Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet / Security Center Attacks [RESOLVED]

Started by zestron , Jun 07 2008 07:04 PM

  • This topic is locked This topic is locked

#1
zestron
Posted 07 June 2008 - 07:04 PM

zestron

    Member

  • Member
  • PipPipPip
  • 334 posts
My internet has recently been on and off, just a built in nVidia one.
While my internet isn't working right on one account, it's fine on another, aswell as a pop up page on the internet and reseting my Security Center.
Something is up.

Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:44 PM, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SONICS~1\SsAAD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: {edff91c4-1a7e-171b-edb4-87c8e6917de0} - {0ed7196e-8c78-4bde-b171-e7a14c19ffde} - C:\WINDOWS\system32\jvavdgib.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - C:\WINDOWS\system32\urqRIyWn.dll
O2 - BHO: (no name) - {F3C17A30-C9CB-4E1E-802C-DA1BE45740E5} - C:\WINDOWS\system32\tuvSjHYr.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BMe3e39976] Rundll32.exe "C:\WINDOWS\system32\wikbhyfk.dll",s
O4 - HKLM\..\Run: [e0d0aaea] rundll32.exe "C:\WINDOWS\system32\fgjtmiwp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1229272821-436374069-839522115-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-1229272821-436374069-839522115-501\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\QQ\Africa2003\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\QQ\Africa2003\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2387353-C598-4719-ACDB-FA285205F396}: NameServer = 24.222.0.94,24.222.0.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: urqRIyWn - C:\WINDOWS\SYSTEM32\urqRIyWn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11913 bytes

Edited by zestron, 07 June 2008 - 07:43 PM.

  • 0

Advertisements

#2
Tigger93
Posted 07 June 2008 - 08:09 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo. :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
zestron
Posted 07 June 2008 - 09:01 PM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts
ComboFix 08-06-07.3 - ------------- 2008-06-07 23:15:40.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1570 [GMT -3:00]
Running from: C:\Documents and Settings\Guest.PETER\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe3e39976.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bnevtbce.exe
C:\WINDOWS\system32\cbXOExYp.dll
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\doauntxy.dll
C:\WINDOWS\system32\eakmwvru.ini
C:\WINDOWS\system32\fewsyyua.dll
C:\WINDOWS\system32\fgjtmiwp.dll
C:\WINDOWS\system32\fvhifrco.exe
C:\WINDOWS\system32\fvlekdng.dll
C:\WINDOWS\system32\ibfyfhjk.dll
C:\WINDOWS\system32\jdanpkml.exe
C:\WINDOWS\system32\jvavdgib.dll
C:\WINDOWS\system32\kjhfyfbi.ini
C:\WINDOWS\system32\lkhssgju.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvowkbrp.exe
C:\WINDOWS\system32\nwnwtayj.dll
C:\WINDOWS\system32\pwimtjgf.ini
C:\WINDOWS\system32\pYxEOXbc.ini
C:\WINDOWS\system32\qhfchhtu.dll
C:\WINDOWS\system32\rYHjSvut.ini
C:\WINDOWS\system32\rYHjSvut.ini2
C:\WINDOWS\system32\soknmuix.ini
C:\WINDOWS\system32\tuvSjHYr.dll
C:\WINDOWS\system32\urqRIyWn.dll
C:\WINDOWS\system32\urvwmkae.dll
C:\WINDOWS\system32\uvoxigmt.exe
C:\WINDOWS\system32\vyqldlxl.dll
C:\WINDOWS\system32\wikbhyfk.dll
C:\WINDOWS\system32\wjdelkpo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_NWSAPAGENT
-------\Legacy_WSERVING
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2010-12-29 13:24 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-04 16:00 . 2008-06-04 16:00 <DIR> d-------- C:\Program Files\AdultPDF
2008-06-02 19:45 . 2008-06-02 19:45 139 --a------ C:\WINDOWS\LODERUNN.INI
2008-06-02 19:35 . 2008-06-02 19:35 795 --a------ C:\WINDOWS\SIERRA.IN~
2008-06-02 15:59 . 2008-06-02 16:00 <DIR> d-------- C:\Program Files\Worms Armageddon
2008-06-01 20:37 . 2008-06-01 20:37 <DIR> d-------- C:\Program Files\Bullfrog
2008-06-01 20:37 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-06-01 20:00 . 2008-06-02 16:54 <DIR> d-------- C:\Program Files\Populous
2008-06-01 19:55 . 2008-06-01 19:57 590 --a------ C:\WINDOWS\entpack.ini
2008-05-31 16:43 . 2008-05-31 16:55 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-31 14:56 . 2004-03-31 20:11 7,060 --a------ C:\WINDOWS\system32\setparam.ini
2008-05-31 14:56 . 2004-03-31 20:11 7,060 --a------ C:\WINDOWS\setparam.ini
2008-05-31 14:56 . 2008-05-31 14:56 33 --a------ C:\WINDOWS\system32\wunilog.ini
2008-05-31 14:55 . 2004-02-04 08:15 237,568 --a------ C:\WINDOWS\system32\SiSWPars.dll
2008-05-31 14:55 . 2004-11-29 04:19 167,424 --a------ C:\WINDOWS\system32\drivers\sis163u.sys
2008-05-31 14:55 . 2004-02-04 08:15 155,648 --a------ C:\WINDOWS\system32\SiSWInst.dll
2008-05-31 14:55 . 2003-11-13 00:33 49,152 --a------ C:\WINDOWS\system32\SiSWBase.dll
2008-05-31 14:55 . 2004-06-02 02:04 36,864 --a------ C:\WINDOWS\system32\unwlsdrv.exe
2008-05-31 01:12 . 2008-05-31 01:12 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\Metaversum
2008-05-31 01:11 . 2008-05-31 01:11 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-05-31 01:11 . 2008-05-31 01:11 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-05-31 01:11 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-31 01:09 . 2008-05-31 01:09 <DIR> d-------- C:\Program Files\Metaversum
2008-05-29 19:36 . 2008-06-07 13:59 <DIR> d-------- C:\Program Files\Hero Editor
2008-05-29 19:26 . 2008-05-29 19:32 35,777 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-29 19:25 . 2008-05-29 19:25 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-29 19:25 . 2008-05-29 19:25 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-28 07:59 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 07:59 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-25 22:27 . 2008-06-07 21:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-25 22:27 . 2008-05-25 22:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 17:33 . 2008-05-20 17:34 <DIR> d-------- C:\Program Files\benchmarks
2008-05-19 21:45 . 2008-05-19 21:45 <DIR> d-------- C:\Program Files\AMD
2008-05-19 14:51 . 2008-05-19 14:51 <DIR> d-------- C:\Documents and Settings\Guest.PETER\Application Data\Nero
2008-05-14 20:17 . 2008-05-14 20:17 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\Nero
2008-05-14 20:14 . 2008-05-14 20:14 <DIR> d-------- C:\Program Files\Nero
2008-05-14 20:14 . 2008-05-14 20:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-14 20:14 . 2008-05-14 20:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-05-13 16:40 . 2008-05-13 16:40 268 --ah----- C:\sqmdata05.sqm
2008-05-13 16:40 . 2008-05-13 16:40 244 --ah----- C:\sqmnoopt05.sqm
2008-05-10 23:44 . 2008-05-29 20:43 <DIR> d-------- C:\Program Files\ManyCam 2.2
2008-05-10 21:19 . 2008-05-10 21:19 <DIR> d-------- C:\WINDOWS\PrimoPDF
2008-05-10 21:19 . 2008-05-10 21:19 <DIR> d-------- C:\Program Files\activePDF
2008-05-10 21:19 . 2006-12-11 17:12 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2008-05-10 18:32 . 2008-05-10 18:32 <DIR> d-------- C:\WINDOWS\NV34723688.TMP
2008-05-10 09:14 . 2008-05-15 20:53 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\mIRC
2008-05-10 08:53 . 2008-05-10 08:53 <DIR> d-------- C:\WINDOWS\NV30723040.TMP
2008-05-10 08:53 . 2006-03-16 07:51 290,304 -ra------ C:\WINDOWS\system32\SET4B.tmp
2008-05-10 08:53 . 2006-03-14 00:09 35,840 -ra------ C:\WINDOWS\system32\SET4F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 00:32 --------- d-----w C:\Program Files\Steam
2008-06-07 22:59 --------- d-----w C:\Program Files\Diablo II
2008-06-07 21:35 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 21:35 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\uTorrent
2008-06-07 21:35 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Hamachi
2008-06-07 18:22 --------- d-----w C:\Program Files\Garry's Mod
2008-06-07 16:59 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-07 16:59 249,856 ------w C:\WINDOWS\Setup1.exe
2008-06-05 20:48 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Skype
2008-06-05 20:47 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\skypePM
2008-06-02 21:43 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-02 19:06 --------- d-----w C:\Program Files\Microsoft Games
2008-06-02 19:05 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Xfire
2008-06-01 01:59 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-01 01:56 --------- d-----w C:\Program Files\SpeedFan
2008-05-31 22:27 3,932,226 ----a-w C:\Program Files\WoW 2008-05-31 19-27-16-98.bmp
2008-05-31 19:41 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-31 18:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-28 11:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-28 11:00 --------- d-----w C:\Program Files\PC Tools AntiVirus
2008-05-27 20:53 --------- d-----w C:\Program Files\Hamachi
2008-05-27 20:52 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-26 01:26 --------- d-----w C:\Program Files\QuickTime
2008-05-21 21:42 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-21 21:42 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\SystemRequirementsLab
2008-05-21 10:54 --------- d-----w C:\Program Files\Google
2008-05-20 20:34 444 ----a-w C:\Program Files\FRAPSLOG.TXT
2008-05-15 23:52 --------- d-----w C:\Program Files\mIRC
2008-05-14 23:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-14 23:06 --------- d-----w C:\Program Files\Ahead
2008-05-14 11:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-10 20:07 --------- d-----w C:\Program Files\AV Vcs 5.5 DIAMOND
2008-05-10 03:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 10:42 --------- d-----w C:\Program Files\SWF-AVI-GIF Converter
2008-05-05 02:19 --------- d-----w C:\Program Files\Counter-Strike
2008-05-04 03:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 04:50 --------- d-----w C:\Program Files\NitroPlus
2008-05-01 00:48 --------- d-----w C:\Program Files\P2KC
2008-05-01 00:09 --------- d-----w C:\Program Files\Sony
2008-04-30 15:17 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\SecondLife
2008-04-28 02:37 --------- d-----w C:\Program Files\Active WebCam
2008-04-28 02:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PY_Software
2008-04-28 02:23 --------- d-----w C:\Program Files\Fake Webcam
2008-04-28 01:58 --------- d-----w C:\Program Files\Microsoft LifeChat
2008-04-27 16:58 --------- d-----w C:\Program Files\I wanna be the guy
2008-04-27 16:54 --------- d-----w C:\Program Files\InterMute
2008-04-27 14:26 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Malwarebytes
2008-04-27 14:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-27 13:37 --------- d-----w C:\Program Files\Trend Micro
2008-04-25 19:40 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-25 14:10 --------- d-----w C:\Program Files\ShellUploader
2008-04-24 20:09 --------- d-----w C:\Program Files\Avatar Sizer
2008-04-20 20:09 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Cabos
2008-04-20 14:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-04-20 14:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-20 14:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-20 14:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-20 14:03 --------- d-----w C:\Program Files\Motorola
2008-04-20 13:45 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-04-19 16:56 --------- d-----w C:\Program Files\Pro Imaging Powertoys
2008-04-19 14:07 --------- d-----w C:\Program Files\Photomatix
2008-04-18 20:40 --------- d-----w C:\Program Files\MagicISO
2008-04-16 01:16 --------- d-----w C:\Program Files\Dark Messiah of Might and Magic
2008-04-16 01:07 --------- d-----w C:\Program Files\Free Download Manager
2008-04-10 19:27 --------- d-----w C:\Program Files\ArtMoney
2008-04-10 11:21 --------- d-----w C:\Program Files\HyCam2
2008-04-10 10:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-09 22:43 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-04-09 21:50 --------- d-----w C:\Program Files\Vstplugins
2008-04-09 21:50 --------- d-----w C:\Program Files\u-he
2008-04-09 21:50 --------- d-----w C:\Program Files\MediaCoder
2008-04-09 21:48 --------- d-----w C:\Program Files\Gadwin Systems
2008-04-09 21:47 --------- d-----w C:\Program Files\Image-Line
2008-04-09 21:47 --------- d-----w C:\Program Files\DivX
2008-04-09 21:45 --------- d-----w C:\Program Files\Autodesk
2008-04-09 21:44 --------- d-----w C:\Program Files\Apophysis 2.0
2008-04-06 14:01 71,184 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-06 14:01 5,376 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-23 02:02 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-23 02:02 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-08 19:14 4,337,664 ----a-w C:\Program Files\mplayerc.exe
2008-01-30 15:43 5,292,066 ----a-w C:\Program Files\hl2 2008-01-30 11-43-20-31.bmp
2008-01-21 00:17 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2007-12-29 04:26 113,503 ----a-w C:\Program Files\INSTALL.LOG
2007-12-27 04:42 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2007-12-27 04:32 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLds.DAT
2007-12-14 01:09 38,201 ----a-w C:\Program Files\uninstall.exe
2006-10-26 09:44 2,838,528 ----a-w C:\Program Files\fraps.exe
2006-10-26 09:43 122,880 ----a-w C:\Program Files\frapslcd.dll
2006-10-26 09:43 110,592 ----a-w C:\Program Files\fraps.dll
2006-10-26 08:36 11,066 ----a-w C:\Program Files\changes.txt
2006-10-26 02:44 1,859 ----a-w C:\Program Files\README.HTM
2006-10-21 00:56 56,320 ----a-w C:\Program Files\fraps64.dll
2006-10-21 00:56 293,376 ----a-w C:\Program Files\fraps64.dat
2004-10-01 18:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-09-16 05:19 99,544 ----a-w C:\WINDOWS\inf\virprn.exe
2003-09-16 05:19 90,624 ----a-w C:\WINDOWS\inf\prtproc.dll
2003-09-16 05:19 18,950 ----a-w C:\WINDOWS\inf\virpntd.dll
2003-09-16 05:19 10,240 ----a-w C:\WINDOWS\inf\virport.dll
2007-09-12 14:19 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 14:22 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 09:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS

2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 08:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 09:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot_2008-05-03_20.17.31.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-03 22:54:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 02:30:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-10-27 18:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2008-05-20 00:46:43 73,728 ----a-r C:\WINDOWS\Installer\{3681FDE2-F945-4CFA-A9C9-D7BCB5626AB2}\NewShortcut1_63DEE96284054F8694636FE381A5574C.exe
- 2008-04-09 03:00:10 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-14 11:30:45 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-09 03:00:11 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 11:30:45 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-09 03:00:10 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-14 11:30:45 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-09 03:00:10 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-14 11:30:45 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-09 03:00:11 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 11:30:45 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-09 03:00:11 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 11:30:45 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-09 03:00:11 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 11:30:45 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-09 03:00:10 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-14 11:30:45 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-09 03:00:11 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-14 11:30:45 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-09 03:00:11 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-14 11:30:45 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-09 03:00:11 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-14 11:30:45 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-09 03:00:10 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 11:30:45 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-27 19:33:43 3,873 ----a-w C:\WINDOWS\mozver.dat
+ 2008-05-20 22:07:23 4,544 ----a-w C:\WINDOWS\mozver.dat
+ 2006-03-22 05:23:50 109,568 ----a-r C:\WINDOWS\NV30723040.TMP\nvtcp.sys
+ 2006-03-22 05:23:50 109,568 ----a-r C:\WINDOWS\NV34723688.TMP\nvtcp.sys
+ 2008-05-11 00:19:35 473,600 ----a-w C:\WINDOWS\PrimoPDF\uninstall.exe
- 2010-12-29 16:19:52 5,760 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{B16AE719-FBF1-49AC-A39D-875F78F8737F}.bin
+ 2010-12-29 16:19:52 6,426 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{B16AE719-FBF1-49AC-A39D-875F78F8737F}.bin
+ 2007-07-23 12:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll
+ 2007-07-23 12:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll
+ 2007-07-23 12:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
+ 2007-07-23 12:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll
+ 2007-07-23 12:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
+ 2007-07-23 12:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
+ 2007-07-23 12:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
+ 2007-07-23 12:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
+ 2007-07-23 12:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
+ 2007-10-15 12:40:08 207,405 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin
+ 2007-10-15 12:40:10 122,249 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
+ 2007-10-15 12:40:10 214,141 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin
+ 2007-10-25 11:29:50 114,505 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
- 2006-03-22 12:21:44 10,240 ----a-w C:\WINDOWS\system32\bdco1ins.dll
+ 2006-03-22 17:21:44 10,240 ----a-w C:\WINDOWS\system32\bdco1ins.dll
- 2008-04-16 01:02:32 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
+ 2008-05-31 21:53:36 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
- 2004-08-04 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2004-08-04 03:56:44 47,616 -c--a-w C:\WINDOWS\system32\dllcache\iyuv_32.dll
+ 2004-08-04 02:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-04 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-04 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-04 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 12:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-04 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-08-04 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2004-08-04 03:56:46 17,408 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2004-08-04 02:08:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2001-08-18 01:36:34 8,192 -c--a-w C:\WINDOWS\system32\dllcache\tsbyuv.dll
- 2004-08-04 04:56:48 53,760 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
+ 2004-08-04 03:56:48 53,760 -c--a-w C:\WINDOWS\system32\dllcache\vfwwdm32.dll
- 2006-07-02 01:39:40 36,864 ----a-w C:\WINDOWS\system32\drivers\AmdK8.sys
+ 2005-03-09 06:53:00 36,352 ----a-r C:\WINDOWS\system32\drivers\AmdK8.sys
+ 2007-11-21 20:31:48 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2007-11-21 20:31:48 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
- 2004-08-04 12:00:00 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 02:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2006-04-24 15:52:28 100,736 ----a-w C:\WINDOWS\system32\drivers\nvata.sys
+ 2006-04-24 20:52:28 100,736 ----a-w C:\WINDOWS\system32\drivers\nvata.sys
- 2006-03-22 12:24:00 52,736 ----a-w C:\WINDOWS\system32\drivers\NVENETFD.sys
+ 2006-03-22 17:24:00 52,736 ----a-w C:\WINDOWS\system32\drivers\NVENETFD.sys
- 2006-03-22 12:24:02 18,944 ----a-w C:\WINDOWS\system32\drivers\nvnetbus.sys
+ 2006-03-22 17:24:02 18,944 ----a-w C:\WINDOWS\system32\drivers\nvnetbus.sys
- 2006-03-22 12:23:40 1,068,800 ----a-w C:\WINDOWS\system32\drivers\nvnrm.sys
+ 2006-03-22 17:23:40 1,068,800 ----a-w C:\WINDOWS\system32\drivers\nvnrm.sys
- 2006-03-22 12:23:18 261,120 ----a-w C:\WINDOWS\system32\drivers\nvsnpu.sys
+ 2006-03-22 17:23:18 261,120 ----a-w C:\WINDOWS\system32\drivers\nvsnpu.sys
- 2006-03-22 12:23:50 109,568 ----a-w C:\WINDOWS\system32\drivers\nvtcp.sys
+ 2006-03-22 17:23:50 109,568 ----a-w C:\WINDOWS\system32\drivers\nvtcp.sys
- 2004-08-04 12:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 02:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2007-09-13 10:43:00 120,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys
- 2006-03-22 12:22:06 155,648 ----a-w C:\WINDOWS\system32\fdco_l1028.dll
+ 2006-03-22 17:22:06 155,648 ----a-w C:\WINDOWS\system32\fdco_l1028.dll
- 2006-03-22 12:22:12 159,232 ----a-w C:\WINDOWS\system32\fdco_l1031.dll
+ 2006-03-22 17:22:12 159,232 ----a-w C:\WINDOWS\system32\fdco_l1031.dll
- 2006-03-22 12:22:20 159,232 ----a-w C:\WINDOWS\system32\fdco_l1034.dll
+ 2006-03-22 17:22:20 159,232 ----a-w C:\WINDOWS\system32\fdco_l1034.dll
- 2006-03-22 12:22:10 159,232 ----a-w C:\WINDOWS\system32\fdco_l1036.dll
+ 2006-03-22 17:22:10 159,232 ----a-w C:\WINDOWS\system32\fdco_l1036.dll
- 2006-03-22 12:22:14 158,720 ----a-w C:\WINDOWS\system32\fdco_l1040.dll
+ 2006-03-22 17:22:14 158,720 ----a-w C:\WINDOWS\system32\fdco_l1040.dll
- 2006-03-22 12:22:16 156,672 ----a-w C:\WINDOWS\system32\fdco_l1041.dll
+ 2006-03-22 17:22:16 156,672 ----a-w C:\WINDOWS\system32\fdco_l1041.dll
- 2006-03-22 12:22:16 156,672 ----a-w C:\WINDOWS\system32\fdco_l1042.dll
+ 2006-03-22 17:22:16 156,672 ----a-w C:\WINDOWS\system32\fdco_l1042.dll
- 2006-03-22 12:22:18 158,720 ----a-w C:\WINDOWS\system32\fdco_l1046.dll
+ 2006-03-22 17:22:18 158,720 ----a-w C:\WINDOWS\system32\fdco_l1046.dll
- 2006-03-22 12:22:08 155,136 ----a-w C:\WINDOWS\system32\fdco_l2052.dll
+ 2006-03-22 17:22:08 155,136 ----a-w C:\WINDOWS\system32\fdco_l2052.dll
- 2006-03-22 12:22:02 208,384 ----a-w C:\WINDOWS\system32\fdco1.dll
+ 2006-03-22 05:22:02 208,384 ----a-w C:\WINDOWS\system32\fdco1.dll
- 2008-04-10 10:38:42 293,760 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-03 10:33:32 294,552 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-04-24 15:52:30 289,792 ----a-w C:\WINDOWS\system32\idecoi.dll
+ 2006-04-24 20:52:30 289,792 ----a-w C:\WINDOWS\system32\idecoi.dll
- 2006-04-24 15:52:30 289,792 ----a-w C:\WINDOWS\system32\idecoiins.dll
+ 2006-04-24 20:52:30 289,792 ----a-w C:\WINDOWS\system32\idecoiins.dll
- 2004-07-20 20:24:10 1,568,768 ------w C:\WINDOWS\system32\ImagX7.dll
+ 2006-03-17 14:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
- 2004-07-20 20:24:10 476,320 ------w C:\WINDOWS\system32\ImagXpr7.dll
+ 2006-03-17 14:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
- 2004-07-20 20:24:10 262,144 ------w C:\WINDOWS\system32\ImagXR7.dll
+ 2006-03-17 14:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
- 2004-07-20 20:24:10 471,040 ------w C:\WINDOWS\system32\ImagXRA7.dll
+ 2006-03-17 14:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
- 2004-08-04 12:00:00 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 2004-08-04 03:56:44 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
+ 1997-06-14 02:56:08 56,832 ----a-w C:\WINDOWS\system32\iyvu9_32.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-08-04 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 12:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2004-08-04 03:56:58 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2004-08-04 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 12:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2006-07-24 13:50:38 125,744 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2004-02-23 03:00:00 119,808 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
- 2004-08-04 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2004-08-04 12:00:00 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-08-04 03:56:46 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2007-12-03 21:04:12 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
- 2006-04-14 12:01:20 35,840 ----a-w C:\WINDOWS\system32\NVCOI.DLL
+ 2006-04-14 17:01:20 35,840 ----a-w C:\WINDOWS\system32\NVCOI.DLL
- 2006-03-23 18:51:06 208,896 ----a-w C:\WINDOWS\system32\nvusmb.exe
+ 2006-03-23 23:51:06 208,896 ----a-w C:\WINDOWS\system32\nvusmb.exe
- 2008-05-03 14:21:56 64,430 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-13 19:41:59 64,430 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-03 14:21:56 409,100 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-13 19:41:59 409,100 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-02-13 17:09:18 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
- 2008-02-19 22:02:03 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-05-31 18:25:56 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2005-03-09 06:53:00 36,352 ----a-r C:\WINDOWS\system32\ReinstallBackups\0037\DriverFiles\AmdK8.sys
+ 2005-03-09 06:53:00 36,352 ----a-r C:\WINDOWS\system32\ReinstallBackups\0038\DriverFiles\AmdK8.sys
+ 2005-03-09 06:53:00 36,352 ----a-r C:\WINDOWS\system32\ReinstallBackups\0039\DriverFiles\AmdK8.sys
+ 2005-03-09 06:53:00 36,352 ----a-r C:\WINDOWS\system32\ReinstallBackups\0040\DriverFiles\AmdK8.sys
+ 2006-03-22 05:21:44 10,240 ----a-r C:\WINDOWS\system32\ReinstallBackups\0041\DriverFiles\bdco1.dll
+ 2006-03-14 19:45:22 35,840 ----a-w C:\WINDOWS\system32\ReinstallBackups\0041\DriverFiles\nvconrm.dll
+ 2006-03-22 05:24:02 18,944 ----a-r C:\WINDOWS\system32\ReinstallBackups\0041\DriverFiles\nvnetbus.sys
+ 2006-03-22 05:23:40 1,068,800 ----a-r C:\WINDOWS\system32\ReinstallBackups\0041\DriverFiles\nvnrm.sys
+ 2006-03-22 05:23:18 261,120 ----a-r C:\WINDOWS\system32\ReinstallBackups\0041\DriverFiles\nvsnpu.sys
+ 2006-03-22 05:22:06 155,648 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1028.dll
+ 2006-03-22 05:22:12 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1031.dll
+ 2006-03-22 05:22:20 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1034.dll
+ 2006-03-22 05:22:10 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1036.dll
+ 2006-03-22 05:22:14 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1040.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1041.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1042.dll
+ 2006-03-22 05:22:18 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l1046.dll
+ 2006-03-22 05:22:08 155,136 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco_l2052.dll
+ 2006-03-22 05:22:02 208,384 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\fdco1.dll
+ 2006-03-22 05:24:00 52,736 ----a-r C:\WINDOWS\system32\ReinstallBackups\0042\DriverFiles\nvefdxp.sys
+ 2006-03-22 05:22:06 155,648 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1028.dll
+ 2006-03-22 05:22:12 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1031.dll
+ 2006-03-22 05:22:20 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1034.dll
+ 2006-03-22 05:22:10 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1036.dll
+ 2006-03-22 05:22:14 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1040.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1041.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1042.dll
+ 2006-03-22 05:22:18 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l1046.dll
+ 2006-03-22 05:22:08 155,136 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco_l2052.dll
+ 2006-03-22 05:22:02 208,384 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\fdco1.dll
+ 2006-03-22 05:24:00 52,736 ----a-r C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\nvefdxp.sys
+ 2006-04-24 15:52:30 289,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0044\DriverFiles\idecoi.dll
+ 2006-04-24 15:52:28 100,736 ----a-w C:\WINDOWS\system32\ReinstallBackups\0044\DriverFiles\nvata.sys
+ 2006-04-14 12:01:20 35,840 ----a-w C:\WINDOWS\system32\ReinstallBackups\0044\DriverFiles\NVCOI.DLL
+ 2006-03-22 05:22:06 155,648 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1028.dll
+ 2006-03-22 05:22:12 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1031.dll
+ 2006-03-22 05:22:20 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1034.dll
+ 2006-03-22 05:22:10 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1036.dll
+ 2006-03-22 05:22:14 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1040.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1041.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1042.dll
+ 2006-03-22 05:22:18 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l1046.dll
+ 2006-03-22 05:22:08 155,136 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco_l2052.dll
+ 2006-03-22 05:22:02 208,384 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\fdco1.dll
+ 2006-03-22 05:24:00 52,736 ----a-r C:\WINDOWS\system32\ReinstallBackups\0045\DriverFiles\nvefdxp.sys
+ 2005-03-09 06:53:00 36,352 ----a-r C:\WINDOWS\system32\ReinstallBackups\0046\DriverFiles\AmdK8.sys
+ 2006-03-22 05:21:44 10,240 ----a-r C:\WINDOWS\system32\ReinstallBackups\0047\DriverFiles\bdco1.dll
+ 2006-03-22 05:24:02 18,944 ----a-r C:\WINDOWS\system32\ReinstallBackups\0047\DriverFiles\nvnetbus.sys
+ 2006-03-22 05:23:40 1,068,800 ----a-r C:\WINDOWS\system32\ReinstallBackups\0047\DriverFiles\nvnrm.sys
+ 2006-03-22 05:23:18 261,120 ----a-r C:\WINDOWS\system32\ReinstallBackups\0047\DriverFiles\nvsnpu.sys
+ 2006-03-22 05:22:06 155,648 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1028.dll
+ 2006-03-22 05:22:12 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1031.dll
+ 2006-03-22 05:22:20 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1034.dll
+ 2006-03-22 05:22:10 159,232 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1036.dll
+ 2006-03-22 05:22:14 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1040.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1041.dll
+ 2006-03-22 05:22:16 156,672 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1042.dll
+ 2006-03-22 05:22:18 158,720 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l1046.dll
+ 2006-03-22 05:22:08 155,136 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco_l2052.dll
+ 2006-03-22 05:22:02 208,384 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\fdco1.dll
+ 2006-03-22 05:24:00 52,736 ----a-r C:\WINDOWS\system32\ReinstallBackups\0049\DriverFiles\nvefdxp.sys
+ 2006-03-16 10:51:34 290,304 ----a-r C:\WINDOWS\system32\ReinstallBackups\0050\DriverFiles\idecoi.dll
+ 2006-03-16 10:51:32 99,840 ----a-r C:\WINDOWS\system32\ReinstallBackups\0050\DriverFiles\nvata.sys
+ 2006-03-14 03:09:50 35,840 ----a-r C:\WINDOWS\system32\ReinstallBackups\0050\DriverFiles\NVCOI.DLL
- 2008-04-20 18:01:08 861,280 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-07 21:36:55 1,628,468 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2006-11-06 22:55:04 106,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\ps5ui.dll
+ 2006-11-06 22:55:05 383,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\pscript5.dll
- 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2001-08-18 01:36:34 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
- 2004-07-09 12:43:56 364,544 ------w C:\WINDOWS\system32\TwnLib4.dll
+ 2006-03-17 17:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
- 2004-08-04 04:56:48 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2004-08-04 03:56:48 53,760 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2007-03-20 23:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-12-13 22:09:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2007-02-28 18:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 23:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2007-12-04 12:59:22 972,072 ----a-w C:\WINDOWS\UNRecode.exe
+ 2008-05-14 23:05:03 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-20 10:15 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]
"P2kAutostart"="" []
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 16:05 1271032]
"WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SsAAD.exe"="C:\PROGRA~1\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 22:01 54832]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 10:39 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoTaskMng"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"VIDC.JPGL"= jpgl.dll
"vidc.dvsd"= pdvcodec.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"vidc.MP42"= MPG4c32..dll
"vidc.MP43"= MPG4c32..dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 18:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 13:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
-ra------ 2005-05-03 08:38 64512 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2007-10-04 16:44 1082664 C:\Program Files\PC Tools AntiVirus\PCTAV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\drivers\\etc\\nop9\\WINClock.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37]
S3 AODService;AODService;C:\Program Files\AMD\OverDrive\AODAssist []
S3 mamovec;mamovec;C:\WINDOWS\system32\Drivers\mamovec.sys [2005-06-16 19:11]
S3 mamovem;mamovem;C:\WINDOWS\system32\Drivers\mamovem.sys [2005-06-16 19:13]
S3 mamoveu;mamoveu;C:\WINDOWS\system32\DRIVERS\mamoveu.sys [2007-08-13 15:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 18:33]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys [2001-09-24 10:42]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 SIS163u;TL-WN320G 1.0 USB WLAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-11-29 04:19]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 19:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0e9e84-0d7f-11dd-a454-00161777a7bf}]
\Shell\AutoRun\command - H:\Startup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 16:54:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-09-23 16:54:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 23:32:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AODService]
"ImagePath"="C:\Program Files\AMD\OverDrive\AODAssist"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\sys
  • 0

#4
Tigger93
Posted 08 June 2008 - 10:00 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Everything looks good. :)

Still having any problems?
  • 0

#5
zestron
Posted 08 June 2008 - 10:47 AM

zestron

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 334 posts
Well, I'll find out after a few reboots, because it usually goes to [bleep] after a few days of being good.
But, I just booted in safe mode, and ran all my clean up programs, and it seems to be working right now.
  • 0

#6
Tigger93
Posted 09 June 2008 - 10:32 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP