Computer seems to be heavily infected, need comfirmation
-
Computer seems to be heavily infected, need comfirmation
hey. you may remember be from http://www.d-a-l.com/help/spyware-ad...ups-virus.html
Well im back! with the same kind of trojan as before and lots..lots more, Vundo came back and alot of others decided to come aswell. Unlike my last problems its not popups im getting. My computer is running very slowly (as if its making my HDD run at 10% rates), Windows failed to boot one time had to restart, couldnt log on as nothing displayed apart from background picture had to reboot and on EVERY SITE i visit it is labelling the top banners etc with "Your PC has lots of trojans blah blah download this it will get rid of it for sure!" lol but yeah i aint that stupid 
So im kind of stuck here, ive done all the scans and fixxed unwanted things in hijack this myself and it has got rid of about half of them (at first i thought i was clean until today i got hit hard with alot of them) so now im just wondering if combo fix is the next step.
BY THE WAY, the most major problem i have is I CANNOT DOWNLOAD any software, luckily i have combofix from the last problem i have hopefully its not outdated but any other programs you link i doubt it will download. its just giving security zone errors for some reason...even in firefox. and i didnt change any settings. - FIXED - Turns out IE settings apply to firefox settings now. but yeah im able to download
That scan i had to stop half way through due to malwarebytes requesting a reboot to delete what it had found.
Also i just noticed these files in my Documents and Settings folder
I have NEVER played runescape and neither has anyone on this computer and i have no idea who Jagex is...This is now making me really worried just from seeing this
*****I am currently running a full system scan with Malwarebytes and as it stands cant get the logs at this moment in time so if you are reading this it means i havent updated my post yet and im still scanning*****
EDIT: Forgot to say that i had processes running like frmwrk32.exe and ntdll64 etc that i cancelled through task manager. Also my Spybody S&D found spyware connected to Shutting down windows firewall, taskmanager and security centre.
Ok heres my Hijackthis log.
And before you say REMOVE THE WINSOCK entries on there, i CANT, hijackthis says to go download another program which deals with that on cexx.org but as u are aware i CANNOT download so im stuck on that front. i was able to download to the zip file but any exe's i cant download. and my WinRar now crashes upon open so cannot read zip files anymore - FIXED - Read above, was able to download again and used the program to fix the winsocks, now they dont display in hijackthis - Still getting problems though overall
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:01, on 03/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GameRenders
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\dean\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\dean\locals~1\temp\ntdll64.dll
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98ba08cd46ce) (gupdate1c98ba08cd46ce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 9623 bytes
Last edited by Neal; 04-03-2009 at 12:04 AM.
-
I would love to know what websites you went to to get this messed up.
NEVER, NEVER, NEVER, USE HIJACKTHIS TO FIX A WINDSOCK PROBLEM LIKE YOU HAVE
Yes combofix may be out of date now as it updates regularly, but you don't have a choice and I will give the instructions for useing the one you got.
Also let's remove the screenshots so it makes for easier posting and thanks for doing that and for posting them.
Visit this page below to familiarize yourself to the tool below and download from one of the links provided.
A guide and tutorial on using ComboFix
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Disable your antivirus program and any realtime malware scanners and script blockers now
How To Disable
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Re-enable your anti-virus and re-connect back to the internet and post the combofix log.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
ComboFix SHOULD NOT be used unless requested by a forum helper.
-
Before i do the combo fix im still just running a few final scans.
Anyhow heres the update on the problem. I dont see anymore embedded labels on websites saying my computer needs to scan etc. for just now.
i CAN download again. it turns out my IE settings got turned to full security and it applied it to my firefox settings aswell (didnt know IE settings affected firefox?) and so i was able to download the program hijackthis suggested to remove the winsocks (Didnt realise not to remove them before you said in your post) but it HAS removed all the labelling on websites etc ever since i used it.
Mmmm what else. oh yeah my AVG scan isnt fully finished yet but its caught 2 more trojans...heres the details.
C:\WINDOWS\system32\userinit.exe ------- Trojan Horse SHeur2.TOG
C:\WINDOWS\system32\userinit.exe (1732) ------ Same as above. one has a paper icon and one has a spike ball icon on AVG. the spike ball icon is the one with the 1732 number on it.
I also shut down that process once i was made aware of it being infected... since i only thought it was used if you were fast switching in XP between accounts. which im not.
Anyhow another hour and both scans should be done and ill post an updated system status then combo fix
EDIT: Be Easier if i screenshot this for you to show you. My AVG scan finally finished here were the results.
P.S yeah i would love to know too Neal, my brother is always downloading on torrents etc just like last time i had a problem but i can never pin point it down to him visiting torrent sites to get the actual torrent file. And hes a very arrogant guy so if you say its that he'll just say no its not its you its not me blah blah.
Hes a pain in the ass but i cant do anything about it until i get evidence linking it to his account...which i wont ever get so im left to fix the computer
Also...maybe strange but i cant defrag my system, open up defragmenter and hit analyse and defrag each one just says Defragmenter Could Not Start.
And yeah ive got 15%+ space available for it....strange.
And thanks alot for helping Neal
Last edited by Neal; 06-03-2009 at 01:03 AM.
-
New Hijackthis log. Should i go ahead with the combo fix? also. Whats the best way to test your hard disk for actual faults on the disk...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:41, on 04/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GameRenders
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98ba08cd46ce) (gupdate1c98ba08cd46ce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 8564 bytes
__________________________________________________ __________________________________________________ __________________________________________________ ____
COMBO FIX COMPLETE HERES THE LOG
ComboFix 09-03-02.03 - Dean 2009-03-04 0:47:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1640 [GMT 0:00]
Running from: c:\documents and settings\Dean\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\1000.exe
c:\windows\system32\998.exe
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekamltitltn.sys
c:\windows\system32\init32.exe
c:\windows\system32\senekabobqaomp.dat
c:\windows\system32\senekagruhhqwn.dll
c:\windows\system32\senekatpoduqfv.dat
c:\windows\system32\senekavkdudqpq.dll
c:\windows\system32\senekaxjovrjky.dll
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\userinit.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.
2009-03-02 23:35 . 2009-03-02 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\media center programs
2009-03-02 21:35 . 2009-03-02 21:35 <DIR> d-------- c:\program files\Funcom
2009-03-02 14:27 . 2009-03-02 14:28 885,580 --a------ c:\windows\system32\rn.tmp
2009-02-27 18:48 . 2009-02-27 18:48 <DIR> d-------- c:\documents and settings\Grant\Application Data\VMware
2009-02-26 18:46 . 2009-02-26 18:46 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-25 23:26 . 2009-03-03 20:34 <DIR> d-------- c:\documents and settings\Dean\Application Data\VMware
2009-02-25 23:11 . 2009-03-03 19:34 <DIR> d-------- c:\documents and settings\LocalService\Application Data\VMware
2009-02-25 23:09 . 2009-02-25 23:09 1,024 --a------ C:\.rnd
2009-02-25 23:08 . 2009-03-03 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\VMware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-04 00:57 --------- d-----w c:\documents and settings\Dean\Application Data\Xfire
2009-03-04 00:56 --------- d-----w c:\program files\Steam
2009-03-04 00:56 --------- d-----w c:\documents and settings\Dean\Application Data\Skype
2009-03-04 00:06 8,565 ----a-w c:\program files\hijackthis.log
2009-03-04 00:05 --------- d-----w c:\documents and settings\Dean\Application Data\skypePM
2009-03-04 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-03 19:42 --------- d-----w c:\program files\backups
2009-03-03 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-03 15:17 --------- d-----w c:\documents and settings\Grant\Application Data\uTorrent
2009-03-03 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-02 23:11 --------- d-----w c:\program files\Xfire
2009-03-02 18:55 --------- d-----w c:\program files\World of Warcraft
2009-03-02 00:38 --------- d-----w c:\program files\SpeedFan
2009-02-25 22:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 22:37 --------- d-----w c:\program files\EA GAMES
2009-02-22 05:02 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-15 04:11 --------- d-----w c:\documents and settings\Dean\Application Data\Azureus
2009-02-15 03:49 --------- d-----w c:\program files\Azureus
2009-02-12 03:02 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-11 23:47 --------- d-----w c:\program files\Google
2009-02-06 18:57 --------- d-----w c:\program files\Classic Roulette
2009-02-03 18:31 --------- d-----w c:\documents and settings\Dean\Application Data\uTorrent
2009-01-11 03:43 --------- d-----w c:\documents and settings\Grant\Application Data\LimeWire
2008-12-26 20:07 413 ----a-w c:\program files\Shortcut to HijackThis.lnk
2008-08-28 13:42 24 -c--a-w c:\documents and settings\Dean\jagex_runescape_preferences.dat
2008-08-14 01:00 396,288 ----a-w c:\program files\HijackThis.exe
2008-06-10 15:28 9 -c--a-w c:\documents and settings\Dean\status.bin
2008-04-28 15:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
------- Sigcheck -------
2008-04-14 00:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\userinit.exe
2009-03-03 18:45 104960 f4e1da840459088599f05d5bc3d1f689 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-12-28_ 0.31.19.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-14 15:52:22 121,856 ----a-w c:\windows\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w c:\windows\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w c:\windows\$hf_mig$\KB915865\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 ----a-w c:\windows\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2008-05-27 17:31:16 765,952 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\update\updspapi.dll
+ 2008-10-16 20:24:09 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 20:24:09 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 20:24:09 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 20:24:09 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 20:24:09 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 20:24:09 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 20:24:09 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 20:24:09 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 20:24:09 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 20:24:09 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 20:24:09 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 20:24:09 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 20:24:10 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 20:24:10 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 20:24:10 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 20:24:10 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 20:24:10 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 20:24:10 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 20:24:10 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 20:24:10 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 20:24:10 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 20:24:10 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 20:24:11 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 20:24:11 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 20:24:11 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-12-11 10:24:44 333,184 ----a-w c:\windows\$hf_mig$\KB958687\SP2QFE\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3GDR\srv.sys
+ 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
+ 2008-12-13 06:26:56 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2006-05-25 10:29:04 213,216 -c----w c:\windows\$NtServicePackUninstallIDNMitigationAPI s$\spuninst\spuninst.exe
+ 2006-05-25 10:29:04 371,424 -c----w c:\windows\$NtServicePackUninstallIDNMitigationAPI s$\spuninst\updspapi.dll
+ 2006-05-24 12:32:48 213,216 -c----w c:\windows\$NtServicePackUninstallNLSDownlevelMapp ing$\spuninst\spuninst.exe
+ 2006-05-24 12:32:48 371,424 -c----w c:\windows\$NtServicePackUninstallNLSDownlevelMapp ing$\spuninst\updspapi.dll
- 2008-11-06 03:19:06 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVid eoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
+ 2009-03-02 23:35:58 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVid eoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
- 2008-11-06 03:19:06 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnost ics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
+ 2009-03-02 23:35:58 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnost ics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
- 2008-11-06 03:19:07 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D \1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
+ 2009-03-02 23:35:58 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D \1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
- 2008-11-06 03:19:01 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:55 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:02 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:56 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:02 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:56 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:03 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:56 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:03 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:57 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:04 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:57 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:04 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:57 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:04 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:57 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:05 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:58 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:07 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2009-03-02 23:35:58 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D X\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2008-11-06 03:19:08 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDr aw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
+ 2009-03-02 23:35:58 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDr aw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
- 2008-11-06 03:19:08 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectIn put\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
+ 2009-03-02 23:35:58 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectIn put\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
- 2008-11-06 03:19:08 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPl ay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
+ 2009-03-02 23:35:59 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPl ay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
- 2008-11-06 03:19:09 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSo und\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
+ 2009-03-02 23:35:59 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSo und\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
- 2008-11-06 03:19:06 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902 .0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-03-02 23:35:58 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902 .0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2006-02-28 12:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2006-02-28 12:00:00 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2006-02-28 12:00:00 35,328 -c--a-w c:\windows\ie7\corpol.dll
+ 2006-02-28 12:00:00 28,672 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-10-16 10:37:02 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-10-16 10:37:02 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-10-16 10:37:02 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2006-02-28 12:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2006-02-28 12:00:00 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2006-02-28 12:00:00 139,264 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2006-02-28 12:00:00 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2006-02-28 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2006-02-28 12:00:00 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2006-02-28 12:00:00 81,920 -c--a-w c:\windows\ie7\ieencode.dll
+ 2008-10-16 10:37:02 251,392 -c--a-w c:\windows\ie7\iepeers.dll
+ 2006-02-28 12:00:00 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2006-02-28 12:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2006-02-28 12:00:00 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2006-02-28 12:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-10-16 10:37:02 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w c:\windows\ie7\jscript.dll
+ 2008-10-16 10:37:03 16,384 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2006-02-28 12:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2006-02-28 12:00:00 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:33:23 3,060,224 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-10-16 10:37:03 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2006-02-28 12:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2006-02-28 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-10-16 10:37:02 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-10-16 10:37:02 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2006-02-28 12:00:00 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-10-16 10:37:02 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 18:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 18:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 17:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 17:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2006-02-28 12:00:00 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-10-16 10:37:04 615,936 -c--a-w c:\windows\ie7\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w c:\windows\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2006-02-28 12:00:00 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-10-16 10:37:03 659,456 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 18:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:31:54 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 18:39:00 123,904 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2007-08-13 18:35:46 346,624 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2007-08-13 18:35:38 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2007-08-13 18:54:10 131,584 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2007-08-13 18:36:26 61,952 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2007-08-13 18:39:06 54,784 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2007-08-13 18:39:26 152,064 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2007-08-13 18:39:54 229,376 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2007-08-13 17
54 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-02-12 16:10:12 2,451,312 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat
+ 2007-07-11 12:27:48 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2007-08-13 18:39:50 382,976 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2007-08-13 18:54:10 6,049,280 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2007-08-13 18:39:10 43,008 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2007-08-13 18:34:04 266,752 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2007-08-13 18:39:10 13,312 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2007-08-13 18:43:56 622,080 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2007-08-13 18:54:10 27,136 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2007-08-13 18:54:10 458,752 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2007-08-13 18:54:10 50,688 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2007-08-13 18:54:10 475,648 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2007-08-13 18:44:26 192,000 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2007-08-13 18:54:10 670,720 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2007-08-13 18:44:06 101,376 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2007-08-13 18:36:12 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2007-08-13 18:44:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2007-08-13 18:54:10 1,162,240 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2007-08-13 18:54:10 231,424 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2007-08-13 18:54:10 818,688 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2007-08-13 18:54:12 3,578,368 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2009-02-10 16:54:07 363,246 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ARPPRODUCTICON.exe
+ 2009-02-10 16:54:07 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
+ 2009-02-10 16:54:07 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
+ 2009-02-10 16:54:07 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
+ 2009-02-10 16:54:07 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
+ 2009-02-10 16:54:07 25,214 ----a-r c:\windows\Installer\{548EAC70-EE00-11DD-908C-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08 B232864A94D2864.exe
- 2008-12-11 01:19:18 20,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-12 03:02:51 20,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-11 01:19:17 217,864 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-12 03:02:51 217,864 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-11 01:19:18 18,704 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-12 03:02:51 18,704 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-11 01:19:18 35,088 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-12 03:02:52 35,088 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-11 01:19:17 845,584 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-12 03:02:50 845,584 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-11 01:19:17 922,384 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-12 03:02:50 922,384 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-11 01:19:18 888,080 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-12 03:02:51 888,080 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-11 01:19:17 1,172,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-12 03:02:49 1,172,240 ----a-r c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2000-08-31 08:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 08:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2006-02-28 12:00:00 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 18:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2006-02-28 12:00:00 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-10 19:11:52 10,520 ----a-w c:\windows\system32\avgrsstx.dll
+ 2009-02-22 05:02:19 10,520 ----a-w c:\windows\system32\avgrsstx.dll
+ 2009-03-03 18:31:54 146,552 ----a-w c:\windows\system32\config\systemprofile\Applicati on Data\Mozilla\Firefox\Profiles\v754e0xx.default\com preg.dat
+ 2009-03-03 18:32:07 16,145 ----a-w c:\windows\system32\config\systemprofile\Applicati on Data\Mozilla\Firefox\Profiles\v754e0xx.default\plu ginreg.dat
+ 2009-03-03 18:31:52 97,780 ----a-w c:\windows\system32\config\systemprofile\Applicati on Data\Mozilla\Firefox\Profiles\v754e0xx.default\xpt i.dat
- 2008-12-23 18:00:50 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-03-04 00:16:59 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-12-23 18:00:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-04 00:16:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-28 12:00:00 35,328 ----a-w c:\windows\system32\corpol.dll
+ 2007-08-13 18:42:54 17,408 ----a-w c:\windows\system32\corpol.dll
+ 2008-07-10 11:00:58 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll
+ 2008-10-10 04:52:38 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
+ 2008-07-10 11:01:00 467,984 ----a-w c:\windows\system32\d3dx10_39.dll
+ 2008-10-10 04:52:38 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
+ 2008-07-10 11:00:58 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll
+ 2008-10-10 04:52:38 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
- 2006-02-28 12:00:00 61,440 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 18:39:20 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2006-02-28 12:00:00 99,840 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2006-02-28 12:00:00 35,328 -c--a-w c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 18:42:54 17,408 -c--a-w c:\windows\system32\dllcache\corpol.dll
- 2006-02-28 12:00:00 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 18:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
- 2008-10-16 10:37:02 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 10:37:02 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 10:37:02 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2006-02-28 12:00:00 38,912 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 18:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2006-02-28 12:00:00 34,304 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00:00 139,264 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00:00 216,576 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2006-02-28 12:00:00 323,584 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 18:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2006-02-28 12:00:00 81,920 -c--a-w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 18:45:18 78,336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 10:37:02 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 18:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00:00 48,640 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2006-02-28 12:00:00 62,976 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 18:39:12 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2006-02-28 12:00:00 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2006-02-28 12:00:00 35,840 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 18:36:06 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2008-10-16 10:37:02 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 18:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2007-12-18 14:40:58 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 18:38:04 491,520 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-10-16 10:37:03 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00:00 22,016 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 18:44:18 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00:00 29,184 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 18:32:30 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2008-12-12 17:33:23 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 21:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 10:37:03 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00:00 56,832 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 18:01:12 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2006-02-28 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 18:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2008-10-16 10:37:02 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 10:37:02 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2006-02-28 12:00:00 96,256 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 10:37:02 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2007-10-26 03:36:51 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2006-02-28 12:00:00 37,888 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-10-16 10:37:04 615,936 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2007-12-18 14:40:58 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 18:54:10 413,696 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2006-02-28 12:00:00 276,480 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 10:37:03 659,456 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-08-10 19:11:49 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-22 05:02:19 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
- 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 10:37:02 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2006-06-29 08:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2006-02-28 12:00:00 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2006-02-28 12:00:00 139,264 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2006-02-28 12:00:00 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2006-02-28 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2006-02-28 12:00:00 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00:00 81,920 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-13 18:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 18:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2006-02-28 12:00:00 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2006-02-28 12:00:00 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 18:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 18:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2006-02-28 12:00:00 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 18:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 18:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2007-12-18 14:40:58 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2007-08-13 18:38:04 491,520 ----a-w c:\windows\system32\jscript.dll
- 2008-10-16 10:37:03 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-02-28 12:00:00 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 18:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 18:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2006-02-28 12:00:00 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 18:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-16 21:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 10:37:03 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00:00 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 18:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2006-02-28 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 18:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2006-06-28 17:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 08:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2006-02-28 12:00:00 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-11-06 03:23:28 68,608 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-03 20:51:53 68,608 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-06 03:23:28 436,090 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-03 20:51:53 436,090 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll
+ 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-02-28 12:00:00 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2007-12-18 14:40:58 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2007-08-13 18:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll
- 2006-02-28 12:00:00 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 18:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-10-16 10:37:03 659,456 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-27 10:04:16 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
+ 2008-07-30 06:20:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll
+ 2008-10-27 10:04:16 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
+ 2008-07-30 06:20:56 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll
+ 2008-10-27 10:04:14 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
+ 2008-07-30 06:20:56 509,448 ----a-w c:\windows\system32\XAudio2_2.dll
+ 2008-10-27 10:04:18 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
+ 2006-07-14 15:51:51 121,856 ------w c:\windows\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-03 21898024]
"Steam"="c:\program files\steam\steam.exe" [2008-12-20 1410296]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-22 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\Dean\Start Menu\Programs\Startup\
Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2007-08-02 2979080]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-26 3017040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 319488]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-22 05:02 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Dean\\Desktop\\glider\\hfymaipugz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\d3ath1234\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\d3ath1234\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\d3ath1234\\garrysmod\\hl2 .exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Steam\\steamapps\\d3ath1234\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Dean\\My Documents\\My Music\\RF Online\\RF.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\RndLabs\\BaboViolent 2\\bv2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\d3ath1234\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\d3ath1234\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Dean\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"32937:TCP"= 32937:TCP:u
"32937:UDP"= 32937:UDP:uu
"41431:TCP"= 41431:TCP:utorrent
"41431:UDP"= 41431:UDP:utorrent
"3074:UDP"= 3074:UDP:Xbox
"3074:TCP"= 3074:TCP:Xbox
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-10 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-10 298264]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStra p.sys [2008-02-22 4224]
S2 gupdate1c98ba08cd46ce;Google Update Service (gupdate1c98ba08cd46ce);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-09-13 20608]
S3 XDva145;XDva145;\??\c:\windows\system32\XDva145.sy s --> c:\windows\system32\XDva145.sys [?]
S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;c:\windows\system32\ZDCndis5.sys [2008-09-13 19072]
.
Contents of the 'Scheduled Tasks' folder
2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 16:51]
2009-03-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 16:52]
2009-03-04 c:\windows\Tasks\tbuqyhwu.job
- c:\windows\system32\mlJBSlJb.dll []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gamerenders.com/forum/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\cxabp3a8.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.gamerenders.com/forum/index.php?showforum=9
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector .dll
FF - plugin: c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\cxabp3a8.default\ext ensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dl l
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 0039
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2009-03-04 1:01:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 01:01:23
ComboFix2.txt 2008-12-28 00:31:39
Pre-Run: 6,091,997,184 bytes free
Post-Run: 6,228,111,360 bytes free
717 --- E O F --- 2009-02-25 17:43:32
Last edited by Anti; 04-03-2009 at 02:09 AM.
-
Next:
Download SDFIX and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
- In Safe Mode, right click the SDFix.zip folder and choose Extract All,
- Open the extracted folder and double click RunThis.bat to start the script.
- Type Y to begin the script.
- It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- Your system will take longer that normal to restart as the fixtool will be running and removing files.
- When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
- Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
* Please download Malwarebytes' Anti-Malware from HERE or HERE
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and zLaunch Malwarebytes Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
