Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mixer.exe taking 1GB+ of memory [CLOSED]

Started by Shadowdreamer , May 04 2008 03:51 AM

  • This topic is locked This topic is locked

#1
Shadowdreamer
Posted 04 May 2008 - 03:51 AM

Shadowdreamer

    Member

  • Member
  • PipPip
  • 16 posts
Just noticed my mixer process is running at over 1GB of memory. Now this could just be a leak however I know that the file can be overwritten by viruses so if someone could have a look at the below and let me know their thoughts it would be great.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:24, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
E:\Program Files\Network Associates\VirusScan\Mcshield.exe
E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ULiRaid\ULiRaid.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\Mixer.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
E:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [Symantec Backup Exec System Recovery 6.5] "C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [i] C:\WINDOWS\system32\i.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe
O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://lonapps02.lon...om/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1164281001046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164281105671
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...ploader_uni.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://lonapps01.lon...n.com/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3F3B894-B334-43C2-B248-287849A92A3D}: NameServer = 192.168.0.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backup Exec System Recovery - Symantec Corporation - C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - E:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (ydislyora8oae9r) - Unknown owner - C:\WINDOWS\system32\i.exe (file missing)

--
End of file - 10846 bytes
  • 0

Advertisements

#2
greyknight17
Posted 04 May 2008 - 04:38 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [i] C:\WINDOWS\system32\i.exe
O23 - Service: Print Spooler Service (ydislyora8oae9r) - Unknown owner - C:\WINDOWS\system32\i.exe (file missing)

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop ydislyora8oae9r
sc delete ydislyora8oae9r
del delete.bat

Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\i.exe

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
Shadowdreamer
Posted 04 May 2008 - 05:13 PM

Shadowdreamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Carried out the above and combofix log copied below:

ComboFix 08-05-01.3 - Iubi 2008-05-05 0:05:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1596 [GMT 1:00]
Running from: C:\Documents and Settings\Iubi\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 18:42 . 2008-05-04 18:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-29 19:19 . 2008-04-29 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-04-29 18:28 . 2008-04-29 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-04-28 18:07 . 2008-04-28 18:04 13,527,773,965 --a------ C:\AgeOfConan_FilePlanet.zip
2008-04-28 06:36 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-04-28 06:36 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-04-28 06:36 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-04-28 06:36 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-04-28 06:36 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-04-28 06:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-27 23:12 . 2008-04-27 23:12 <DIR> d-------- C:\Program Files\iPod
2008-04-27 23:12 . 2008-05-04 14:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-27 23:12 . 2008-04-27 23:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 23:10 . 2008-04-27 23:11 <DIR> d-------- C:\Program Files\QuickTime
2008-04-08 21:22 . 2008-04-08 21:22 <DIR> d-------- C:\Deckard
2008-04-08 21:03 . 2008-04-08 21:03 <DIR> d-------- C:\Documents and Settings\Iubi\Application Data\Malwarebytes
2008-04-08 21:02 . 2008-04-08 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 08:02 . 2008-04-08 08:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 22:29 . 2008-04-07 22:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-07 06:00 . 2008-04-08 19:21 <DIR> d-------- C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons
2008-04-07 01:45 . 2008-04-07 01:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-07 01:42 . 2008-04-09 06:59 <DIR> d-------- C:\Program Files\Google
2008-04-07 01:34 . 2008-04-08 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 01:28 . 2008-04-07 01:28 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-07 01:08 . 2008-04-07 01:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-07 01:07 . 2008-04-07 01:07 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-07 01:07 . 2008-05-05 00:04 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-07 00:31 . 2008-04-08 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gdmfsbmj

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 23:07 --------- d-----w C:\Documents and Settings\Iubi\Application Data\uTorrent
2008-05-04 23:05 --------- d-----w C:\Program Files\FlashGet
2008-05-04 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 17:43 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-29 18:44 --------- d-----w C:\Program Files\uTorrent
2008-04-28 16:33 --------- d-----w C:\Program Files\Apple Software Update
2008-04-28 05:36 --------- d-----w C:\Documents and Settings\Iubi\Application Data\IGN_DLM
2008-04-27 17:30 --------- d-----w C:\Program Files\DivX
2008-04-09 05:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 22:26 --------- d-----w C:\Program Files\Lavasoft
2008-04-08 22:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-08 22:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-23 01:41 --------- d-----w C:\Documents and Settings\Iubi\Application Data\Ascaron Entertainment
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-14 20:24 --------- d-----w C:\Program Files\Java
2008-03-12 22:26 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-11 20:58 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-06 07:47 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-06 07:47 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-23 13:12 22,328 ----a-w C:\Documents and Settings\Iubi\Application Data\PnkBstrK.sys
2007-01-16 23:22 382 ------w C:\Documents and Settings\Iubi\Application Data\internaldb1942.dat
2007-01-16 23:21 49 ------w C:\Documents and Settings\Iubi\Application Data\internaldb41.dat
2007-01-16 23:21 20,480 ------w C:\Documents and Settings\Iubi\Application Data\internaldb4827.dat
2007-01-16 23:21 151 ------w C:\Documents and Settings\Iubi\Application Data\internaldb292.dat
2007-01-16 23:21 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb2391.dat
2007-01-16 23:16 9,216 ------w C:\Documents and Settings\Iubi\Application Data\internaldb8467.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb6334.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb5436.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb4604.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb3902.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb153.dat
2006-11-25 22:43 774,144 ------w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_20.27.08.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-03-31 12:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 01:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
- 2008-03-11 20:11:17 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-05-04 17:42:25 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-03-11 20:11:17 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-05-04 17:42:25 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-03-11 20:11:18 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-05-04 17:42:25 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-03-11 20:11:08 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:14 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:10 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:16 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:11 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:17 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:12 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:17 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:12 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:18 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:13 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:19 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:14 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:20 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:15 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:21 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:15 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:22 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:18 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-05-04 17:42:26 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-03-11 20:11:19 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-05-04 17:42:26 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-03-11 20:11:19 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-05-04 17:42:26 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-03-11 20:11:19 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-05-04 17:42:27 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-03-11 20:11:20 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-05-04 17:42:27 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-03-11 20:11:16 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-04 17:42:23 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-04 12:23:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-03-03 10:46:36 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\inotes6W.dll
+ 2006-03-03 09:46:36 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\inotes6W.dll
+ 2007-01-22 16:05:06 2,977 ------w C:\WINDOWS\hphmdl13.dat
+ 2008-04-27 22:04:48 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-04-27 11:21:43 57,344 ----a-r C:\WINDOWS\Installer\{3648253A-C2C4-4CFB-8BE5-381D1C638B94}\NewShortcut8_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-04-27 12:43:49 10,134 ----a-r C:\WINDOWS\Installer\{3BD633E0-4BF8-4499-9149-88F0767D449C}\ARPPRODUCTICON.exe
+ 2008-04-27 22:12:45 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-04-27 14:33:11 10,134 ----a-r C:\WINDOWS\Installer\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\ARPPRODUCTICON.exe
- 2008-03-21 00:03:29 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-09 06:09:47 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-21 00:03:29 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-09 06:09:47 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-21 00:03:29 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-09 06:09:47 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-21 00:03:29 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-09 06:09:47 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-21 00:03:30 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-09 06:09:47 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-21 00:03:30 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-09 06:09:47 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-21 00:03:30 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-09 06:09:47 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-21 00:03:30 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-09 06:09:47 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-21 00:03:29 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-09 06:09:47 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-21 00:03:29 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-09 06:09:47 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-21 00:03:30 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-09 06:09:47 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-21 00:03:29 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-09 06:09:47 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-21 00:03:29 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-09 06:09:47 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-12-10 21:31:45 2,862 ------r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\Readme_icon.exe
+ 2006-12-10 21:31:45 2,862 ------r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\Uninstall_icon.exe
+ 2007-03-12 16:42:30 1,123,696 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_33.dll
+ 2007-05-16 16:45:16 1,124,720 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_34.dll
+ 2007-07-19 18:14:42 1,358,192 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_35.dll
+ 2007-03-15 16:57:58 443,752 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_33.dll
+ 2007-05-16 16:45:16 443,752 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_34.dll
+ 2007-07-19 18:14:42 444,776 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_35.dll
+ 2005-02-05 19:45:26 2,222,800 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_24.dll
+ 2005-03-18 17:19:58 2,337,488 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_25.dll
+ 2005-05-26 15:34:52 2,297,552 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_26.dll
+ 2005-07-22 19:59:04 2,319,568 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_27.dll
+ 2005-12-05 18:09:18 2,323,664 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_28.dll
+ 2006-02-03 08:43:16 2,332,368 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_29.dll
+ 2006-03-31 12:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
+ 2006-09-28 16:05:20 2,414,360 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_31.dll
+ 2006-11-29 13:06:18 3,426,072 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_32.dll
+ 2007-03-12 16:42:30 3,495,784 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_33.dll
+ 2007-05-16 16:45:16 3,497,832 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_34.dll
+ 2007-07-19 18:14:42 3,727,720 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_35.dll
+ 2006-02-03 08:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2007-03-05 12:42:18 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll
+ 2007-10-22 03:37:16 17,928 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_2.dll
+ 2006-02-03 08:42:06 230,096 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_0.dll
+ 2006-03-31 12:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
+ 2006-05-31 07:24:16 230,168 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_2.dll
+ 2006-07-28 09:30:32 236,824 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_3.dll
+ 2006-09-28 16:05:56 237,848 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_4.dll
+ 2006-12-08 12:02:00 251,672 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_5.dll
+ 2007-01-24 15:27:30 255,848 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_6.dll
+ 2007-04-04 18:55:00 261,480 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_7.dll
+ 2007-06-20 20:46:04 266,088 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_8.dll
+ 2007-07-20 00:57:12 267,112 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_9.dll
+ 2006-03-31 12:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
+ 2006-07-28 09:30:14 62,744 ----a-w C:\WINDOWS\LastGood\system32\xinput1_2.dll
+ 2007-04-04 18:53:42 81,768 ----a-w C:\WINDOWS\LastGood\system32\xinput1_3.dll
+ 2005-12-05 18:07:30 61,136 ----a-w C:\WINDOWS\LastGood\system32\xinput9_1_0.dll
+ 2007-10-11 09:55:14 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2004-08-04 08:07:21 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2003-03-31 12:00:00 2,000 ------w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 12:00:00 2,032 ------w C:\WINDOWS\system\MOUSE.DRV
+ 2003-03-31 12:00:00 1,744 ------w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 12:00:00 2,176 ------w C:\WINDOWS\system\VGA.DRV
+ 2005-01-28 14:14:22 2,655 ------w C:\WINDOWS\system32\arccsel.dat
- 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-12-07 00:44:30 151,040 ------w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:32:03 151,040 ------w C:\WINDOWS\system32\cdfview.dll
- 2007-12-07 00:44:32 1,054,208 ------w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:32:03 1,054,208 ------w C:\WINDOWS\system32\danim.dll
+ 2004-08-04 08:07:21 1,788 ------w C:\WINDOWS\system32\dcache.bin
- 2007-12-07 00:44:30 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-12-07 00:44:30 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:32:03 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-12-07 00:44:32 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 09:32:03 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-07 00:44:33 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 00:44:33 205,824 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 00:44:33 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 09:32:04 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-06 10:05:52 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:07:53 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-12-07 00:44:33 251,904 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 09:32:04 251,904 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-12-07 00:44:33 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 09:32:04 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 00:44:33 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 -c----w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2003-03-31 12:00:00 2,560 -c----w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2003-03-31 12:00:00 2,032 -c----w C:\WINDOWS\system32\dllcache\mouse.drv
- 2007-12-07 00:44:35 3,066,368 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 00:44:36 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 00:44:36 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 09:32:06 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 00:44:36 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 09:32:07 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2003-03-31 12:00:00 2,944 -c----w C:\WINDOWS\system32\dllcache\null.sys
- 2007-09-17 00:07:00 6,853,088 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2007-12-05 00:41:00 7,435,392 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
- 2007-12-07 00:44:36 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 00:44:37 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-12-07 00:44:38 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 -c----w C:\WINDOWS\system32\dllcache\sound.drv
- 2007-12-07 00:44:39 617,984 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 09:32:08 618,496 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2003-03-31 12:00:00 2,176 -c----w C:\WINDOWS\system32\dllcache\vga.drv
- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 00:44:39 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 09:32:09 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c----w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c----w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2003-03-31 12:00:00 2,736 -c----w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2006-09-19 15:44:04 15,664 ------w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 11:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2003-03-31 12:00:00 2,944 ------w C:\WINDOWS\system32\drivers\null.sys
- 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 00:44:33 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:32:04 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-03-12 22:56:16 245,512 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-29 18:42:45 246,312 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-10-03 18:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 11:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-12-07 00:44:33 96,256 ------w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:32:04 96,256 ------w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 00:44:33 16,384 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 ------w C:\WINDOWS\system32\keyboard.drv
- 2007-10-05 14:25:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
+ 2007-12-05 00:41:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
+ 2003-03-31 12:00:00 2,560 ------w C:\WINDOWS\system32\lz32.dll
+ 2003-03-31 12:00:00 2,032 ------w C:\WINDOWS\system32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 00:44:36 146,432 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:32:06 146,432 ------w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 00:44:36 532,480 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:32:07 532,480 ------w C:\WINDOWS\system32\mstime.dll
+ 2003-03-31 12:00:00 2,656 ------w C:\WINDOWS\system32\netware.drv
- 2007-10-05 14:25:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
+ 2007-12-05 00:41:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
- 2007-10-05 14:25:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
+ 2007-12-05 00:41:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
- 2007-09-17 00:07:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
+ 2007-12-05 00:41:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
- 2007-06-28 23:43:00 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
+ 2007-12-05 00:41:00 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
+ 2007-12-05 00:41:00 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
- 2007-06-28 23:43:00 5,455,872 ----a-w C:\WINDOWS\system32\nvdispsr.dll
+ 2007-12-05 00:41:00 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
- 2007-10-05 14:25:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
+ 2007-12-05 00:41:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
- 2007-09-17 00:07:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
+ 2007-12-05 00:41:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
- 2007-06-28 23:43:00 3,072,000 ----a-w C:\WINDOWS\system32\nvgamesr.dll
+ 2007-12-05 00:41:00 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
- 2007-10-05 14:25:00 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
+ 2007-12-05 00:41:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
- 2007-10-05 14:25:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
+ 2007-12-05 00:41:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
- 2007-06-28 23:43:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
+ 2007-12-05 00:41:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
- 2007-06-28 23:43:00 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
+ 2007-12-05 00:41:00 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
- 2007-10-05 14:25:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
+ 2007-12-05 00:41:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
- 2007-06-29 00:54:52 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
+ 2007-12-05 00:41:00 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
- 2007-06-29 00:54:52 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
+ 2007-12-05 01:53:08 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
- 2007-06-28 23:43:00 3,600,384 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
+ 2007-12-05 00:41:00 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
- 2007-10-05 14:25:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
+ 2007-12-05 00:41:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
- 2007-10-05 14:25:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
+ 2007-12-05 00:41:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
- 2007-06-28 23:43:00 2,416,640 ----a-w C:\WINDOWS\system32\nvwssr.dll
+ 2007-12-05 00:41:00 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
- 2007-10-05 14:25:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
+ 2007-12-05 00:41:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
- 2008-04-08 18:25:52 72,550 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-04 13:07:17 72,550 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-08 18:25:52 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-04 13:07:17 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 ------w C:\WINDOWS\system32\sound.drv
- 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2005-04-27 23:15:45 2,560 ------w C:\WINDOWS\system32\usmt\iconlib.dll
- 2004-08-04 07:56:46 417,792 ------w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2003-03-31 12:00:00 2,176 ------w C:\WINDOWS\system32\vga.drv
+ 2003-03-31 12:00:00 2,864 ------w C:\WINDOWS\system32\winsock.dll
+ 2003-03-31 12:00:00 2,112 ------w C:\WINDOWS\system32\winspool.exe
+ 2003-03-31 12:00:00 2,736 ------w C:\WINDOWS\system32\wowdeb.exe
- 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-05-04 12:23:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_740.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 05:21 4687352]
"igndlm.exe"="E:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 14:57 1103480]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-31 19:07 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ShStatEXE"="E:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39 461584]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 17:49 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 18:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [ ]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 19:06 110592 C:\WINDOWS\system32\ulutil2.dll]
"Symantec Backup Exec System Recovery 6.5"="C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" [2006-06-26 18:02 1509016]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-01-12 15:17 466944]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 15:25 8491008]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 1581056 C:\WINDOWS\mixer.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 15:25 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link REG Utility.lnk - C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe [2006-11-23 12:11:32 28672]
DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk - C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe [2006-11-23 12:11:32 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcWzrd"=ALCWZRD.EXE
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Alcmtr"=ALCMTR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"E:\\Program Files\\LimeWire\\LimeWire.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"E:\\The Lord of the Rings Online\\lotroclient.exe"=
"E:\\Program Files\\Cyanide\\Chaos-League SD\\ChaosLeagueEx.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Etherlords II\\Etherlords2.exe"=
"E:\\Two Worlds\\TwoWorlds.exe"=
"E:\\Two Worlds\\TwoWorlds_RADEON.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Games\\Genesis Rising\\bin\\GenesisRising.exe"=

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 15:25]
R0 m5288;m5288;C:\WINDOWS\system32\drivers\m5288.sys [2005-12-23 23:54]
R0 ulipnp;ULi PnP Driver;C:\WINDOWS\system32\drivers\ulipnp.sys [2005-12-30 12:20]
R0 ulsata2;ulsata2;C:\WINDOWS\system32\DRIVERS\ulsata2.sys [2006-04-06 18:52]
R2 Backup Exec System Recovery;Backup Exec System Recovery;C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [2006-06-26 18:02]
R2 FileVol;FileVol;C:\WINDOWS\system32\drivers\FileVol.sys [2006-06-26 18:02]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]
S2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys []
S3 AR5513;%ATHER.Service.DispName%;C:\WINDOWS\system32\DRIVERS\ar5513.sys [2005-09-13 07:48]
S3 mdxgthkn;mdxgthkn;C:\DOCUME~1\Iubi\LOCALS~1\Temp\mdxgthkn.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 21:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 00:08:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-05 0:11:48
ComboFix-quarantined-files.txt 2008-05-04 23:10:45
ComboFix2.txt 2008-04-08 19:27:39

Pre-Run: 48,809,820,160 bytes free
Post-Run: 49,522,388,992 bytes free

490 --- E O F --- 2008-04-09 06:10:19
  • 0

#4
greyknight17
Posted 04 May 2008 - 05:22 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
mdxgthkn
Folder::
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons
C:\Documents and Settings\All Users\Application Data\gdmfsbmj

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#5
Shadowdreamer
Posted 05 May 2008 - 02:19 AM

Shadowdreamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
COmbofix ran VERY slowly, took ages to generate the log file which is pasted below. Other than that I think the machine has been running sluggishly for a while. Doesn't appear to be much change so far but its hard to tell.

ComboFix 08-05-01.3 - Iubi 2008-05-05 1:33:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1629 [GMT 1:00]
Running from: C:\Documents and Settings\Iubi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Iubi\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\gdmfsbmj
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\µTorrent.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Battle for Wesnoth.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Caesar 3.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Cash.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\CureROM.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Darkstar One.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Download Manager.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Etherlords II.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Fantasy Wars.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Galactic Assault - Prisoner of power.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\HijackThis.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Launch GameShadow.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\LimeWire 4.12.6.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Return to Mysterious Island.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Spybot - Search & Destroy.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Teamspeak 2 RC2.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Teamspeak RC2.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\The Bard's Tale.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\The Lord of the Rings Online.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Traitors Gate 2.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\Two Worlds.lnk
C:\Documents and Settings\Iubi\Application Data\TmpRecentIcons\UFO Aftermath.lnk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MDXGTHKN
-------\Service_mdxgthkn


((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-04-29 19:19 . 2008-04-29 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-04-29 18:28 . 2008-04-29 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-04-28 18:07 . 2008-04-28 18:04 13,527,773,965 --a------ C:\AgeOfConan_FilePlanet.zip
2008-04-28 06:36 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-04-28 06:36 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-04-28 06:36 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-04-28 06:36 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-04-28 06:36 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-04-28 06:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-27 23:12 . 2008-04-27 23:12 <DIR> d-------- C:\Program Files\iPod
2008-04-27 23:12 . 2008-05-05 09:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-27 23:12 . 2008-04-27 23:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 23:10 . 2008-04-27 23:11 <DIR> d-------- C:\Program Files\QuickTime
2008-04-08 21:22 . 2008-04-08 21:22 <DIR> d-------- C:\Deckard
2008-04-08 21:03 . 2008-04-08 21:03 <DIR> d-------- C:\Documents and Settings\Iubi\Application Data\Malwarebytes
2008-04-08 21:02 . 2008-04-08 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 08:02 . 2008-04-08 08:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 22:29 . 2008-04-07 22:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-07 01:45 . 2008-04-07 01:46 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-07 01:42 . 2008-04-09 06:59 <DIR> d-------- C:\Program Files\Google
2008-04-07 01:34 . 2008-04-08 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 01:28 . 2008-04-07 01:28 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-07 01:08 . 2008-04-07 01:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-07 01:07 . 2008-04-07 01:07 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-07 01:07 . 2008-05-05 00:04 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 08:08 --------- d-----w C:\Documents and Settings\Iubi\Application Data\uTorrent
2008-05-05 00:36 --------- d-----w C:\Program Files\FlashGet
2008-05-04 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 17:43 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-29 18:44 --------- d-----w C:\Program Files\uTorrent
2008-04-28 16:33 --------- d-----w C:\Program Files\Apple Software Update
2008-04-28 05:36 --------- d-----w C:\Documents and Settings\Iubi\Application Data\IGN_DLM
2008-04-27 17:30 --------- d-----w C:\Program Files\DivX
2008-04-09 05:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 22:26 --------- d-----w C:\Program Files\Lavasoft
2008-04-08 22:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-08 22:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 01:41 --------- d-----w C:\Documents and Settings\Iubi\Application Data\Ascaron Entertainment
2008-03-14 20:24 --------- d-----w C:\Program Files\Java
2008-03-12 22:26 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-11 20:58 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-12-23 13:12 22,328 ----a-w C:\Documents and Settings\Iubi\Application Data\PnkBstrK.sys
2007-01-16 23:22 382 ------w C:\Documents and Settings\Iubi\Application Data\internaldb1942.dat
2007-01-16 23:21 49 ------w C:\Documents and Settings\Iubi\Application Data\internaldb41.dat
2007-01-16 23:21 20,480 ------w C:\Documents and Settings\Iubi\Application Data\internaldb4827.dat
2007-01-16 23:21 151 ------w C:\Documents and Settings\Iubi\Application Data\internaldb292.dat
2007-01-16 23:21 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb2391.dat
2007-01-16 23:16 9,216 ------w C:\Documents and Settings\Iubi\Application Data\internaldb8467.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb6334.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb5436.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb4604.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb3902.dat
2007-01-16 23:16 0 ------w C:\Documents and Settings\Iubi\Application Data\internaldb153.dat
2006-11-25 22:43 774,144 ------w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-05_ 0.10.33.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 12:23:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 08:05:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-05-04 13:07:17 72,550 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-05 08:10:38 72,550 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-04 13:07:17 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-05 08:10:38 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-05 08:05:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 05:21 4687352]
"igndlm.exe"="E:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 14:57 1103480]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-31 19:07 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ShStatEXE"="E:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 16:39 461584]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 17:49 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 18:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [ ]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 19:06 110592 C:\WINDOWS\system32\ulutil2.dll]
"Symantec Backup Exec System Recovery 6.5"="C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" [2006-06-26 18:02 1509016]
"ULiRaid"="C:\Program Files\ULiRaid\ULiRaid.exe" [2006-01-12 15:17 466944]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 15:25 8491008]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 1581056 C:\WINDOWS\mixer.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 15:25 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link REG Utility.lnk - C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe [2006-11-23 12:11:32 28672]
DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk - C:\Program Files\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe [2006-11-23 12:11:32 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcWzrd"=ALCWZRD.EXE
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Alcmtr"=ALCMTR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"E:\\Program Files\\LimeWire\\LimeWire.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"E:\\The Lord of the Rings Online\\lotroclient.exe"=
"E:\\Program Files\\Cyanide\\Chaos-League SD\\ChaosLeagueEx.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Etherlords II\\Etherlords2.exe"=
"E:\\Two Worlds\\TwoWorlds.exe"=
"E:\\Two Worlds\\TwoWorlds_RADEON.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Games\\Genesis Rising\\bin\\GenesisRising.exe"=

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-29 15:25]
R0 m5288;m5288;C:\WINDOWS\system32\drivers\m5288.sys [2005-12-23 23:54]
R0 ulipnp;ULi PnP Driver;C:\WINDOWS\system32\drivers\ulipnp.sys [2005-12-30 12:20]
R0 ulsata2;ulsata2;C:\WINDOWS\system32\DRIVERS\ulsata2.sys [2006-04-06 18:52]
R2 Backup Exec System Recovery;Backup Exec System Recovery;C:\Program Files\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [2006-06-26 18:02]
R2 FileVol;FileVol;C:\WINDOWS\system32\drivers\FileVol.sys [2006-06-26 18:02]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36]
S2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys []
S3 AR5513;%ATHER.Service.DispName%;C:\WINDOWS\system32\DRIVERS\ar5513.sys [2005-09-13 07:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 21:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 09:07:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
E:\Program Files\Network Associates\VirusScan\Mcshield.exe
E:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
E:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
.
**************************************************************************
.
Completion time: 2008-05-05 9:17:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-05 08:16:21
ComboFix2.txt 2008-05-04 23:11:49
ComboFix3.txt 2008-04-08 19:27:39

Pre-Run: 49,501,097,984 bytes free
Post-Run: 49,401,905,152 bytes free

232 --- E O F --- 2008-04-09 06:10:19
  • 0

#6
greyknight17
Posted 05 May 2008 - 07:07 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The only thing I can think of doing is to disable it then...

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

Restart and see if there's any difference now.
  • 0

#7
greyknight17
Posted 11 May 2008 - 08:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP