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\System32\acprgwiz.dll
+ 2008-03-12 06:18:49 2,048 ----a-w C:\Windows\System32\asferror.dll
+ 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\System32\bootstr.dll
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\System32\bridgeres.dll
- 2008-04-12 22:23:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-24 22:25:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-12 22:23:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-24 22:25:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-12 22:23:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-24 22:25:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-12 22:29:33 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-24 23:11:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-03-12 18:03:42 334,664 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-23 00:13:08 1,627,880 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 1998-05-08 04:57:22 143,872 ------w C:\Windows\System32\iacenc.dll
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\System32\iologmsg.dll
+ 1997-06-14 02:56:08 56,832 ------w C:\Windows\System32\iyvu9_32.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\System32\keyboard.drv
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\System32\lltdres.dll
+ 2007-07-27 21:49:02 196,683 ----a-w C:\Windows\System32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w C:\Windows\System32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w C:\Windows\System32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w C:\Windows\System32\lnod32upd.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\System32\mferror.dll
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\System32\mouse.drv
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\System32\msimsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\System32\msprivs.dll
+ 2008-03-12 06:18:31 2,048 ----a-w C:\Windows\System32\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\System32\neth.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\System32\netmsg.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\office_24.bin
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\System32\normaliz.dll
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\System32\oleaccrc.dll
+ 2008-02-11 16:39:26 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
+ 2008-02-11 16:39:18 237,568 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
+ 2008-02-08 20:53:46 110,592 ----a-w C:\Windows\System32\OnlineScannerLang.dll
+ 2008-02-05 15:48:04 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
- 2008-03-20 16:08:48 104,662 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-17 06:23:41 104,662 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-20 16:08:48 621,314 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-17 06:23:41 621,314 ----a-w C:\Windows\System32\perfh009.dat
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\System32\redir.exe
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\System32\rnr20.dll
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\System32\SampleRes.dll
- 2008-03-12 18:05:54 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-23 21:03:35 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\System32\sound.drv
+ 2008-03-12 06:15:14 2,048 ----a-w C:\Windows\System32\tzres.dll
+ 2004-12-07 17:11:34 258,352 ----a-w C:\Windows\System32\unicows.dll
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\System32\vga.drv
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\System32\wbem\WmiApRes.dll
- 2008-04-12 20:03:33 6,690 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561321763-1897004747-691077370-1000_UserData.bin
+ 2008-04-23 22:18:42 7,052 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561321763-1897004747-691077370-1000_UserData.bin
- 2008-04-12 20:03:33 45,102 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-23 22:18:41 45,626 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-12 20:11:03 31,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-23 22:18:34 32,890 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-10 21:52:03 176,334 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-04-22 23:08:05 177,354 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\System32\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\System32\WINSPOOL.EXE
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\System32\wmerror.dll
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\System32\WOWDEB.EXE
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6000.16386_none_92936507ab8702dd\acprgwiz.dll
+ 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.0.6000.16386_none_f64b4db1100349a8\bootstr.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6000.16386_none_1525f574c2807ea3\netmsg.dll
+ 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16386_none_1310947a0ca7000f\tzres.dll
+ 2008-03-12 06:15:14 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16589_none_131399240ca44662\tzres.dll
+ 2008-03-12 06:15:14 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20712_none_13e1e543258f6e5b\tzres.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\msimsg.dll
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\normaliz.dll
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iologgingdll_31bf3856ad364e35_6.0.6000.16386_none_b4a74430ff7bd85d\iologmsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.0.6000.16386_none_09e22f167e7ac9b3\msprivs.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16386_none_9a286d400fd699af\mferror.dll
+ 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16386_none_a57f2ea4437cfc78\asferror.dll
+ 2008-03-12 06:18:49 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16585_none_a57e3226437ddd6f\asferror.dll
+ 2008-03-12 06:18:49 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.20708_none_a66151155c57e6dd\asferror.dll
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.0.6000.16386_none_351e30f1ba0b5cbe\wmerror.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16386_none_86377e9e99eb1168\msxml3r.dll
+ 2008-03-12 06:20:12 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16500_none_8688000e99af9424\msxml3r.dll
+ 2008-03-12 06:20:13 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20613_none_8709cdcbb2d29be4\msxml3r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16386_none_86373a4699eb5e4b\msxml6r.dll
+ 2008-03-12 06:18:31 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25\msxml6r.dll
+ 2008-03-12 06:18:31 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20582_none_86bcd7cfb30c95e0\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6000.16386_none_4ffb8f84758bff07\neth.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_24.bin
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6000.16386_none_05b32edf092a8853\bridgeres.dll
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6000.16386_none_cf1f3538fd925a7b\lltdres.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\vga.drv
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\mouse.drv
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\redir.exe
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\vga.drv
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWDEB.EXE
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\oleaccrc.dll
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photosamples_31bf3856ad364e35_6.0.6000.16386_none_95425ac284e42b43\SampleRes.dll
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6000.16386_none_e12e74ad149badfc\rnr20.dll
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d411922ad8f1f\WmiApRes.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsm.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsy.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smimsgif.dll
+ 2008-04-23 19:15:55 96,256 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
+ 2008-04-23 19:15:58 1,101,824 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80.dll
+ 2008-04-23 19:15:58 1,093,120 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll
+ 2008-04-23 19:15:58 69,632 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80.dll
+ 2008-04-23 19:15:58 57,856 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80u.dll
+ 2008-04-23 19:16:00 40,960 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHS.dll
+ 2008-04-23 19:16:00 45,056 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHT.dll
+ 2008-04-23 19:16:00 65,536 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80DEU.dll
+ 2008-04-23 19:16:00 57,344 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll
+ 2008-04-23 19:16:00 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ESP.dll
+ 2008-04-23 19:16:00 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80FRA.dll
+ 2008-04-23 19:16:00 61,440 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ITA.dll
+ 2008-04-23 19:16:00 49,152 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80JPN.dll
+ 2008-04-23 19:16:00 49,152 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80KOR.dll
+ 2008-04-23 19:16:04 65,536 ----a-w C:\Windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
+ 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.16386_none_76336ee89b768fbf\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6000.16386_none_c6c5835b4cd99252\ServiceModelInstallRC.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-11 23:18 1232896]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 13:50 50528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 23:32 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:58 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-03-07 12:04 250368]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-12 00:07 3057152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 14:27 185896]
"DLBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 17:34 73728]
"dlbtmon.exe"="C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 18:23 431600]
"Support audio cool poll"="C:\ProgramData\Dale Owns Load.4r03bp" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 14:40:16 1697112]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-12 23:32:37 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5375C627-C2F3-4286-ADE7-7DAFBCD7E952}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{222D6355-B5D0-40A7-B61A-C1C9BA899DC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{68C64655-F588-4742-A6D0-D5925A3D5F93}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73FF717A-9533-43B4-BA66-B5FEEE31D5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E73C4CBD-C7AC-4F90-9817-FF364BCFED22}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7248949B-43BA-45A4-9947-AE667739DC23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9DFF5E04-65B8-44E1-8CFA-BB74DB01375B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9BA85FCB-941C-4FB2-A2B4-82FC8AAD062D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DE307A62-97EF-4BB1-86CA-71FFFE7B59B0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2C59216C-196D-4540-8418-233CA13AAED3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{628290DE-FDF5-4BB7-8EB7-C722DA091F29}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1177328-BF7F-4328-B5B1-A6DB734C957D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69193BC4-C2DF-4869-9532-EA30A8521921}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E24C346-F777-43F0-8B31-46C3BD0ADC67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77A54C50-DDCB-4391-AB88-8735C57A7668}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5D396C73-EF86-4D50-8AE3-3EFB2497E1D0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C556D100-0709-460E-9412-E0E742A821A3}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{3BA8FCCD-1B38-4F31-8B22-6DCD139DFB2E}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{177A5AE4-F818-429E-B295-43F610C04178}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{0CA471D2-6293-413B-B045-7A4DBF8505ED}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{ECB5E892-5649-4CEC-93C8-44A18B855F26}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{34C1A860-63AC-4F24-B256-F893E622795D}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{647D5EF8-B3C6-4F9D-8B47-5D81B8728B25}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{141CB9E7-63A7-426A-9BB8-DE44B80E6D82}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{A3A109FF-F29C-4C43-8B75-B42256D91804}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0AFC2C31-FF24-4812-8CC1-1264FBF0000A}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D72D6220-768C-49E9-9D5C-7AF937970D11}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{82537A76-1267-4184-AC58-6E0B8B4CB981}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{E8CD3F3B-233D-41FF-A16C-BC69A9B4E2B8}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{FEC98D29-3236-4C3D-B023-EF4D51E36C01}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{F6DBC820-BB49-4FC1-B67E-363B185B4C61}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{0A9A768C-327A-4801-A8A6-C76157BC55E6}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 41483;41483;C:\Windows\System32\41483.sys [2008-03-11 20:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28d059-efe8-11dc-a5fb-806e6f6e6963}]
\shell\AutoRun\command - D:\aoesetup.exe /autorun
\shell\directx\command - D:\DirectX\dxsetup.exe
\shell\dplay\command - D:\DirectX\dplay61a.exe
\shell\dxdiag\command - D:\goodies\ar40eng.exe
\shell\dxinfo\command - D:\goodies\DirectX\dxinfo.exe
\shell\dxtest\command - D:\DirectX\dxdiag.exe
\shell\dxtool\command - D:\goodies\DirectX\dxtool.exe
\shell\log\command - D:\goodies\machine\machine.exe -l
\shell\machine\command - D:\goodies\machine\machine.exe
\shell\setup\command - D:\aoesetup.exe /autorun
\shell\zone\command - D:\goodies\mszone\zoneA600.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 22:52:05 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-15 15:03:49 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-01 08:01:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-24 19:14:44 C:\Windows\Tasks\User_Feed_Synchronization-{8FF99394-19BE-4996-95CA-73822EBB8EA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 16:22:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-24 16:47:55
ComboFix-quarantined-files.txt 2008-04-24 23:47:41
ComboFix2.txt 2008-04-13 17:16:58
ComboFix3.txt 2008-04-12 22:50:29

Pre-Run: 10,591,862,784 bytes free
Post-Run: 10,769,350,656 bytes free

479 --- E O F --- 2008-03-12 08:56:46



i tried to see what it was making thecomputer go CPU ussage 100% but i couldnt really tell one thing that i did find what that system idle process ussually uses a lot of the cpu. but i dont know if that is what is causing it,
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » April 26th, 2008, 3:24 am

Hello hogter

can you please not install any more programs untill we finish cleaning the computer, it makes it harder to tell what is going on in the logs because I see all this new stuff in them

:P2P Warning!:

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    uTorrent
    LimeWire


    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    References for the risk of these programs can be found in these links:

    I would recommend that you uninstall LimeWire,uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you wish to keep it, please do not use it until your computer is cleaned.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
KILLALL::

Folder::
C:\Users\All Users\Messenger Plus!
C:\ProgramData\Messenger Plus!


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28d059-efe8-11dc-a5fb-806e6f6e6963}]



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

:information and logs:

    In your next post I need the following

      1.log from combofix
      2.new hijackthis log please

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » April 27th, 2008, 11:53 pm

everytime i run this

KILLALL::

Folder::
C:\Users\All Users\Messenger Plus!
C:\ProgramData\Messenger Plus!


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28d059-efe8-11dc-a5fb-806e6f6e6963}]

my computer starts the process, and resets the computer half way done... i got rid of utorrent, and lime wire, also i uninstalled the games that i had put in here.....

do you want me to post the JKT log?
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » April 30th, 2008, 8:09 pm

Hello hogter

Sorry for taking so long to get back to you, been under the weather and been asking for some other helpers to have a look.

OK, I would like you to follow the instructions below very carefuly.

    first delete the combofix you have now so we can download the new one.
    Download the new combofix from one of the links below


:Disable AVG Anti-Spyware:

This is very important it will cause the fix to fail if you do not disable it

    Please disable AVG Anti-Spyware until the computer is clean.

    • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
    • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
    • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
    • Reply 'no' and set it to 'inactive' for the duration of your cleanup.

    Don't forget to re-enable it, when your computer is clean.

disable MCAFEE ANTIVIRUS

Again very important as it may cause the fix not to work

    Please navigate to the system tray on the bottom right hand corner and look for an icon with a M in it
    right-click it -> chose "Exit."
    a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
    You succesfully disabled the McAfee Guard.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
KILLALL::

Folder::
C:\Users\All Users\Messenger Plus!
C:\ProgramData\Messenger Plus!

Driver::
41483

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28d059-efe8-11dc-a5fb-806e6f6e6963}]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

please let me know if it works this time


:information and logs:

    In your next post I need the following

      1.if it works let me have the combofix log
      2.let me have a new hijackthis log

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » May 3rd, 2008, 1:57 am

yes .... i did everything you told me to.., i deleted all the program and deativated all the virus scans.. and i ran combofix and my computer restartred in the middle of the process....

what else can i do? thank you for your time :P
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » May 3rd, 2008, 2:09 am

Hello hogter

ok try it this way

Boot into Safe Mode

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
Folder::
C:\Users\All Users\Messenger Plus!
C:\ProgramData\Messenger Plus!

Driver::
41483

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Support audio cool poll"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de28d059-efe8-11dc-a5fb-806e6f6e6963}]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


send me the log if it works
send me a new hijackthis log anyway

Gringo

PS.. we are going to get this one way or another
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby hogter » May 3rd, 2008, 2:14 am

there are two options safe mode without internet and one with it.... which one should i do it on, also... do you want me to stop mcfee? and the other anty-viruses as well?
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby hogter » May 3rd, 2008, 3:27 am

as i was running combofix a message pop up and i didnt write it down, but it told me that the psexe.cfexe files couldnt be read and it computer had to restart, i did it and ran it again on safe mode....then the computer finish the process and at the end it told me that psexe.cfexe 0x0040b8d file couldnt be read. i dont know what that means but at the end of the scan it save the log and gave it to me...



here is on

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:37 AM, on 5/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbtmon.exe] "C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12194 bytes


and here the other

ComboFix 08-05-01.3 - Walter 2008-05-02 23:52:23.7 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1218 [GMT -7:00]
Running from: C:\Users\Walter\Desktop\ComboFix.exe
Command switches used :: C:\Users\Walter\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Messenger Plus!
C:\ProgramData\Messenger Plus!\Custom Sounds\BuiltIn34.dat
C:\ProgramData\Messenger Plus!\Custom Sounds\BuiltIn42.dat
C:\ProgramData\Messenger Plus!\Custom Sounds\BuiltIn44.dat
C:\ProgramData\Messenger Plus!\Custom Sounds\BuiltIn50.dat
C:\ProgramData\Messenger Plus!\Custom Sounds\BuiltIn53.dat
C:\ProgramData\Messenger Plus!\Custom Sounds\BuiltIn57.dat
C:\Users\All Users\Messenger Plus!\Custom Sounds\BuiltIn34.dat
C:\Users\All Users\Messenger Plus!\Custom Sounds\BuiltIn42.dat
C:\Users\All Users\Messenger Plus!\Custom Sounds\BuiltIn44.dat
C:\Users\All Users\Messenger Plus!\Custom Sounds\BuiltIn50.dat
C:\Users\All Users\Messenger Plus!\Custom Sounds\BuiltIn53.dat
C:\Users\All Users\Messenger Plus!\Custom Sounds\BuiltIn57.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_41483
-------\Service_41483


((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2039-03-11 21:37 . 2006-11-02 02:46 1,137,664 --a------ C:\Windows\System32\themecpl.dll.original
2008-05-02 20:17 . 2008-05-02 20:18 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-02 20:17 . 2008-05-02 20:17 <DIR> d-------- C:\Program Files\AVSMedia
2008-04-27 01:28 . 2008-04-27 01:28 24 --a------ C:\Windows\cdplayer.ini
2008-04-25 22:52 . 2008-04-25 22:52 <DIR> dr-h----- C:\Users\Walter\AppData\Roaming\SecuROM
2008-04-25 22:52 . 2008-04-25 22:52 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-25 19:10 . 2008-04-25 19:10 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-23 12:17 . 2008-04-23 12:17 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-04-23 12:17 . 2008-04-23 12:17 <DIR> d-------- C:\ProgramData\Ubisoft
2008-04-23 12:15 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-04-23 12:15 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-04-23 12:15 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-04-23 12:15 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-04-23 12:15 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-04-23 12:15 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-04-23 12:15 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-04-23 11:47 . 2008-04-23 11:47 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-22 20:20 . 2008-04-23 12:16 22,328 --a------ C:\Users\Walter\AppData\Roaming\PnkBstrK.sys
2008-04-22 20:16 . 2008-04-23 12:16 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-04-22 19:52 . 2008-05-02 21:03 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-04-22 19:52 . 2008-04-22 20:16 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-04-22 19:52 . 2008-05-02 21:04 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-04-22 19:42 . 2008-04-22 19:42 319 --a------ C:\Windows\game.ini
2008-04-22 18:17 . 2008-04-22 18:17 <DIR> d--hs---- C:\Windows\ftpcache
2008-04-22 17:17 . 2008-04-22 17:17 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-22 17:17 . 2008-04-22 17:17 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-22 15:53 . 2008-04-22 15:53 <DIR> d-------- C:\Users\All Users\ALM
2008-04-22 15:53 . 2008-04-22 15:53 <DIR> d-------- C:\ProgramData\ALM
2008-04-22 15:32 . 2008-04-22 15:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-22 14:46 . 2008-04-22 15:30 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Download Manager
2008-04-21 22:55 . 2008-04-24 16:02 <DIR> d-------- C:\Users\Walter\AppData\Roaming\LimeWire
2008-04-16 09:30 . 2008-04-16 16:34 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-14 09:31 . 2008-04-14 09:31 <DIR> d-------- C:\Users\All Users\Trymedia
2008-04-14 09:31 . 2008-04-14 09:31 <DIR> d-------- C:\ProgramData\Trymedia
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-13 15:58 . 2008-04-13 15:58 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-13 09:27 . 2008-04-13 09:27 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-13 09:26 . 2008-04-13 09:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\Walter\AppData\Roaming\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-05 14:25 . 2008-04-05 14:25 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-05 14:25 . 2007-05-30 05:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 04:34 --------- d---a-w C:\ProgramData\TEMP
2008-05-03 04:03 --------- d-----w C:\Program Files\Steam
2008-05-03 02:54 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-02 18:56 --------- d-----w C:\ProgramData\Google Updater
2008-05-02 05:45 --------- d-----w C:\Program Files\City of Heroes
2008-05-01 23:06 --------- d-----w C:\Program Files\Dl_cats
2008-04-25 00:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 00:07 --------- d-----w C:\Program Files\GRETECH
2008-04-23 22:18 --------- d-----w C:\Program Files\ATI
2008-04-22 23:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-22 03:40 --------- d-----w C:\Program Files\McAfee
2008-04-21 03:51 --------- d-----w C:\Program Files\Microsoft Games
2008-03-30 04:43 --------- d-----w C:\Program Files\Zone Labs
2008-03-30 04:40 --------- d-----w C:\ProgramData\Lavasoft
2008-03-30 04:39 --------- d-----w C:\Program Files\Lavasoft
2008-03-30 04:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 07:18 --------- d-----w C:\Users\Walter\AppData\Roaming\Auslogics
2008-03-27 23:39 --------- d-----w C:\Program Files\Auslogics
2008-03-27 23:26 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-27 06:50 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2008-03-26 07:33 --------- d-----w C:\Program Files\Audible
2008-03-25 02:34 --------- d-----w C:\Program Files\HeroStats
2008-03-23 19:19 --------- d-----w C:\Program Files\GustoSoft
2008-03-19 21:28 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-19 21:28 --------- d-----w C:\Program Files\Common Files\Real
2008-03-19 21:27 --------- d-----w C:\Program Files\Real
2008-03-18 05:58 --------- d-----w C:\Program Files\Java
2008-03-18 05:56 --------- d-----w C:\Program Files\Common Files\Java
2008-03-18 05:46 --------- d-----w C:\Program Files\Trend Micro
2008-03-18 05:09 --------- d-----w C:\Users\high way to hell\AppData\Roaming\Talkback
2008-03-18 05:08 --------- d-----w C:\Users\high way to hell\AppData\Roaming\ATI
2008-03-18 04:56 128,949,234 ----a-w C:\Windows\DUMP449d.tmp
2008-03-17 09:39 --------- d-----w C:\Users\Walter\AppData\Roaming\iSilo
2008-03-17 09:39 --------- d-----w C:\Program Files\iSilo
2008-03-15 02:35 --------- d-----w C:\Users\Walter\AppData\Roaming\Talkback
2008-03-14 03:54 --------- d-----w C:\ProgramData\WLInstaller
2008-03-13 18:58 --------- d-----w C:\Users\Walter\AppData\Roaming\ATI
2008-03-13 18:58 --------- d-----w C:\ProgramData\ATI
2008-03-13 18:51 --------- d-----w C:\Program Files\ATI Technologies
2008-03-13 06:53 --------- d-----w C:\Program Files\CDisplay
2008-03-13 06:35 --------- d-----w C:\Users\Walter\AppData\Roaming\PC Tools
2008-03-13 06:35 --------- d-----w C:\Program Files\Google
2008-03-12 08:54 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-12 08:54 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-12 08:54 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-12 08:54 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-12 08:54 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-12 08:54 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-12 08:54 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-12 08:54 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-03-12 08:42 --------- d-----w C:\Program Files\Windows Live
2008-03-12 08:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-12 08:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-12 08:34 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-12 08:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-12 08:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 08:12 --------- d-----w C:\Program Files\Microsoft Works
2008-03-12 08:11 --------- d-----w C:\Program Files\MSBuild
2008-03-12 08:07 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-12 08:01 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-12 07:47 --------- d-----w C:\Program Files\Creative
2008-03-12 07:46 --------- d-----w C:\ProgramData\Creative
2008-03-12 07:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-12 07:41 --------- d-----w C:\Users\Walter\AppData\Roaming\Apple Computer
2008-03-12 07:41 --------- d-----w C:\Program Files\iTunes
2008-03-12 07:40 --------- d-----w C:\ProgramData\Apple Computer
2008-03-12 07:40 --------- d-----w C:\Program Files\QuickTime
2008-03-12 07:40 --------- d-----w C:\Program Files\iPod
2008-03-12 07:40 --------- d-----w C:\Program Files\Bonjour
2008-03-12 07:39 --------- d-----w C:\Program Files\Apple Software Update
2008-03-12 07:38 --------- d-----w C:\ProgramData\Apple
2008-03-12 07:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-12 07:30 --------- d-----w C:\Program Files\DAP
2008-03-12 06:51 --------- d-----w C:\ProgramData\McAfee
2008-03-12 06:49 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-12 06:46 --------- d-----w C:\Program Files\McAfee.com
2008-03-12 06:39 --------- d-----w C:\ProgramData\AOL OCP
2008-03-12 06:38 --------- d-----w C:\Users\Walter\AppData\Roaming\acccore
2008-03-12 06:38 --------- d-----w C:\Program Files\AIM6
2008-03-12 06:37 --------- d-----w C:\ProgramData\Viewpoint
2008-03-12 06:37 --------- d-----w C:\ProgramData\AOL
2008-03-12 06:37 --------- d-----w C:\Program Files\Viewpoint
2008-03-12 06:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-12 06:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-12 06:23 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-12 06:21 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-12 06:21 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-12 06:21 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-12 06:19 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-12 06:19 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-12 06:17 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-12 06:17 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-12 06:17 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-12 06:17 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-12 06:16 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-03-12 06:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-12 04:56 --------- d-----w C:\Program Files\UltraISO
2008-03-12 04:56 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-03-12 04:47 --------- d-----w C:\Program Files\MSXML 4.0
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-04-24_16.47.09.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 22:14:21 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-03 07:00:37 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-21 03:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-04-23 22:18:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-03 07:01:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-23 22:18:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-03 07:01:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-04-24 22:25:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-03 05:45:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-24 22:25:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-03 05:45:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-24 22:25:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-03 05:45:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-24 23:11:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-03 02:45:43 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2003-05-22 20:26:16 638,976 ----a-w C:\Windows\System32\divx.dll
+ 2006-11-02 08:51:31 514,560 ----a-w C:\Windows\System32\drivers\xnacc.sys
- 2008-04-23 00:13:08 1,627,880 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-05-03 06:51:11 1,627,912 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2003-05-22 07:50:34 1,700,352 ----a-w C:\Windows\System32\GdiPlus.dll
+ 2003-05-22 07:50:36 261,632 ----a-w C:\Windows\System32\mcdvd_32.dll
+ 2002-01-05 23:48:16 974,848 ----a-w C:\Windows\System32\mfc70.dll
+ 2002-08-20 08:41:12 413,760 ----a-w C:\Windows\System32\mpg4c32.dll
+ 2002-01-05 22:40:18 487,424 ----a-w C:\Windows\System32\msvcp70.dll
+ 2002-01-05 10:37:26 344,064 ----a-w C:\Windows\System32\msvcr70.dll
+ 2004-08-03 16:56:46 701,440 ----a-w C:\Windows\System32\msxml2.dll
+ 2001-08-23 12:00:00 37,916 ----a-w C:\Windows\System32\msxml2r.dll
- 2008-04-17 06:23:41 104,662 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-03 04:57:22 104,662 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-17 06:23:41 621,314 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-03 04:57:22 621,314 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-23 22:18:42 7,052 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561321763-1897004747-691077370-1000_UserData.bin
+ 2008-04-30 01:42:08 7,304 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561321763-1897004747-691077370-1000_UserData.bin
- 2008-04-23 22:18:41 45,626 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-03 02:51:01 46,946 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-03 02:46:20 2,900 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-04-23 22:18:34 32,890 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-30 01:41:53 34,302 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-22 23:08:05 177,354 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-04-30 16:43:14 182,006 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2004-07-04 04:59:06 524,288 ----a-w C:\Windows\System32\xvidcore.dll
+ 2004-07-04 05:08:04 139,264 ----a-w C:\Windows\System32\xvidvfw.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-11 23:18 1232896]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 13:50 50528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 23:32 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 09:58 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"Auslogics BoostSpeed 4"="C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-03-07 12:04 250368]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 09:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-12 00:07 3057152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 14:27 185896]
"DLBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 17:34 73728]
"dlbtmon.exe"="C:\Program Files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 18:23 431600]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []

C:\Users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 14:40:16 1697112]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-12 23:32:37 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5375C627-C2F3-4286-ADE7-7DAFBCD7E952}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{222D6355-B5D0-40A7-B61A-C1C9BA899DC9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{68C64655-F588-4742-A6D0-D5925A3D5F93}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73FF717A-9533-43B4-BA66-B5FEEE31D5C8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E73C4CBD-C7AC-4F90-9817-FF364BCFED22}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7248949B-43BA-45A4-9947-AE667739DC23}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9DFF5E04-65B8-44E1-8CFA-BB74DB01375B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9BA85FCB-941C-4FB2-A2B4-82FC8AAD062D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DE307A62-97EF-4BB1-86CA-71FFFE7B59B0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2C59216C-196D-4540-8418-233CA13AAED3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{628290DE-FDF5-4BB7-8EB7-C722DA091F29}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F1177328-BF7F-4328-B5B1-A6DB734C957D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69193BC4-C2DF-4869-9532-EA30A8521921}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E24C346-F777-43F0-8B31-46C3BD0ADC67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77A54C50-DDCB-4391-AB88-8735C57A7668}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5D396C73-EF86-4D50-8AE3-3EFB2497E1D0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C556D100-0709-460E-9412-E0E742A821A3}"= UDP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{3BA8FCCD-1B38-4F31-8B22-6DCD139DFB2E}"= TCP:C:\Windows\System32\dlbtcoms.exe:Lexmark Communications System
"{177A5AE4-F818-429E-B295-43F610C04178}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{0CA471D2-6293-413B-B045-7A4DBF8505ED}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\dlbtpswx.exe:Printer Status Window
"{ECB5E892-5649-4CEC-93C8-44A18B855F26}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{34C1A860-63AC-4F24-B256-F893E622795D}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTmon.exe:Device Monitor
"{647D5EF8-B3C6-4F9D-8B47-5D81B8728B25}"= UDP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{141CB9E7-63A7-426A-9BB8-DE44B80E6D82}"= TCP:C:\Program Files\Dell Photo AIO Printer 922\DLBTaiox.exe:All In One Center
"{A3A109FF-F29C-4C43-8B75-B42256D91804}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0AFC2C31-FF24-4812-8CC1-1264FBF0000A}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D72D6220-768C-49E9-9D5C-7AF937970D11}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{82537A76-1267-4184-AC58-6E0B8B4CB981}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-25 22:53]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-02 19:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 05:51:59 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-15 15:03:49 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-01 08:00:06 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-03 03:44:16 C:\Windows\Tasks\User_Feed_Synchronization-{8FF99394-19BE-4996-95CA-73822EBB8EA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 00:01:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> G:\Windows\system32\NSI.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-03 0:08:45 - machine was rebooted [Walter]
ComboFix-quarantined-files.txt 2008-05-03 07:08:40
ComboFix2.txt 2008-04-26 20:36:35
ComboFix3.txt 2008-04-24 23:47:57
ComboFix4.txt 2008-04-13 17:16:58
ComboFix5.txt 2008-04-12 22:50:29

Pre-Run: 30,886,354,944 bytes free
Post-Run: 30,781,218,816 bytes free

350 --- E O F --- 2008-03-12 08:56:46
hogter
Active Member
 
Posts: 14
Joined: April 5th, 2008, 8:28 pm

Re: cp ussage 100% please help

Unread postby gringo_pr » May 3rd, 2008, 6:27 pm

Hello hogter

well those logs look alot better

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

:Time for some housekeeping:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image


:Set correct settings for files:
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please check Hide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

:clear system restore points:
    This is a good time to clear your existing system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.

:Make your Internet Explorer more secure:

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


:antispyware programs:
    you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also

    I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
    • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

    • Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.
    • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
    • IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.


Consider a custom hosts file
    Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial by WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

Malware Complaints
If you were infected .... Stand Up and be Counted.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.


Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: cp ussage 100% please help

Unread postby NonSuch » May 7th, 2008, 6:44 pm

Hogter this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware