My computer definitely has a virus and I have been unable to rid my computer of it. I have completed all of the steps that I should before posting and have attached a HJT log from before and after my cleaning, plus a Malwarebytes log.
These are symptoms of my computer:
Google searches take me to various unrelated websites.
Computer is very slow and bogged down and so is internet.
Suspicious dwm.exe process is taking up all of my cpu usage.
please help in anyway possible
Jump to PostHi and welcome to the Daniweb forums :).
==========
Please do not attach your logs unless requested. Copy and paste the logs so that the volunteers here do not have to download files from your infected pc onto theirs.
Jump to PostPlease download FixWareout from this site:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
…
Jump to PostUpdate Malwarebytes Anti-malware and make sure the version number is 1.28 and the database version is 1229.
Run it again and remove what it finds. Post the new log.
Jump to PostPlease download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your …
Hi and welcome to the Daniweb forums :).
==========
Please do not attach your logs unless requested. Copy and paste the logs so that the volunteers here do not have to download files from your infected pc onto theirs.
Sorry about that here's my logs:
HJT First log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:48 PM, on 9/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Css] C:\Users\Nick Karambelas\css.exe
O4 - HKLM\..\Run: [ppxcs] C:\Users\Nick Karambelas\ppxcs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [343.tmp] C:\Windows\temp\343.tmp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBA7194-C061-4D31-AFB8-DF7783216D78}: NameServer = 85.255.113.140,85.255.112.93
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdixy.exe
--
End of file - 5003 bytes
-----------------------------------------------------------------------------------------------
Malware Bytes Log:
Malwarebytes' Anti-Malware 1.25
Database version: 1076
Windows 6.0.6000
5:33:35 PM 9/30/2008
mbam-log-09-30-2008 (17-33-35).txt
Scan type: Full Scan (C:\|)
Objects scanned: 151242
Time elapsed: 56 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{adba7194-c061-4d31-afb8-df7783216d78}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.140,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{adba7194-c061-4d31-afb8-df7783216d78}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.140,85.255.112.93 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{adba7194-c061-4d31-afb8-df7783216d78}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.140,85.255.112.93 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------------------------------------------------------------------------------------
HJT Log 2:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:00, on 10/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBA7194-C061-4D31-AFB8-DF7783216D78}: NameServer = 85.255.113.140,85.255.112.93
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdixy.exe
--
End of file - 4964 bytes
Please download FixWareout from this site:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log please.
When running it, the command prompt reads unsupported operating system. I'm using Vista
Update Malwarebytes Anti-malware and make sure the version number is 1.28 and the database version is 1229.
Run it again and remove what it finds. Post the new log.
Here's the updated malwarebytes log
- Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 6.0.6000
10/5/2008 15:54:45
mbam-log-2008-10-05 (15-54-45).txt
Scan type: Full Scan (C:\|)
Objects scanned: 154925
Time elapsed: 58 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc9lrj0ejb4 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{adba7194-c061-4d31-afb8-df7783216d78}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.140,85.255.112.93 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{adba7194-c061-4d31-afb8-df7783216d78}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.140,85.255.112.93 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{adba7194-c061-4d31-afb8-df7783216d78}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.140,85.255.112.93 -> Quarantined and deleted successfully.
Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
My combofix log:
ComboFix 08-10-05.08 - Nick Karambelas 2008-10-06 9:47:07.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2606 [GMT -6:00]
Running from: C:\Users\Nick Karambelas\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.
2008-10-04 15:26 . 2008-10-04 15:26 <DIR> d-------- C:\Users\Nick Karambelas\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-02 17:36 . 2008-10-04 19:02 <DIR> d-------- C:\fixwareout
2008-10-02 16:32 . 2008-10-02 16:32 <DIR> d-------- C:\Windows\nvtmpinst
2008-10-02 14:01 . 2008-10-02 14:01 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-10-02 14:01 . 2008-10-02 14:01 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-02 14:01 . 2008-10-02 14:01 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-02 14:01 . 2008-04-17 14:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-10-02 14:01 . 2008-04-17 14:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-30 20:37 . 2008-09-30 20:36 130,104 --a------ C:\Windows\System32\sdccoinstaller.dll
2008-09-30 20:36 . 2008-09-30 20:36 85,312 --a------ C:\Windows\System32\drivers\savonaccess.sys
2008-09-30 20:36 . 2008-09-30 20:36 20,288 --a------ C:\Windows\System32\drivers\SophosBootDriver.sys
2008-09-30 18:58 . 2008-09-30 20:06 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-29 16:45 . 2008-09-29 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 01:12 . 2008-09-30 14:18 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-09-26 01:12 . 2008-09-30 14:18 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-09-24 19:35 . 2008-09-30 14:17 <DIR> d-------- C:\Program Files\Panda Security
2008-09-21 23:39 . 2008-09-21 23:39 <DIR> d-------- C:\Program Files\Sun
2008-09-21 23:09 . 2008-09-21 23:28 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-21 23:09 . 2008-09-21 23:28 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-21 23:09 . 2008-09-21 23:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-21 23:09 . 2008-09-21 23:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 18:45 . 2008-09-17 18:45 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-09-17 18:45 . 2008-09-30 20:36 23,552 --a------ C:\Windows\System32\sophosboottasks.exe
2008-09-17 18:44 . 2008-09-17 18:44 82,432 --a------ C:\Windows\System32\msxml4r.dll
2008-09-17 18:43 . 2008-09-17 19:45 <DIR> d-------- C:\Users\All Users\Sophos
2008-09-17 18:43 . 2008-05-06 15:52 <DIR> d-------- C:\SAV7
2008-09-17 18:43 . 2008-09-17 19:45 <DIR> d-------- C:\ProgramData\Sophos
2008-09-17 18:43 . 2008-09-17 19:45 <DIR> d-------- C:\Program Files\Sophos
2008-09-17 18:41 . 2008-09-17 18:41 <DIR> d-------- C:\temp\SAV7
2008-09-15 18:10 . 2008-10-05 22:32 <DIR> d-------- C:\Users\Nick Karambelas\DC++
2008-09-12 19:03 . 2008-09-12 19:03 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-09-12 19:03 . 2008-09-12 19:03 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-09-12 19:03 . 2008-09-12 19:09 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-09-12 18:54 . 2008-09-12 19:07 <DIR> d-------- C:\Program Files\Mass Effect
2008-09-09 15:01 . 2008-07-30 17:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 15:01 . 2008-07-30 21:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-09 15:01 . 2008-06-25 21:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 15:01 . 2008-07-30 21:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-06 16:09 . 2008-09-06 16:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 16:09 . 2008-09-06 16:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 19:50 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 06:24 --------- d-----w C:\Users\Nick Karambelas\AppData\Roaming\LimeWire
2008-10-02 23:27 --------- d-----w C:\ProgramData\NVIDIA
2008-10-02 20:01 --------- d-----w C:\Program Files\iTunes
2008-10-02 20:01 --------- d-----w C:\Program Files\iPod
2008-10-02 19:59 --------- d-----w C:\Program Files\Bonjour
2008-10-02 19:58 --------- d-----w C:\Program Files\quicktime
2008-10-02 19:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-02 19:57 --------- d-----w C:\Program Files\Apple Software Update
2008-09-22 05:39 --------- d-----w C:\Program Files\java
2008-09-22 05:22 --------- d-----w C:\Users\Nick Karambelas\AppData\Roaming\Azureus
2008-09-18 21:49 --------- d-----w C:\Program Files\AMD
2008-09-18 00:40 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-09-10 06:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-10 06:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-03 22:52 --------- d-----w C:\Program Files\Audacity
2008-09-02 00:59 --------- d-----w C:\Program Files\DC++
2008-08-29 17:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 18:46 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-08-28 05:27 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-28 05:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 21:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-23 18:10 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-23 18:08 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-08-23 17:43 --------- d-----w C:\ProgramData\DVD Shrink
2008-08-23 17:43 --------- d-----w C:\Program Files\DVD Shrink
2008-08-22 19:44 --------- d-----w C:\ProgramData\Avg7
2008-08-22 19:29 --------- d-----w C:\Users\Nick Karambelas\AppData\Roaming\Malwarebytes
2008-08-22 19:29 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-22 19:23 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-08-22 19:18 --------- d-----w C:\ProgramData\Grisoft
2008-08-21 20:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 20:08 --------- d-----w C:\Program Files\MSBuild
2008-08-21 19:23 174 --sha-w C:\Program Files\desktop.ini
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Defender
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Calendar
2008-08-21 19:19 --------- d-----w C:\Program Files\BitLocker
2008-08-21 19:16 --------- d-----w C:\Program Files\ffdshow
2008-08-21 19:11 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-08-21 19:11 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-08-21 19:11 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-08-21 19:11 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-08-21 19:09 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-08-21 19:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-21 19:08 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-21 19:07 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-08-21 19:07 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-08-21 19:04 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-21 19:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-08-21 19:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-21 19:02 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-08-21 19:02 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-08-21 19:02 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-08-21 19:02 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-08-21 19:02 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-08-21 19:01 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-08-21 19:01 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-21 19:01 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-08-21 19:01 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-08-21 19:01 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-08-21 19:01 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-21 19:01 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-08-21 19:01 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-08-21 19:01 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-21 19:00 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-21 19:00 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-21 19:00 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-21 19:00 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-21 19:00 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-21 19:00 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-21 19:00 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-08-21 19:00 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-21 19:00 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-08-21 18:59 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-08-21 18:59 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-08-21 18:59 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-08-21 18:59 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-08-21 18:59 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-08-21 18:59 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-08-21 18:58 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-08-21 18:58 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-08-21 18:58 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-21 18:58 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-21 18:58 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-21 18:58 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-08-21 18:58 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-21 18:58 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-21 18:58 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-08-21 18:55 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-08-21 18:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-08-21 18:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-08-21 18:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-08-21 18:53 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-21 18:53 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-08-21 18:53 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-21 18:53 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-21 18:53 2,027,008 ----a-w C:\Windows\System32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_12.48.37.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-21 18:49:27 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
+ 2008-07-31 03:34:58 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
- 2008-08-21 18:51:51 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
+ 2008-07-31 03:34:58 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
- 2008-08-21 18:51:51 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-07-30 23:32:41 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2008-08-21 18:49:27 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
+ 2008-07-31 03:34:58 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
- 2008-08-21 18:51:51 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-07-31 03:34:58 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-09-13 01:03:27 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-09-13 01:03:27 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-09-13 01:03:27 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-09-13 01:03:23 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:24 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:24 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:24 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:25 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:25 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:25 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:26 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:26 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:27 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-13 01:03:27 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-09-13 01:03:27 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-09-13 01:03:27 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-09-13 01:03:27 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-09-13 01:03:27 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2005-10-21 03:02:28 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
- 2008-08-25 23:10:28 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-09-18 00:40:41 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-08-25 21:38:55 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-09-18 00:40:41 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-08-25 23:10:28 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-09-18 00:40:41 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-10-01 02:37:45 25,214 ----a-r C:\Windows\Installer\{034759DA-E21A-4795-BFB3-C66D17FAD183}\ARPPRODUCTICON.exe
+ 2008-10-01 02:37:45 25,214 ----a-r C:\Windows\Installer\{034759DA-E21A-4795-BFB3-C66D17FAD183}\MainGUIShortcut.exe
+ 2008-10-01 02:38:00 65,536 ----a-r C:\Windows\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}\ARPPRODUCTICON.exe
+ 2008-10-02 20:01:36 102,400 ----a-r C:\Windows\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-10-02 19:57:43 27,136 ----a-r C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-18 21:49:29 300,318 ----a-r C:\Windows\Installer\{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}\_55699751CB48445A6D7518.exe
+ 2008-09-18 21:49:29 300,318 ----a-r C:\Windows\Installer\{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}\_6FEFF9B68218417F98F549.exe
+ 2008-09-18 21:49:29 300,318 ----a-r C:\Windows\Installer\{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}\ico.exe
+ 2008-10-02 19:59:38 86,016 ----a-r C:\Windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2007-12-12 22:06:42 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2008-09-18 17:11:28 32,768 ----a-r C:\Windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2008-09-19 22:29:00 32,768 ----a-r C:\Windows\Installer\{C523D256-313D-4866-B36A-F3DE528246EF}\icon.exe
+ 2005-03-18 23:23:10 53,248 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 23:23:10 12,800 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 23:23:14 473,600 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 19:38:58 2,676,224 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 23:23:10 145,920 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 23:23:10 159,232 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 23:23:14 364,544 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 23:23:12 178,176 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 23:23:14 223,232 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 22:53:06 2,846,720 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 02:32:54 563,712 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-19 00:23:14 567,296 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 22:15:56 576,000 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-23 00:21:34 577,024 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 21:11:52 577,536 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-06 00:20:50 577,536 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 14:40:48 578,560 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 18:27:50 578,560 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2000-08-31 15:00:00 28,672 ----a-w C:\Windows\Nircmd.exe
+ 2000-08-31 14:00:00 28,672 ----a-w C:\Windows\Nircmd.exe
+ 2008-05-16 21:01:00 768,544 ----a-w C:\Windows\nvtmpinst\nvcplui.exe
+ 2008-05-16 21:01:00 313,888 ----a-w C:\Windows\nvtmpinst\nvexpbar.dll
+ 2008-09-24 07:24:51 210,384 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-26 19:16:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-06 15:39:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-26 19:16:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-06 15:39:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-22 05:14:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-22 05:14:24 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-23 18:19:50 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-09-29 22:48:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-09-22 05:14:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-26 19:43:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-06 15:46:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-23 18:20:23 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-09-29 22:48:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-08-24 19:35:00 1,023,612 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-09-17 05:34:17 1,041,219 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-08-26 19:17:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-06 15:41:30 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2000-08-31 15:00:00 161,792 ----a-w C:\Windows\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w C:\Windows\swreg.exe
- 2008-08-26 19:16:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-02 19:57:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-26 19:16:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-02 19:57:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-21 09:27:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-09-29 22:48:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-08-26 19:16:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-02 19:57:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-26 19:45:22 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-06 15:46:59 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2005-02-06 02:45:26 2,222,800 ----a-w C:\Windows\System32\d3dx9_24.dll
+ 2005-03-19 00:19:58 2,337,488 ----a-w C:\Windows\System32\d3dx9_25.dll
+ 2005-05-26 22:34:52 2,297,552 ----a-w C:\Windows\System32\d3dx9_26.dll
+ 2005-07-23 02:59:04 2,319,568 ----a-w C:\Windows\System32\d3dx9_27.dll
+ 2005-12-06 01:09:18 2,323,664 ----a-w C:\Windows\System32\d3dx9_28.dll
+ 2006-02-03 15:43:16 2,332,368 ----a-w C:\Windows\System32\d3dx9_29.dll
+ 2006-03-31 19:40:58 2,388,176 ----a-w C:\Windows\System32\d3dx9_30.dll
+ 2006-09-28 23:05:20 2,414,360 ----a-w C:\Windows\System32\d3dx9_31.dll
+ 2008-03-10 22:25:16 309,760 ----a-w C:\Windows\System32\difxapi.dll
+ 2008-04-29 18:19:50 12,960 ----a-w C:\Windows\System32\drivers\Awrtpd.sys
+ 2008-04-29 18:19:54 15,648 ----a-w C:\Windows\System32\drivers\Awrtrd.sys
+ 2008-04-29 18:20:00 15,648 ----a-w C:\Windows\System32\drivers\NSDriver.sys
+ 2005-08-17 14:45:00 58,352 ----a-w C:\Windows\System32\drivers\sscdbus.sys
+ 2005-08-17 14:47:42 6,176 ----a-w C:\Windows\System32\drivers\sscdcm.sys
+ 2005-08-17 14:47:42 6,176 ----a-w C:\Windows\System32\drivers\sscdcmnt.sys
+ 2005-08-17 14:46:20 8,272 ----a-w C:\Windows\System32\drivers\sscdmdfl.sys
+ 2005-08-17 14:46:26 93,872 ----a-w C:\Windows\System32\drivers\sscdmdm.sys
+ 2005-08-17 14:47:48 73,696 ----a-w C:\Windows\System32\drivers\sscdserd.sys
+ 2005-08-17 14:44:56 5,840 ----a-w C:\Windows\System32\drivers\sscdwh.sys
+ 2005-08-17 14:44:56 5,840 ----a-w C:\Windows\System32\drivers\sscdwhnt.sys
+ 2008-01-26 00:43:16 6,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\cioum.dll
+ 2008-03-10 22:25:16 309,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\drivers\dot4\Win2000\difxapi.dll
+ 2007-07-25 21:05:26 59,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\fxcompchannel.dll
+ 2008-03-10 22:25:02 3,044,864 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpbcfgre.DLL
+ 2008-03-10 22:30:38 566,272 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpc5r081.dll
+ 2008-02-05 21:26:36 671,816 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcdmc32.dll
+ 2008-03-10 22:30:24 496,128 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcev081.dll
+ 2008-03-10 22:30:38 1,611,264 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcls081.dll
+ 2008-03-10 22:30:34 221,696 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcpe081.dll
+ 2008-03-10 22:30:24 149,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcpn081.dll
+ 2008-03-10 22:30:24 273,408 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcpp081.dll
+ 2007-08-27 22:26:56 114,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcsat.dll
+ 2008-03-10 22:22:50 1,013,248 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcss081.dll
+ 2008-03-10 22:22:38 8,923,648 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcst081.dll
+ 2008-03-10 22:30:30 3,262,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcui081.dll
+ 2008-03-10 22:18:44 3,623,936 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpcur081.dll
+ 2008-03-10 22:25:12 86,016 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmco081.dll
+ 2008-03-10 21:48:00 331,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmdp081.dll
+ 2008-03-10 21:51:44 188,416 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmja081.DLL
+ 2008-03-10 21:53:02 290,816 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmml081.DLL
+ 2007-05-17 03:53:54 49,250 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\HPMNNDPS.DLL
+ 2007-05-17 03:53:56 49,252 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\HPMNQUE.DLL
+ 2008-03-10 22:01:28 274,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmpm081.DLL
+ 2008-03-10 22:25:22 372,736 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmprein.dll
+ 2008-03-10 22:01:00 208,896 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmpw081.DLL
+ 2008-03-10 21:48:12 1,253,376 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmsl081.dll
+ 2008-03-10 21:51:20 1,314,816 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmsn081.dll
+ 2008-03-10 22:00:50 233,472 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmtp081.dll
+ 2008-03-10 22:24:42 98,304 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmup081.bin
+ 2008-03-10 21:53:24 876,544 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmur081.DLL
+ 2008-03-10 22:00:32 1,155,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\hpmux081.dll
+ 2007-03-09 05:33:52 372,736 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\UNIDRV.DLL
+ 2007-03-09 05:33:54 740,864 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\UNIDRVUI.DLL
+ 2007-03-09 05:33:58 761,344 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpcu081b.inf_e71a96a2\UNIRES.DLL
+ 2008-03-10 22:25:46 17,432 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpmews01.inf_75e86ce1\hpfxbulk.sys
+ 2008-03-10 22:24:06 26,136 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpmews01.inf_75e86ce1\hpfxgen.sys
+ 2008-03-10 22:25:38 188,416 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpmews01.inf_75e86ce1\hpmews01.dll
+ 2008-03-10 22:25:16 309,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpzid4vp.inf_1f7f4f94\drivers\dot4\Win2000\difxapi.dll
+ 2008-03-10 22:24:02 372,736 ----a-w C:\Windows\System32\DriverStore\FileRepository\hpzid4vp.inf_1f7f4f94\drivers\dot4\Win2000\hppldcoi.dll
+ 2005-08-17 14:45:00 58,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\sscdbus.inf_a0b2b016\sscdbus.sys
+ 2005-08-17 14:44:56 5,840 ----a-w C:\Windows\System32\DriverStore\FileRepository\sscdbus.inf_a0b2b016\sscdwhnt.sys
+ 2005-08-17 14:47:42 6,176 ----a-w C:\Windows\System32\DriverStore\FileRepository\sscdsdm2.inf_6a66ca9e\sscdcmnt.sys
+ 2005-08-17 14:47:48 73,696 ----a-w C:\Windows\System32\DriverStore\FileRepository\sscdsdm2.inf_6a66ca9e\sscdserd.sys
+ 2005-08-17 14:47:42 6,176 ----a-w C:\Windows\System32\DriverStore\FileRepository\sscdw2k.inf_f18f94a7\sscdcmnt.sys
+ 2005-08-17 14:46:20 8,272 ----a-w C:\Windows\System32\DriverStore\FileRepository\sscdw2k.inf_f18f94a7\sscdmdfl.sys
+ 2005-08-17 14:46:26 93,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\sscdw2k.inf_f18f94a7\sscdmdm.sys
+ 2008-04-17 20:12:54 107,368 -c--a-w C:\Windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 20:12:54 15,464 -c--a-w C:\Windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2007-07-25 21:05:26 59,928 ----a-w C:\Windows\System32\fxcompchannel.dll
+ 2008-03-05 04:44:52 24,576 ----a-w C:\Windows\System32\hpbmiapi.dll
+ 2008-03-05 04:45:00 25,600 ----a-w C:\Windows\System32\hpboid.dll
+ 2008-03-05 04:45:04 7,680 ----a-w C:\Windows\System32\hpboidps.dll
+ 2008-03-05 04:44:58 39,936 ----a-w C:\Windows\System32\hpbpro.dll
+ 2008-03-05 04:44:50 7,680 ----a-w C:\Windows\System32\hpbprops.dll
+ 2008-03-10 22:30:24 149,504 ----a-w C:\Windows\System32\hpcpn081.dll
+ 2007-04-24 17:33:00 114,688 ----a-w C:\Windows\System32\hplbdchn.dll
+ 2008-03-10 22:25:12 86,016 ----a-w C:\Windows\System32\hpmco081.dll
+ 2008-03-10 21:51:44 188,416 ----a-w C:\Windows\System32\hpmja081.DLL
+ 2008-03-10 21:53:02 290,816 ----a-w C:\Windows\System32\hpmml081.DLL
+ 2007-05-17 03:53:54 49,250 ----a-w C:\Windows\System32\HPMNNDPS.DLL
+ 2007-05-17 03:53:56 49,252 ----a-w C:\Windows\System32\HPMNQUE.DLL
+ 2008-03-10 22:01:28 274,432 ----a-w C:\Windows\System32\hpmpm081.DLL
+ 2008-03-10 22:25:22 372,736 ----a-w C:\Windows\System32\hpmprein.dll
+ 2008-03-10 22:01:00 208,896 ----a-w C:\Windows\System32\hpmpw081.DLL
+ 2008-03-10 22:00:50 233,472 ----a-w C:\Windows\System32\hpmtp081.dll
+ 2008-02-28 18:53:18 49,152 ----a-w C:\Windows\System32\HPZidr12.dll
+ 2008-02-28 18:53:18 43,520 ----a-w C:\Windows\System32\HPZinw12.dll
+ 2008-02-28 18:53:18 53,248 ----a-w C:\Windows\System32\HPZipm12.dll
+ 2008-02-28 18:53:18 33,792 ----a-w C:\Windows\System32\HPZipr12.dll
+ 2008-02-28 18:53:20 29,696 ----a-w C:\Windows\System32\hpzipt12.dll
+ 2008-02-28 18:53:20 20,992 ----a-w C:\Windows\System32\hpzisn12.dll
+ 2008-08-21 19:09:09 53,760 ----a-w C:\Windows\System32\kdixy.exe
+ 2007-07-27 21:49:02 196,683 ----a-w C:\Windows\System32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w C:\Windows\System32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w C:\Windows\System32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w C:\Windows\System32\lnod32upd.dll
+ 2008-05-16 18:58:04 12,632 ----a-w C:\Windows\System32\lsdelete.exe
- 2008-08-05 18:11:02 15,888,504 ----a-w C:\Windows\System32\mrt.exe
+ 2007-06-06 06:38:42 15,747,032 ----a-w C:\Windows\System32\mrt.exe
+ 2007-08-25 01:08:24 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
+ 2008-09-01 20:45:09 2,456 ----a-w C:\Windows\System32\networklist\icons\{436805EA-4320-4BA8-8638-1135CB7BFA6B}_24.bin
+ 2008-09-01 20:45:09 4,280 ----a-w C:\Windows\System32\networklist\icons\{436805EA-4320-4BA8-8638-1135CB7BFA6B}_32.bin
+ 2008-09-01 20:45:09 9,560 ----a-w C:\Windows\System32\networklist\icons\{436805EA-4320-4BA8-8638-1135CB7BFA6B}_48.bin
+ 2008-08-28 03:13:48 2,456 ----a-w C:\Windows\System32\networklist\icons\{D889E861-7193-4B0E-AF65-B2A0D6F8994B}_24.bin
+ 2008-08-28 03:13:48 4,280 ----a-w C:\Windows\System32\networklist\icons\{D889E861-7193-4B0E-AF65-B2A0D6F8994B}_32.bin
+ 2008-08-28 03:13:48 9,560 ----a-w C:\Windows\System32\networklist\icons\{D889E861-7193-4B0E-AF65-B2A0D6F8994B}_48.bin
+ 2008-02-11 16:39:26 253,952 ----a-w C:\Windows\System32\OnlineScannerDLLA.dll
+ 2008-02-11 16:39:18 237,568 ----a-w C:\Windows\System32\OnlineScannerDLLW.dll
+ 2008-02-08 20:53:46 110,592 ----a-w C:\Windows\System32\OnlineScannerLang.dll
+ 2008-02-05 15:48:04 77,824 ----a-w C:\Windows\System32\OnlineScannerUninstaller.exe
- 2008-08-26 19:23:09 103,818 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-06 15:46:46 104,662 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-26 19:23:09 618,410 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-06 15:46:46 621,314 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-26 19:21:52 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-09-20 00:31:06 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-01-26 00:43:16 6,656 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\cioum.dll
+ 2008-03-10 22:25:02 3,044,864 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpbcfgre.DLL
+ 2008-03-10 22:30:38 566,272 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpc5r081.dll
+ 2008-02-05 21:26:36 671,816 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2008-03-10 22:30:24 496,128 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcev081.dll
+ 2008-03-10 22:30:38 1,611,264 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcls081.dll
+ 2008-03-10 22:30:34 221,696 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcpe081.dll
+ 2008-03-10 22:30:24 149,504 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcpn081.dll
+ 2007-08-27 22:26:56 114,688 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcsat.dll
+ 2008-03-10 22:22:50 1,013,248 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcss081.dll
+ 2008-03-10 22:22:38 8,923,648 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcst081.dll
+ 2008-03-10 22:30:30 3,262,976 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcui081.dll
+ 2008-03-10 22:18:44 3,623,936 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpcur081.dll
+ 2008-03-10 21:48:00 331,776 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmdp081.dll
+ 2008-03-10 22:01:28 274,432 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmpm081.DLL
+ 2008-03-10 22:01:00 208,896 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmpw081.DLL
+ 2008-03-10 21:48:12 1,253,376 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmsl081.dll
+ 2008-03-10 21:51:20 1,314,816 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmsn081.dll
+ 2008-03-10 22:24:42 98,304 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmup081.bin
+ 2008-03-10 21:53:24 876,544 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmur081.DLL
+ 2008-03-10 22:00:32 1,155,072 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\hpmux081.dll
- 2006-11-02 09:46:13 372,736 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2007-03-09 05:33:52 372,736 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\unidrv.dll
- 2006-11-02 09:46:11 740,864 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-03-09 05:33:54 740,864 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\UNIDRVUI.DLL
- 2006-11-02 09:41:12 761,344 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-03-09 05:33:58 761,344 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2008-03-10 22:30:24 273,408 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\hpcpp081.dll
+ 2006-11-02 09:45:39 31,744 ----a-w C:\Windows\System32\swsc.exe
+ 2004-12-07 17:11:34 258,352 ----a-w C:\Windows\System32\unicows.dll
- 2008-08-25 19:21:42 3,358 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3312959801-2069077902-2715544259-1000_UserData.bin
+ 2008-10-06 15:42:24 7,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3312959801-2069077902-2715544259-1000_UserData.bin
- 2008-08-25 19:21:42 50,746 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-06 15:42:24 57,810 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-26 19:18:43 25,664 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-06 15:42:23 33,184 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-08-21 08:58:47 549,720 ----a-w C:\Windows\System32\wuapi.dll
+ 2008-07-19 05:09:42 563,912 ----a-w C:\Windows\System32\wuapi.dll
- 2008-08-21 08:58:47 80,896 ----a-w C:\Windows\System32\wudriver.dll
+ 2008-07-19 03:44:12 83,456 ----a-w C:\Windows\System32\wudriver.dll
- 2008-08-21 08:58:47 33,624 ----a-w C:\Windows\System32\wups.dll
+ 2008-07-19 05:10:18 36,552 ----a-w C:\Windows\System32\wups.dll
+ 2006-02-03 15:41:26 14,032 ----a-w C:\Windows\System32\x3daudio1_0.dll
+ 2006-09-28 23:03:28 15,128 ----a-w C:\Windows\System32\x3daudio1_1.dll
+ 2006-02-03 15:42:06 230,096 ----a-w C:\Windows\System32\xactengine2_0.dll
+ 2006-03-31 19:39:48 229,584 ----a-w C:\Windows\System32\xactengine2_1.dll
+ 2006-05-31 14:24:16 230,168 ----a-w C:\Windows\System32\xactengine2_2.dll
+ 2006-07-28 16:30:32 236,824 ----a-w C:\Windows\System32\xactengine2_3.dll
+ 2006-09-28 23:05:56 237,848 ----a-w C:\Windows\System32\xactengine2_4.dll
+ 2006-03-31 19:39:24 62,672 ----a-w C:\Windows\System32\xinput1_1.dll
+ 2006-07-28 16:30:14 62,744 ----a-w C:\Windows\System32\xinput1_2.dll
+ 2006-09-28 23:04:02 68,888 ----a-w C:\Windows\System32\xinput1_3.dll
+ 2008-09-18 21:49:29 516,096 ----a-w C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_c905be8887838ff2\msvcm80.dll
+ 2008-09-18 21:49:29 1,061,376 ----a-w C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_c905be8887838ff2\msvcp80.dll
+ 2008-09-18 21:49:29 796,672 ----a-w C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_c905be8887838ff2\msvcr80.dll
- 2008-08-26 19:25:52 111,800,203 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-09-19 22:29:01 116,737,370 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-01-05 11:25:52 10,752 ----a-w C:\Windows\winsxs\msil_accessibility_b03f5f7f11d50a3a_6.0.6001.18000_none_4daadb2992fccae3\Accessibility.dll
+ 2008-01-05 11:25:59 507,904 ----a-w C:\Windows\winsxs\msil_aspnetmmcext_b03f5f7f11d50a3a_6.0.6001.18000_none_80788ff09691ea12\AspNetMMCExt.dll
+ 2008-01-05 11:21:39 159,744 ----a-w C:\Windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6001.18000_none_eb88779ed49a6902\ComSvcConfig.exe
+ 2008-01-05 11:26:08 13,312 ----a-w C:\Windows\winsxs\msil_cscompmgd_b03f5f7f11d50a3a_6.0.6001.18000_none_18976a98aa08b000\cscompmgd.dll
+ 2008-01-05 11:26:11 5,120 ----a-w C:\Windows\winsxs\msil_dfsvc_b03f5f7f11d50a3a_6.0.6001.18000_none_65cd46c688fe7d3f\dfsvc.exe
+ 2008-01-19 07:38:16 827,392 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6001.18000_none_dba338aecee86e1d\ehepg.dll
+ 2008-01-19 07:38:16 139,264 ----a-w C:\Windows\winsxs\msil_ehepgdat_31bf3856ad364e35_6.0.6001.18000_none_8b50e5c11a5f5a96\ehepgdat.dll
+ 2008-01-19 07:38:17 131,072 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6001.18000_none_bee8b564bed7d168\ehexthost.exe
+ 2008-01-19 07:38:18 401,408 ----a-w C:\Windows\winsxs\msil_ehiproxy_31bf3856ad364e35_6.0.6001.18000_none_91f5a3297bfa7858\ehiProxy.dll
+ 2008-01-19 07:38:18 19,456 ----a-w C:\Windows\winsxs\msil_ehireplay_31bf3856ad364e35_6.0.6001.18000_none_bcf862ba51b911cf\ehiReplay.dll
+ 2008-01-19 07:38:19 307,200 ----a-w C:\Windows\winsxs\msil_ehividctl_31bf3856ad364e35_6.0.6001.18000_none_e8ee344685f839ec\ehiVidCtl.dll
+ 2008-01-19 07:38:19 520,192 ----a-w C:\Windows\winsxs\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18000_none_8ae1561848334562\ehRecObj.dll
+ 2008-01-19 07:38:21 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18000_none_8b9653ef419bfc6f\ehshell.dll
+ 2008-01-19 07:48:58 8,192 ----a-w C:\Windows\winsxs\msil_eventviewer.resources_31bf3856ad364e35_6.0.6001.18000_en-us_ca2c6170b5d0c6c3\EventViewer.resources.dll
+ 2008-01-19 07:38:21 364,544 ----a-w C:\Windows\winsxs\msil_eventviewer_31bf3856ad364e35_6.0.6001.18000_none_a5c054a8a914d00a\EventViewer.dll
+ 2008-01-05 11:26:12 9,728 ----a-w C:\Windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.0.6001.18000_none_7ee0408407ad3394\IEExec.exe
+ 2008-01-05 11:26:12 8,192 ----a-w C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.18000_none_ef6ed38bc5370a50\IEExecRemote.dll
+ 2008-01-05 11:26:12 77,824 ----a-w C:\Windows\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6001.18000_none_7e599118080fd00d\IEHost.dll
+ 2008-01-05 11:26:13 6,656 ----a-w C:\Windows\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6001.18000_none_8188bd9a8b6c84cc\IIEHost.dll
+ 2008-01-05 11:26:17 40,960 ----a-w C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18000_none_a7d3f834d777a15b\jsc.exe
+ 2008-01-19 07:38:31 176,128 ----a-w C:\Windows\winsxs\msil_mcstore_31bf3856ad364e35_6.0.6001.18000_none_c598a0503dd3dbc3\mcstore.dll
+ 2008-01-05 11:26:17 348,160 ----a-w C:\Windows\winsxs\msil_microsoft.build.engine_b03f5f7f11d50a3a_6.0.6001.18000_none_38a10c100e80e5bf\Microsoft.Build.Engine.dll
+ 2008-01-05 11:26:17 36,864 ----a-w C:\Windows\winsxs\msil_microsoft.build.framework_b03f5f7f11d50a3a_6.0.6001.18000_none_c2c8279b83959943\Microsoft.Build.Framework.dll
+ 2008-01-05 11:26:17 655,360 ----a-w C:\Windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6001.18000_none_9d611ce48d2f3005\Microsoft.Build.Tasks.dll
+ 2008-01-05 11:26:17 77,824 ----a-w C:\Windows\winsxs\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6001.18000_none_e2097552a504de11\Microsoft.Build.Utilities.dll
+ 2008-01-19 07:49:02 270,336 ----a-w C:\Windows\winsxs\msil_microsoft.grouppoli..reporting.resources_31bf3856ad364e35_6.0.6001.18000_en-us_e91a6c1b7a8b1dac\Microsoft.GroupPolicy.Reporting.Resources.dll
+ 2008-01-19 07:38:34 1,060,864 ----a-w C:\Windows\winsxs\msil_microsoft.grouppolicy.reporting_31bf3856ad364e35_6.0.6001.18000_none_4a0d0f9cab244c8b\Microsoft.GroupPolicy.Reporting.dll
+ 2008-01-05 11:26:19 749,568 ----a-w C:\Windows\winsxs\msil_microsoft.jscript_b03f5f7f11d50a3a_6.0.6001.18000_none_d22cfed5830f2bf0\Microsoft.JScript.dll
+ 2008-01-19 07:38:35 188,416 ----a-w C:\Windows\winsxs\msil_microsoft.managementconsole_31bf3856ad364e35_6.0.6001.18000_none_3e635a1f144f2004\Microsoft.ManagementConsole.dll
+ 2008-01-19 07:38:36 1,241,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18000_none_5093f7a695e07305\Microsoft.MediaCenter.Shell.dll
+ 2008-01-19 07:38:36 167,936 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.sports_31bf3856ad364e35_6.0.6001.18000_none_e5d3b5f2b0058c0a\Microsoft.MediaCenter.Sports.dll
+ 2008-01-19 07:38:35 204,800 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18000_none_257d9f49cc4cdc35\Microsoft.MediaCenter.dll
+ 2008-01-19 07:49:03 69,632 ----a-w C:\Windows\winsxs\msil_microsoft.tpm.resources_31bf3856ad364e35_6.0.6001.18000_en-us_97cefff56b6e9256\microsoft.tpm.resources.dll
+ 2008-01-05 11:21:39 397,312 ----a-w C:\Windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6001.18000_none_c7e341e3fd9c6021\Microsoft.Transactions.Bridge.dll
+ 2008-01-05 11:26:19 110,592 ----a-w C:\Windows\winsxs\msil_microsoft.visualbasic.compatibility.data_b03f5f7f11d50a3a_6.0.6001.18000_none_5f3c77a31cd01b1f\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-05 11:26:23 372,736 ----a-w C:\Windows\winsxs\msil_microsoft.visualbasic.compatibility_b03f5f7f11d50a3a_6.0.6001.18000_none_ed64ab9095394f0d\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-05 11:26:23 28,672 ----a-w C:\Windows\winsxs\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6001.18000_none_f2d864b54c7ab8fb\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-05 11:26:23 671,744 ----a-w C:\Windows\winsxs\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.0.6001.18000_none_ad8d840201353725\Microsoft.VisualBasic.dll
+ 2008-01-05 11:26:24 12,800 ----a-w C:\Windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6001.18000_none_447bfcf6f298dd4c\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-05 11:26:23 32,768 ----a-w C:\Windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6001.18000_none_684f28063a216337\Microsoft.Vsa.dll
+ 2008-01-19 07:49:03 7,168 ----a-w C:\Windows\winsxs\msil_microsoft.web.administration.resources_31bf3856ad364e35_6.0.6001.18000_en-us_9c870bc43643ddb5\Microsoft.Web.Administration.resources.dll
+ 2008-01-19 07:38:37 126,976 ----a-w C:\Windows\winsxs\msil_microsoft.web.administration_31bf3856ad364e35_6.0.6001.18000_none_b6ddff1192aab950\Microsoft.Web.Administration.dll
+ 2008-01-19 07:49:04 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.web.manag..iisclient.resources_31bf3856ad364e35_6.0.6001.18000_en-us_4a577bc9b8dc5dc4\Microsoft.Web.Management.IisClient.resources.dll
+ 2008-01-19 07:49:04 69,632 ----a-w C:\Windows\winsxs\msil_microsoft.web.manag..netclient.resources_31bf3856ad364e35_6.0.6001.18000_en-us_968e4f675c8af2aa\Microsoft.Web.Management.AspnetClient.resources.dll
+ 2008-01-19 07:49:03 6,144 ----a-w C:\Windows\winsxs\msil_microsoft.web.manag..nt.aspnet.resources_31bf3856ad364e35_6.0.6001.18000_en-us_328805c19976771d\Microsoft.Web.Management.Aspnet.resources.dll
+ 2008-01-19 07:38:38 135,168 ----a-w C:\Windows\winsxs\msil_microsoft.web.management.aspnet_31bf3856ad364e35_6.0.6001.18000_none_eb43271052e9d396\Microsoft.Web.Management.Aspnet.dll
+ 2008-01-19 07:38:38 462,848 ----a-w C:\Windows\winsxs\msil_microsoft.web.management.aspnetclient_31bf3856ad364e35_6.0.6001.18000_none_f311eac54bee5d75\Microsoft.Web.Management.AspnetClient.dll
+ 2008-01-19 07:49:04 6,144 ----a-w C:\Windows\winsxs\msil_microsoft.web.management.iis.resources_31bf3856ad364e35_6.0.6001.18000_en-us_14bc075429351fe5\Microsoft.Web.Management.Iis.resources.dll
+ 2008-01-19 07:38:39 368,640 ----a-w C:\Windows\winsxs\msil_microsoft.web.management.iis_31bf3856ad364e35_6.0.6001.18000_none_2d8cdbced828e65c\Microsoft.Web.Management.Iis.dll
+ 2008-01-19 07:38:39 1,343,488 ----a-w C:\Windows\winsxs\msil_microsoft.web.management.iisclient_31bf3856ad364e35_6.0.6001.18000_none_91224f0afa35857d\Microsoft.Web.Management.IisClient.dll
+ 2008-01-19 07:49:04 77,824 ----a-w C:\Windows\winsxs\msil_microsoft.web.management.resources_31bf3856ad364e35_6.0.6001.18000_en-us_f22b05a90c7f80a6\Microsoft.Web.Management.resources.dll
+ 2008-01-19 07:38:38 999,424 ----a-w C:\Windows\winsxs\msil_microsoft.web.management_31bf3856ad364e35_6.0.6001.18000_none_c546a9d17cffba49\Microsoft.Web.Management.dll
+ 2008-01-19 07:49:05 1,499,136 ----a-w C:\Windows\winsxs\msil_miguicontrols.resources_31bf3856ad364e35_6.0.6001.18000_en-us_c5475f466458f62c\MIGUIControls.resources.dll
+ 2008-01-19 07:38:41 3,371,008 ----a-w C:\Windows\winsxs\msil_miguicontrols_31bf3856ad364e35_6.0.6001.18000_none_ae48d88e3c9b130d\MIGUIControls.dll
+ 2008-01-19 07:38:41 417,792 ----a-w C:\Windows\winsxs\msil_mmcex_31bf3856ad364e35_6.0.6001.18000_none_fbe83d6c5ec1e3f8\MMCEx.dll
+ 2008-01-19 07:49:05 4,096 ----a-w C:\Windows\winsxs\msil_mmcfxcommon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_531555896afbb159\MMCFxCommon.Resources.dll
+ 2008-01-19 07:38:45 65,536 ----a-w C:\Windows\winsxs\msil_napinit_31bf3856ad364e35_6.0.6001.18000_none_0c45cadda91be551\NAPINIT.DLL
+ 2008-01-19 07:49:07 245,760 ----a-w C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.0.6001.18000_en-us_cf5c0ca2f1fd3db6\napsnap.resources.dll
+ 2008-01-19 07:38:45 458,752 ----a-w C:\Windows\winsxs\msil_napsnap_31bf3856ad364e35_6.0.6001.18000_none_0c976545a8dfa0b7\NAPSNAP.DLL
+ 2008-01-05 11:21:52 602,112 ----a-w C:\Windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18000_none_9c207c8038985d30\PresentationBuildTasks.dll
+ 2008-01-05 11:21:52 32,768 ----a-w C:\Windows\winsxs\msil_presentationcffrasterizer_31bf3856ad364e35_6.0.6001.18000_none_411b95221732db54\PresentationCFFRasterizer.dll
+ 2008-01-05 11:21:53 36,864 ----a-w C:\Windows\winsxs\msil_presentationfontcache_31bf3856ad364e35_6.0.6001.18000_none_0dcad0cdb0346589\PresentationFontCache.exe
+ 2008-01-05 11:21:53 184,320 ----a-w C:\Windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6001.18000_none_194813026f99af3f\PresentationFramework.Aero.dll
+ 2008-01-05 11:21:53 131,072 ----a-w C:\Windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6001.18000_none_b05955e8e491ac88\PresentationFramework.Classic.dll
+ 2008-01-05 11:21:53 376,832 ----a-w C:\Windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6001.18000_none_1822ebe07043c6c2\PresentationFramework.Luna.dll
+ 2008-01-05 11:21:54 151,552 ----a-w C:\Windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6001.18000_none_9aab3f4f91447180\PresentationFramework.Royale.dll
+ 2008-01-05 11:21:55 897,024 ----a-w C:\Windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6001.18000_none_abaa94f83c87f33a\PresentationUI.dll
+ 2008-01-05 11:21:55 528,384 ----a-w C:\Windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6001.18000_none_41af57a40180b853\ReachFramework.dll
+ 2008-01-05 11:21:39 61,440 ----a-w C:\Windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6001.18000_none_4accbcc4fc066e73\ServiceModelReg.exe
+ 2008-01-05 11:21:39 102,400 ----a-w C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6001.18000_none_9e925418b0023859\SMdiagnostics.dll
+ 2008-01-05 11:21:39 122,880 ----a-w C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6001.18000_none_1259c6d45471c111\SMSvcHost.exe
+ 2008-01-05 11:26:54 110,592 ----a-w C:\Windows\winsxs\msil_sysglobl_b03f5f7f11d50a3a_6.0.6001.18000_none_d4dfe49f8a279ace\sysglobl.dll
+ 2008-01-05 11:26:54 81,920 ----a-w C:\Windows\winsxs\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6001.18000_none_8bc1571f78a66f19\System.Configuration.Install.dll
+ 2008-01-05 11:26:54 425,984 ----a-w C:\Windows\winsxs\msil_system.configuration_b03f5f7f11d50a3a_6.0.6001.18000_none_2b246afa36bbbbbe\System.configuration.dll
+ 2008-01-05 11:26:55 741,376 ----a-w C:\Windows\winsxs\msil_system.data.sqlxml_b77a5c561934e089_6.0.6001.18000_none_31783a71a4ffd46d\System.Data.SqlXml.dll
+ 2008-01-05 11:26:55 933,888 ----a-w C:\Windows\winsxs\msil_system.deployment_b03f5f7f11d50a3a_6.0.6001.18000_none_5ffb0cbb30f1400b\System.Deployment.dll
+ 2008-01-05 11:26:55 5,070,848 ----a-w C:\Windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.0.6001.18000_none_b54a0107031f6e7c\System.Design.dll
+ 2008-01-05 11:26:55 188,416 ----a-w C:\Windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6001.18000_none_af1a5067545e7e10\System.DirectoryServices.Protocols.dll
+ 2008-01-05 11:26:55 401,408 ----a-w C:\Windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6001.18000_none_569e450b3172a6c5\System.DirectoryServices.dll
+ 2008-01-05 11:26:55 81,920 ----a-w C:\Windows\winsxs\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6001.18000_none_1c0823d4b069a49a\System.Drawing.Design.dll
+ 2008-01-05 11:26:55 630,784 ----a-w C:\Windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.0.6001.18000_none_8f9330c1f0d495a8\System.Drawing.dll
+ 2008-01-05 11:21:38 126,976 ----a-w C:\Windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6001.18000_none_abef3efc739d46a1\System.IdentityModel.Selectors.dll
+ 2008-01-05 11:21:37 430,080 ----a-w C:\Windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6001.18000_none_1d5a6ed4440e8e0b\System.IdentityModel.dll
+ 2008-01-05 11:21:38 131,072 ----a-w C:\Windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6001.18000_none_84fd0eec20434ea0\System.IO.Log.dll
+ 2008-01-05 11:26:58 372,736 ----a-w C:\Windows\winsxs\msil_system.management_b03f5f7f11d50a3a_6.0.6001.18000_none_1f3571960c6c548b\System.Management.dll
+ 2008-01-05 11:26:58 258,048 ----a-w C:\Windows\winsxs\msil_system.messaging_b03f5f7f11d50a3a_6.0.6001.18000_none_2db2473723a20702\System.Messaging.dll
+ 2008-01-05 11:26:58 299,008 ----a-w C:\Windows\winsxs\msil_system.runtime.remoting_b77a5c561934e089_6.0.6001.18000_none_c5946d8c4532a895\System.Runtime.Remoting.dll
+ 2008-01-05 11:26:58 131,072 ----a-w C:\Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6001.18000_none_4812f05d23d05c74\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-05 11:21:39 929,792 ----a-w C:\Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.18000_none_d222c62fb8372cbf\System.Runtime.Serialization.dll
+ 2008-01-05 11:21:38 929,792 ----a-w C:\Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.18000_none_0265fbc9dfde2df2\System.Runtime.Serialization.dll
+ 2008-01-05 11:26:58 258,048 ----a-w C:\Windows\winsxs\msil_system.security_b03f5f7f11d50a3a_6.0.6001.18000_none_9c070e9dce4131e6\System.Security.dll
+ 2008-01-05 11:21:40 159,744 ----a-w C:\Windows\winsxs\msil_system.servicemodel.install_b77a5c561934e089_6.0.6001.18000_none_6ba234d036de24bb\System.ServiceModel.Install.dll
+ 2008-01-05 11:21:40 5,971,968 ----a-w C:\Windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.18000_none_6c65d22612b40635\System.ServiceModel.dll
+ 2008-01-05 11:21:40 32,768 ----a-w C:\Windows\winsxs\msil_system.servicemodel.washosting_b77a5c561934e089_6.0.6001.18000_none_be0f12d0e15ea75f\System.ServiceModel.WasHosting.dll
+ 2008-01-05 11:21:38 5,971,968 ----a-w C:\Windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6001.18000_none_a4ea4ff28aa57f2e\System.ServiceModel.dll
+ 2008-01-05 11:26:58 114,688 ----a-w C:\Windows\winsxs\msil_system.serviceprocess_b03f5f7f11d50a3a_6.0.6001.18000_none_54fddb057c94dd0e\System.ServiceProcess.dll
+ 2008-01-05 11:21:55 688,128 ----a-w C:\Windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.18000_none_09ecab3f8087f6d5\System.Speech.dll
+ 2008-01-05 11:26:59 884,736 ----a-w C:\Windows\winsxs\msil_system.web.mobile_b03f5f7f11d50a3a_6.0.6001.18000_none_d7f06c51d0196542\System.Web.Mobile.dll
+ 2008-01-05 11:26:59 90,112 ----a-w C:\Windows\winsxs\msil_system.web.regularexpressions_b03f5f7f11d50a3a_6.0.6001.18000_none_4d8acda41e800dc1\System.Web.RegularExpressions.dll
+ 2008-01-05 11:27:00 839,680 ----a-w C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_f2c59d87b2191ef0\System.Web.Services.dll
+ 2008-01-05 11:27:02 5,013,504 ----a-w C:\Windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6001.18000_none_30ebd8ea438a84a0\System.Windows.Forms.dll
+ 2008-01-05 11:22:14 1,152,040 ----a-w C:\Windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.18000_none_28a18f87536aba13\System.Workflow.Activities.dll
+ 2008-01-05 11:22:15 1,635,376 ----a-w C:\Windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18000_none_e8786c49d067c522\System.Workflow.ComponentModel.dll
+ 2008-01-05 11:22:15 578,592 ----a-w C:\Windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.18000_none_d81f265dbf5cdfe2\System.Workflow.Runtime.dll
+ 2008-01-05 11:27:03 2,068,480 ----a-w C:\Windows\winsxs\msil_system.xml_b77a5c561934e089_6.0.6001.18000_none_81a026374952e8f5\System.XML.dll
+ 2008-01-05 11:26:55 3,076,096 ----a-w C:\Windows\winsxs\msil_system_b77a5c561934e089_6.0.6001.18000_none_da8fcc115bf832a8\System.dll
+ 2008-01-19 07:39:26 163,840 ----a-w C:\Windows\winsxs\msil_taskscheduler_31bf3856ad364e35_6.0.6001.18000_none_14fd1dd83f56d37e\TaskScheduler.dll
+ 2008-01-05 11:21:56 163,840 ----a-w C:\Windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6001.18000_none_2125148e883f2d6c\UIAutomationClient.dll
+ 2008-01-05 11:22:00 372,736 ----a-w C:\Windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.18000_none_b6e15f268213fa93\UIAutomationClientsideProviders.dll
+ 2008-01-05 11:22:00 32,768 ----a-w C:\Windows\winsxs\msil_uiautomationprovider_31bf3856ad364e35_6.0.6001.18000_none_724d35ba7a1f69a8\UIAutomationProvider.dll
+ 2008-01-05 11:22:00 86,016 ----a-w C:\Windows\winsxs\msil_uiautomationtypes_31bf3856ad364e35_6.0.6001.18000_none_b88fd7d5125013f4\UIAutomationTypes.dll
+ 2008-01-05 11:22:00 1,204,224 ----a-w C:\Windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6001.18000_none_971eea732fa397b6\WindowsBase.dll
+ 2008-01-05 11:22:01 81,920 ----a-w C:\Windows\winsxs\msil_windowsformsintegration_31bf3856ad364e35_6.0.6001.18000_none_28deeeacce5ce8a6\WindowsFormsIntegration.dll
+ 2008-01-05 11:21:40 143,360 ----a-w C:\Windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6001.18000_none_08ddaa6db7814d8e\WsatConfig.exe
+ 2008-01-19 05:53:27 53,376 ----a-w C:\Windows\winsxs\x86_1394.inf_31bf3856ad364e35_6.0.6001.18000_none_fb2f569f05e7f212\1394bus.sys
+ 2008-01-19 05:53:33 61,952 ----a-w C:\Windows\winsxs\x86_1394.inf_31bf3856ad364e35_6.0.6001.18000_none_fb2f569f05e7f212\ohci1394.sys
+ 2008-01-19 05:53:31 45,696 ----a-w C:\Windows\winsxs\x86_61883.inf_31bf3856ad364e35_6.0.6001.18000_none_29fd63201f54f1c7\61883.sys
+ 2008-01-19 07:43:03 266,808 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.sys
+ 2008-01-19 07:41:39 28,216 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\battc.sys
+ 2008-01-19 07:41:25 20,792 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\compbatt.sys
+ 2008-01-19 05:32:49 6,656 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\errdev.sys
+ 2008-01-19 05:32:47 11,264 ----a-w C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\wmiacpi.sys
+ 2008-01-19 07:33:41 1,405,952 ----a-w C:\Windows\winsxs\x86_activecontentwizard_31bf3856ad364e35_6.0.6001.18000_none_e74e154d51cab93b\ActiveContentWizard.dll
+ 2008-01-19 07:33:00 81,408 ----a-w C:\Windows\winsxs\x86_acw_31bf3856ad364e35_6.0.6001.18000_none_7e59de1d1d1b8706\ACW.exe
+ 2008-01-19 07:43:20 422,968 ----a-w C:\Windows\winsxs\x86_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_01f13017b123de45\adp94xx.sys
+ 2008-01-19 07:43:08 300,600 ----a-w C:\Windows\winsxs\x86_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_643d7826859e582b\adpahci.sys
+ 2008-01-19 07:43:01 101,432 ----a-w C:\Windows\winsxs\x86_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_96e05187ab61b4e7\adpu160m.sys
+ 2008-01-19 07:42:18 149,560 ----a-w C:\Windows\winsxs\x86_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_98ad1f4d5c2efa14\adpu320.sys
+ 2008-01-19 07:42:35 61,496 ----a-w C:\Windows\winsxs\x86_agp.inf_31bf3856ad364e35_6.0.6001.18000_none_6c002146e0cbc529\GAGP30KX.SYS
+ 2008-01-19 07:42:32 59,448 ----a-w C:\Windows\winsxs\x86_agp.inf_31bf3856ad364e35_6.0.6001.18000_none_6c002146e0cbc529\UAGP35.SYS
+ 2008-01-19 07:42:39 79,416 ----a-w C:\Windows\winsxs\x86_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_1fe03d43c7d9a299\arc.sys
+ 2008-01-19 07:42:40 79,928 ----a-w C:\Windows\winsxs\x86_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_1af7e8a288f6519e\arcsas.sys
+ 2008-01-05 11:25:53 36,864 ----a-w C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6001.18000_none_18c71daa5890d6a7\aspnet_compiler.exe
+ 2008-01-05 11:25:56 24,576 ----a-w C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6001.18000_none_096805b31912ad6d\aspnet_regbrowsers.exe
+ 2008-01-05 11:25:56 106,496 ----a-w C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.0.6001.18000_none_4fda1739bc34667e\aspnet_regsql.exe
+ 2008-01-19 05:53:31 40,448 ----a-w C:\Windows\winsxs\x86_avc.inf_31bf3856ad364e35_6.0.6001.18000_none_ac594d67921e177d\avc.sys
+ 2008-01-19 05:53:26 14,208 ----a-w C:\Windows\winsxs\x86_avc.inf_31bf3856ad364e35_6.0.6001.18000_none_ac594d67921e177d\avcstrm.sys
+ 2008-01-19 07:41:39 28,216 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6001.18000_none_162792ec53d025b0\battc.sys
+ 2008-01-19 05:32:47 14,208 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6001.18000_none_162792ec53d025b0\CmBatt.sys
+ 2008-01-19 05:32:49 21,504 ----a-w C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.0.6001.18000_none_162792ec53d025b0\hidbatt.sys
+ 2008-01-19 05:53:30 12,288 ----a-w C:\Windows\winsxs\x86_bda.inf_31bf3856ad364e35_6.0.6001.18000_none_0274b0ffc0f041dc\BdaSup.sys
+ 2008-01-19 07:38:12 144,384 ----a-w C:\Windows\winsxs\x86_bdatunepia_31bf3856ad364e35_6.0.6001.18000_none_69ed43408a28ff54\BDATunePIA.dll
+ 2008-01-19 05:30:07 45,568 ----a-w C:\Windows\winsxs\x86_blbdrive.inf_31bf3856ad364e35_6.0.6001.18000_none_8d73a758c72875d7\blbdrive.sys
+ 2006-11-02 08:24:45 13,568 ----a-w C:\Windows\winsxs\x86_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_23f15dd347b6b64f\BrFiltLo.sys
+ 2006-11-02 08:24:46 5,248 ----a-w C:\Windows\winsxs\x86_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_23f15dd347b6b64f\BrFiltUp.sys
+ 2008-01-19 05:53:35 219,648 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18000_none_7244c43bbb913795\bthport.sys
+ 2008-01-19 05:53:36 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18000_none_7244c43bbb913795\BTHUSB.SYS
+ 2006-11-02 09:45:11 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18000_none_7244c43bbb913795\fsquirt.exe
+ 2008-01-19 05:53:44 92,160 ----a-w C:\Windows\winsxs\x86_bthpan.inf_31bf3856ad364e35
I think the combofix log was too long so here's the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:47, on 10/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADBA7194-C061-4D31-AFB8-DF7783216D78}: NameServer = 85.255.113.140,85.255.112.93
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdixy.exe
--
End of file - 6516 bytes
Any reason why you ran it twice when I requested that it be run once? Whatever was deleted on the first run does not show in the log :(.
==
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.
C:\Windows\system32\kdixy.exe
==
For some reason I can't upload the file to either source. Both say that the size of the file is 0kb and a firewall might be blocking. After disabling all firewall related programs, it still wouldn't upload. I tried using the VirusTotal uploader program, which didn't work as well. As well I attempted to email the file to VirusTotal and got a windows error that read "Cannot find this file. Verify the path and file name are correct." A web search of the file name is turning up nothing as well.
Any reason why you ran it twice when I requested that it be run once? Whatever was deleted on the first run does not show in the log :(.
==
Can you please do the following.
===============
Scan withHijackThis and then place a check next to all the following, if present:
O13 - Gopher Prefix:
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdixy.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
KillAll::
File::
C:\Windows\system32\kdixy.exeNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Save the above as CFScript.txt
4. Physically disconnect from the internet.
5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix 08-10-07.03 - Nick Karambelas 2008-10-07 15:06:56.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2891 [GMT -7:00]
Running from: C:\Users\Nick Karambelas\Desktop\ComboFix.exe
Command switches used :: C:\Users\Nick Karambelas\Desktop\CFScript.txt
FILE ::
C:\Windows\system32\kdixy.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\kdixy.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-04 14:26 . 2008-10-04 14:26 <DIR> d-------- C:\Users\Nick Karambelas\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-02 16:36 . 2008-10-04 18:02 <DIR> d-------- C:\fixwareout
2008-10-02 15:32 . 2008-10-02 15:32 <DIR> d-------- C:\Windows\nvtmpinst
2008-10-02 13:01 . 2008-10-02 13:01 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-10-02 13:01 . 2008-10-02 13:01 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-02 13:01 . 2008-10-02 13:01 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-02 13:01 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-10-02 13:01 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-30 19:37 . 2008-09-30 19:36 130,104 --a------ C:\Windows\System32\sdccoinstaller.dll
2008-09-30 19:36 . 2008-09-30 19:36 85,312 --a------ C:\Windows\System32\drivers\savonaccess.sys
2008-09-30 19:36 . 2008-09-30 19:36 20,288 --a------ C:\Windows\System32\drivers\SophosBootDriver.sys
2008-09-30 17:58 . 2008-09-30 19:06 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-29 15:45 . 2008-09-29 15:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 00:12 . 2008-09-30 13:18 <DIR> d-------- C:\Users\All Users\SecTaskMan
2008-09-26 00:12 . 2008-09-30 13:18 <DIR> d-------- C:\ProgramData\SecTaskMan
2008-09-24 18:35 . 2008-09-30 13:17 <DIR> d-------- C:\Program Files\Panda Security
2008-09-21 22:39 . 2008-09-21 22:39 <DIR> d-------- C:\Program Files\Sun
2008-09-21 22:09 . 2008-09-21 22:28 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-21 22:09 . 2008-09-21 22:28 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-21 22:09 . 2008-09-21 22:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-21 22:09 . 2008-09-21 22:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-17 17:45 . 2008-09-17 17:45 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-09-17 17:45 . 2008-09-30 19:36 23,552 --a------ C:\Windows\System32\sophosboottasks.exe
2008-09-17 17:44 . 2008-09-17 17:44 82,432 --a------ C:\Windows\System32\msxml4r.dll
2008-09-17 17:43 . 2008-09-17 18:45 <DIR> d-------- C:\Users\All Users\Sophos
2008-09-17 17:43 . 2008-05-06 14:52 <DIR> d-------- C:\SAV7
2008-09-17 17:43 . 2008-09-17 18:45 <DIR> d-------- C:\ProgramData\Sophos
2008-09-17 17:43 . 2008-09-17 18:45 <DIR> d-------- C:\Program Files\Sophos
2008-09-17 17:41 . 2008-09-17 17:41 <DIR> d-------- C:\temp\SAV7
2008-09-15 17:10 . 2008-10-06 15:58 <DIR> d-------- C:\Users\Nick Karambelas\DC++
2008-09-12 18:03 . 2008-09-12 18:03 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-09-12 18:03 . 2008-09-12 18:03 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-09-12 18:03 . 2008-09-12 18:09 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-09-12 17:54 . 2008-09-12 18:07 <DIR> d-------- C:\Program Files\Mass Effect
2008-09-09 14:01 . 2008-07-30 16:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 14:01 . 2008-07-30 20:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-09 14:01 . 2008-06-25 20:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 14:01 . 2008-07-30 20:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 07:26 --------- d-----w C:\Users\Nick Karambelas\AppData\Roaming\LimeWire
2008-10-06 22:56 --------- d-----w C:\Users\Nick Karambelas\AppData\Roaming\Azureus
2008-10-05 19:50 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 23:27 --------- d-----w C:\ProgramData\NVIDIA
2008-10-02 20:01 --------- d-----w C:\Program Files\iTunes
2008-10-02 20:01 --------- d-----w C:\Program Files\iPod
2008-10-02 19:59 --------- d-----w C:\Program Files\Bonjour
2008-10-02 19:58 --------- d-----w C:\Program Files\quicktime
2008-10-02 19:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-02 19:57 --------- d-----w C:\Program Files\Apple Software Update
2008-09-22 05:39 --------- d-----w C:\Program Files\java
2008-09-18 21:49 --------- d-----w C:\Program Files\AMD
2008-09-18 00:40 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-09-10 06:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-10 06:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-03 22:52 --------- d-----w C:\Program Files\Audacity
2008-09-02 00:59 --------- d-----w C:\Program Files\DC++
2008-08-28 18:46 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-08-28 05:27 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-28 05:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 21:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-23 18:21 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-08-23 18:21 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-08-23 18:21 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-08-23 18:21 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-08-23 18:21 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-08-23 18:21 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-08-23 18:21 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-08-23 18:21 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-08-23 18:10 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-23 18:08 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-08-23 17:43 --------- d-----w C:\ProgramData\DVD Shrink
2008-08-23 17:43 --------- d-----w C:\Program Files\DVD Shrink
2008-08-22 19:44 --------- d-----w C:\ProgramData\Avg7
2008-08-22 19:29 --------- d-----w C:\Users\Nick Karambelas\AppData\Roaming\Malwarebytes
2008-08-22 19:29 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-22 19:18 --------- d-----w C:\ProgramData\Grisoft
2008-08-21 20:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 20:08 --------- d-----w C:\Program Files\MSBuild
2008-08-21 19:23 174 --sha-w C:\Program Files\desktop.ini
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Defender
2008-08-21 19:19 --------- d-----w C:\Program Files\Windows Calendar
2008-08-21 19:19 --------- d-----w C:\Program Files\BitLocker
2008-08-21 19:16 --------- d-----w C:\Program Files\ffdshow
2008-08-21 19:10 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-08-21 19:10 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-08-21 19:10 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-08-21 19:10 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-08-21 19:10 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-08-21 19:09 81,592 ----a-w C:\Windows\system32\drivers\sbp2port.sys
2008-08-21 19:09 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-08-21 19:09 2,923,520 ----a-w C:\Windows\explorer.exe
2008-08-21 19:09 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-08-21 19:09 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-08-21 19:08 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-21 19:04 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-08-21 19:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-08-21 19:01 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-08-21 19:01 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-08-21 19:01 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-08-21 19:00 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-08-21 19:00 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-08-21 19:00 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-08-21 19:00 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-08-21 19:00 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-08-21 19:00 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-08-21 18:58 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-08-21 18:58 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-08-21 18:58 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-08-21 18:58 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-08-21 18:58 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-08-21 18:58 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-08-21 18:57 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-08-21 18:57 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-08-21 18:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-08-21 18:50 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2008-08-21 18:50 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-08-21 18:49 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-08-21 18:49 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-08-21 18:49 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-08-21 18:49 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-08-21 18:49 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-08-21 18:49 --------- d-----w C:\ProgramData\Azureus
2008-08-21 18:48 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-08-21 18:48 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-08-21 18:43 --------- d-----w C:\Users\Nick Karambelas\AppData\Roaming\Apple Computer
2008-08-21 18:43 --------- d-----w C:\ProgramData\Apple Computer
2008-08-21 18:39 --------- d-----w C:\ProgramData\Apple
2008-08-21 17:12 --------- d-----w C:\Program Files\Ubisoft
2008-08-21 17:06 --------- d-----w C:\Program Files\Sierra Entertainment
2008-08-21 17:06 --------- d-----w C:\Program Files\OCCT
2008-08-21 17:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-21 17:05 --------- d-----w C:\Program Files\Microsoft Works
2008-08-21 17:05 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-21 17:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 17:04 --------- d-----w C:\Program Files\Microsoft Games
2008-08-21 17:04 --------- d-----w C:\Program Files\LimeWire
2008-08-21 17:04 --------- d-----w C:\Program Files\iDump
.
((((((((((((((((((((((((((((( snapshot_2008-10-06_ 9.50.22.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 02:02:28 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 14:00:00 28,672 ----a-w C:\Windows\Nircmd.exe
+ 2000-08-31 15:00:00 28,672 ----a-w C:\Windows\Nircmd.exe
- 2008-10-06 15:46:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-07 22:10:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-06 15:41:30 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-07 22:10:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2000-08-31 14:00:00 161,792 ----a-w C:\Windows\swreg.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\Windows\swreg.exe
- 2008-10-06 15:46:59 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-07 22:06:44 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-10-06 15:46:46 104,662 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-07 21:05:51 104,662 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-06 15:46:46 621,314 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-07 21:05:51 621,314 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-06 15:42:24 7,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3312959801-2069077902-2715544259-1000_UserData.bin
+ 2008-10-07 22:07:01 7,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3312959801-2069077902-2715544259-1000_UserData.bin
- 2008-10-06 15:42:24 57,810 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-07 22:07:01 57,818 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-06 15:42:23 33,184 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-07 22:06:59 33,372 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
2008-09-30 19:36 240696 --a------ C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-21 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2008-01-25 196128]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-25 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 C:\Windows\SkyTel.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-08-10 245760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A25B6D1B-4AA5-4210-B60F-89372F4EB94B}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{17808508-916C-47EE-98CE-916E9F35E6EB}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{800E6FCC-0EB7-4873-AC91-CB549D29611B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{335BDDCF-1A02-4C4D-A49F-F1CAA8128C2D}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{D37A8D80-111C-4752-B088-F64852CAA28B}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{F25B4655-0E44-4264-B8F8-79D946744F1D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{38463D17-57F8-49B3-AEE5-0EDD5FA40026}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{4BF3BF7B-DCBF-430D-BE31-939FE16909CA}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{4A6D6FBC-B20D-4C90-801F-49727E10276B}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"{991F102D-E795-4275-906C-B84F250CC5B9}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{33F23F9F-E0A0-4EA7-A769-A6AC521A1516}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{2AD9CC4D-DDD1-4A63-A518-2861A33908AE}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{682A464E-203D-4ADC-B179-BE7B053FDADA}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{9AE5C673-66A8-4A0C-BD0E-2CA2FA023A0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F3A763FB-954A-4690-BAEC-F4AEF534D083}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{0B5F2379-3C29-4C02-8290-A690A518E439}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8B236A1E-1C4A-4271-8186-F1BEF550F5F6}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2008-01-25 132128]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys [2008-09-30 85312]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-03-22 43552]
S2 Windows Tribute Service;Windows Tribute Service;C:\Windows\system32\kdixy.exe [ ]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 20288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f65aa69-6ea2-11dd-b0ec-806e6f6e6963}]
\shell\AutoRun\command - D:\SETUP.EXE
\shell\configure\command - D:\SETUP.EXE
\shell\install\command - D:\SETUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 15:10:07
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ComboFix\pv.cfexe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-10-07 15:12:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 22:12:09
ComboFix2.txt 2008-10-06 15:50:55
ComboFix3.txt 2008-08-27 00:18:16
ComboFix4.txt 2008-08-26 19:49:57
Pre-Run: 324,315,164,672 bytes free
Post-Run: 324,256,067,584 bytes free
279 --- E O F --- 2008-09-19 22:29:04
And new HJT::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:50, on 10/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdixy.exe (file missing)
--
End of file - 4907 bytes
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.