Inactive Malware - Google redirect
- Thread starter tacobob20
- Start date
- Status
Sorry, let me clarify: I have run it a few times (certainly not seven for this one though) since the infection occurred before I found this forum, but not since till instructed. Included is the log that is dated from the first run since the beginning of the infection.
--------------------------------------------------
ComboFix 10-10-01.01 - Brad 10/02/2010 0:08.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3020 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\CmboFix.exe
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Brad\Local Settings\Application Data\68072.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\ndisapi.dll
E:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISRD
-------\Service_NDISRD
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 05:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 05:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-21 00:17 . 2010-09-21 00:17 117427 ----a-w- c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-30 04:02 . 2009-12-07 07:24 -------- d-----w- c:\documents and settings\Brad\Application Data\vlc
2010-09-25 03:02 . 2010-01-04 23:41 -------- d-----w- c:\documents and settings\Brad\Application Data\Azureus
2010-08-30 03:00 . 2010-01-04 23:41 -------- d-----w- c:\program files\Vuze
2010-08-30 02:30 . 2010-08-30 02:30 310208 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-30 02:29 . 2010-01-05 00:19 4146688 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-08-30 02:29 . 2010-01-05 00:19 7288256 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-08-19 05:40 . 2009-02-11 03:27 -------- d-----w- c:\documents and settings\Brad\Application Data\Skype
2010-08-19 00:08 . 2009-02-11 03:28 -------- d-----w- c:\documents and settings\Brad\Application Data\skypePM
2010-08-15 21:04 . 2010-04-20 00:52 -------- d-----w- c:\documents and settings\Brad\Application Data\VMware
2010-08-06 00:11 . 2010-08-06 00:11 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 00:10 . 2007-05-22 05:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2006-05-03 09:06 . 2007-03-30 17:58 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-03-30 17:58 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2/15/2009 9:27 PM 5248]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2009 9:09 PM 1519168]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/21/2009 5:46 AM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/2/2010 10:00 PM 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S3 RPGNCM;RPGNCM;c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe --> c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/17/2007 2:52 AM 176128]
S3 SaiH0006;SaiH0006;c:\windows\system32\drivers\SaiH0006.sys [7/26/2004 1:54 PM 56576]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/17/2007 2:52 AM 13532]
S4 4401D;4401D;c:\windows\system32\4401D.sys [2/24/2008 5:44 PM 54624]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2/15/2009 9:27 PM 160640]
S4 gel90xne;gel90xne;\??\c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys [?]
S4 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2007 4:17 PM 646392]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
--------------------------------------------------
ComboFix 10-10-01.01 - Brad 10/02/2010 0:08.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3020 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\CmboFix.exe
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Brad\Local Settings\Application Data\68072.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\ndisapi.dll
E:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISRD
-------\Service_NDISRD
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 05:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 05:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-21 00:17 . 2010-09-21 00:17 117427 ----a-w- c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-30 04:02 . 2009-12-07 07:24 -------- d-----w- c:\documents and settings\Brad\Application Data\vlc
2010-09-25 03:02 . 2010-01-04 23:41 -------- d-----w- c:\documents and settings\Brad\Application Data\Azureus
2010-08-30 03:00 . 2010-01-04 23:41 -------- d-----w- c:\program files\Vuze
2010-08-30 02:30 . 2010-08-30 02:30 310208 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-30 02:29 . 2010-01-05 00:19 4146688 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-08-30 02:29 . 2010-01-05 00:19 7288256 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-08-19 05:40 . 2009-02-11 03:27 -------- d-----w- c:\documents and settings\Brad\Application Data\Skype
2010-08-19 00:08 . 2009-02-11 03:28 -------- d-----w- c:\documents and settings\Brad\Application Data\skypePM
2010-08-15 21:04 . 2010-04-20 00:52 -------- d-----w- c:\documents and settings\Brad\Application Data\VMware
2010-08-06 00:11 . 2010-08-06 00:11 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 00:10 . 2007-05-22 05:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2006-05-03 09:06 . 2007-03-30 17:58 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-03-30 17:58 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2/15/2009 9:27 PM 5248]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2009 9:09 PM 1519168]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/21/2009 5:46 AM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/2/2010 10:00 PM 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S3 RPGNCM;RPGNCM;c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe --> c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/17/2007 2:52 AM 176128]
S3 SaiH0006;SaiH0006;c:\windows\system32\drivers\SaiH0006.sys [7/26/2004 1:54 PM 56576]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/17/2007 2:52 AM 13532]
S4 4401D;4401D;c:\windows\system32\4401D.sys [2/24/2008 5:44 PM 54624]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2/15/2009 9:27 PM 160640]
S4 gel90xne;gel90xne;\??\c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys [?]
S4 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2007 4:17 PM 646392]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:3073
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-HijackThis - L:\HijackThis.exe
AddRemove-MiniStumbler - c:\program files\MiniStumbler\uninst.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-WinGTK-2_is1 - c:\program files\Common Files\GTK\2.0\setup\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 00:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-02 00:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-02 06:18
Pre-Run: 6,091,493,376 bytes free
Post-Run: 7,932,510,208 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /safeboot:network
- - End Of File - - 6B45C2CDCABD71181D548A4214CC3A83
ComboFix 10-10-01.01 - Brad 10/02/2010 0:39.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2873 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\CmboFix.exe
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 05:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 05:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-21 00:17 . 2010-09-21 00:17 117427 ----a-w- c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-30 04:02 . 2009-12-07 07:24 -------- d-----w- c:\documents and settings\Brad\Application Data\vlc
2010-09-25 03:02 . 2010-01-04 23:41 -------- d-----w- c:\documents and settings\Brad\Application Data\Azureus
2010-08-30 03:00 . 2010-01-04 23:41 -------- d-----w- c:\program files\Vuze
2010-08-30 02:30 . 2010-08-30 02:30 310208 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-30 02:29 . 2010-01-05 00:19 4146688 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-08-30 02:29 . 2010-01-05 00:19 7288256 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-08-19 05:40 . 2009-02-11 03:27 -------- d-----w- c:\documents and settings\Brad\Application Data\Skype
2010-08-19 00:08 . 2009-02-11 03:28 -------- d-----w- c:\documents and settings\Brad\Application Data\skypePM
2010-08-15 21:04 . 2010-04-20 00:52 -------- d-----w- c:\documents and settings\Brad\Application Data\VMware
2010-08-06 00:11 . 2010-08-06 00:11 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 00:10 . 2007-05-22 05:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2006-05-03 09:06 . 2007-03-30 17:58 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-03-30 17:58 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:3073
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-HijackThis - L:\HijackThis.exe
AddRemove-MiniStumbler - c:\program files\MiniStumbler\uninst.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-WinGTK-2_is1 - c:\program files\Common Files\GTK\2.0\setup\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 00:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-02 00:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-02 06:18
Pre-Run: 6,091,493,376 bytes free
Post-Run: 7,932,510,208 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /safeboot:network
- - End Of File - - 6B45C2CDCABD71181D548A4214CC3A83
ComboFix 10-10-01.01 - Brad 10/02/2010 0:39.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2873 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\CmboFix.exe
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 05:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 05:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-21 00:17 . 2010-09-21 00:17 117427 ----a-w- c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-10-01 23:38 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-30 04:02 . 2009-12-07 07:24 -------- d-----w- c:\documents and settings\Brad\Application Data\vlc
2010-09-25 03:02 . 2010-01-04 23:41 -------- d-----w- c:\documents and settings\Brad\Application Data\Azureus
2010-08-30 03:00 . 2010-01-04 23:41 -------- d-----w- c:\program files\Vuze
2010-08-30 02:30 . 2010-08-30 02:30 310208 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-30 02:29 . 2010-01-05 00:19 4146688 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-08-30 02:29 . 2010-01-05 00:19 7288256 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-08-19 05:40 . 2009-02-11 03:27 -------- d-----w- c:\documents and settings\Brad\Application Data\Skype
2010-08-19 00:08 . 2009-02-11 03:28 -------- d-----w- c:\documents and settings\Brad\Application Data\skypePM
2010-08-15 21:04 . 2010-04-20 00:52 -------- d-----w- c:\documents and settings\Brad\Application Data\VMware
2010-08-06 00:11 . 2010-08-06 00:11 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 00:10 . 2007-05-22 05:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2006-05-03 09:06 . 2007-03-30 17:58 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-03-30 17:58 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2/15/2009 9:27 PM 5248]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2009 9:09 PM 1519168]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/21/2009 5:46 AM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/2/2010 10:00 PM 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S3 RPGNCM;RPGNCM;c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe --> c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/17/2007 2:52 AM 176128]
S3 SaiH0006;SaiH0006;c:\windows\system32\drivers\SaiH0006.sys [7/26/2004 1:54 PM 56576]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/17/2007 2:52 AM 13532]
S4 4401D;4401D;c:\windows\system32\4401D.sys [2/24/2008 5:44 PM 54624]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2/15/2009 9:27 PM 160640]
S4 gel90xne;gel90xne;\??\c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys [?]
S4 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2007 4:17 PM 646392]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:3073
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 00:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(180)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-02 00:45:58
ComboFix-quarantined-files.txt 2010-10-02 06:45
ComboFix2.txt 2010-10-02 06:18
Pre-Run: 7,948,087,296 bytes free
Post-Run: 7,929,057,280 bytes free
- - End Of File - - 4F03332FBED2EEC5F12537A39134A42A
ComboFix 10-10-01.07 - Brad 10/02/2010 17:34:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2636 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\CmboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 22:41 . 2010-10-02 22:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-10-02 11:08 . 2010-10-02 11:08 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\ESET
2010-10-02 08:35 . 2010-10-02 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-02 06:51 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 06:51 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-21 00:17 . 2010-09-21 00:17 117427 ----a-w- c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 22:56 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-10-02 22:56 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-10-02 08:15 . 2010-04-14 00:00 31744 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-30 04:02 . 2009-12-07 07:24 -------- d-----w- c:\documents and settings\Brad\Application Data\vlc
2010-09-25 03:02 . 2010-01-04 23:41 -------- d-----w- c:\documents and settings\Brad\Application Data\Azureus
2010-08-30 03:00 . 2010-01-04 23:41 -------- d-----w- c:\program files\Vuze
2010-08-30 02:30 . 2010-08-30 02:30 310208 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-30 02:29 . 2010-01-05 00:19 4146688 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-08-30 02:29 . 2010-01-05 00:19 7288256 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-08-19 05:40 . 2009-02-11 03:27 -------- d-----w- c:\documents and settings\Brad\Application Data\Skype
2010-08-19 00:08 . 2009-02-11 03:28 -------- d-----w- c:\documents and settings\Brad\Application Data\skypePM
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 21:04 . 2010-04-20 00:52 -------- d-----w- c:\documents and settings\Brad\Application Data\VMware
2010-08-06 00:11 . 2010-08-06 00:11 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 00:10 . 2007-05-22 05:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-22 15:49 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-07-21 19:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2006-05-03 09:06 . 2007-03-30 17:58 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-03-30 17:58 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-02_06.15.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-02 22:56 . 2010-10-02 22:56 16384 c:\windows\temp\Perflib_Perfdata_55c.dat
+ 2007-11-13 11:31 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-11-13 11:31 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-06-09 00:49 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2007-06-09 00:49 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2006-02-28 12:00 . 2010-09-06 00:24 72212 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-10-02 21:39 72212 c:\windows\system32\perfc009.dat
+ 2010-03-29 23:13 . 2010-03-29 23:13 95872 c:\windows\system32\drivers\epfwtdir.sys
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-03-23 11:31 . 2010-03-23 11:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 15:43 . 2010-09-22 15:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 21:55 . 2010-09-23 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 09:17 . 2010-09-23 09:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 21:32 . 2010-03-31 21:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 09:17 . 2010-09-23 09:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 21:32 . 2010-03-31 21:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-10-02 08:35 . 2010-10-02 08:35 10134 c:\windows\Installer\{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}\callmsi.exe
+ 2010-10-02 21:40 . 2010-10-02 21:40 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6875b0bc\System.Drawing.Design.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d454dfb1\CustomMarshalers.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-11 06:28 . 2010-06-11 06:28 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-09-06 00:23 . 2010-09-06 00:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-28 12:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
+ 2006-02-28 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2006-02-28 12:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2009 9:09 PM 1519168]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/21/2009 5:46 AM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/2/2010 10:00 PM 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S3 RPGNCM;RPGNCM;c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe --> c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/17/2007 2:52 AM 176128]
S3 SaiH0006;SaiH0006;c:\windows\system32\drivers\SaiH0006.sys [7/26/2004 1:54 PM 56576]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/17/2007 2:52 AM 13532]
S4 4401D;4401D;c:\windows\system32\4401D.sys [2/24/2008 5:44 PM 54624]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2/15/2009 9:27 PM 160640]
S4 gel90xne;gel90xne;\??\c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys [?]
S4 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2007 4:17 PM 646392]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:3073
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 00:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(180)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-02 00:45:58
ComboFix-quarantined-files.txt 2010-10-02 06:45
ComboFix2.txt 2010-10-02 06:18
Pre-Run: 7,948,087,296 bytes free
Post-Run: 7,929,057,280 bytes free
- - End Of File - - 4F03332FBED2EEC5F12537A39134A42A
ComboFix 10-10-01.07 - Brad 10/02/2010 17:34:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2636 [GMT -6:00]
Running from: c:\documents and settings\Brad\Desktop\CmboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 22:41 . 2010-10-02 22:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-10-02 11:08 . 2010-10-02 11:08 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\ESET
2010-10-02 08:35 . 2010-10-02 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-02 06:51 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 06:51 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 23:51 . 2010-09-25 22:41 -------- d-----w- c:\documents and settings\Brad\Application Data\.minecraft
2010-09-21 00:17 . 2010-09-21 00:17 117427 ----a-w- c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
2010-09-20 01:24 . 2010-09-20 01:24 -------- d-----w- c:\program files\Common Files\DirectX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 22:56 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-10-02 22:56 . 2010-04-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-10-02 08:15 . 2010-04-14 00:00 31744 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-30 04:02 . 2009-12-07 07:24 -------- d-----w- c:\documents and settings\Brad\Application Data\vlc
2010-09-25 03:02 . 2010-01-04 23:41 -------- d-----w- c:\documents and settings\Brad\Application Data\Azureus
2010-08-30 03:00 . 2010-01-04 23:41 -------- d-----w- c:\program files\Vuze
2010-08-30 02:30 . 2010-08-30 02:30 310208 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-30 02:29 . 2010-01-05 00:19 4146688 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-08-30 02:29 . 2010-01-05 00:19 7288256 ----a-w- c:\documents and settings\Brad\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-08-19 05:40 . 2009-02-11 03:27 -------- d-----w- c:\documents and settings\Brad\Application Data\Skype
2010-08-19 00:08 . 2009-02-11 03:28 -------- d-----w- c:\documents and settings\Brad\Application Data\skypePM
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 21:04 . 2010-04-20 00:52 -------- d-----w- c:\documents and settings\Brad\Application Data\VMware
2010-08-06 00:11 . 2010-08-06 00:11 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-06 00:10 . 2007-05-22 05:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-22 15:49 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-07-21 19:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2006-05-03 09:06 . 2007-03-30 17:58 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-03-30 17:58 31232 --sh--r- c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-10-02_06.15.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-02 22:56 . 2010-10-02 22:56 16384 c:\windows\temp\Perflib_Perfdata_55c.dat
+ 2007-11-13 11:31 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-11-13 11:31 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-06-09 00:49 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2007-06-09 00:49 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2006-02-28 12:00 . 2010-09-06 00:24 72212 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-10-02 21:39 72212 c:\windows\system32\perfc009.dat
+ 2010-03-29 23:13 . 2010-03-29 23:13 95872 c:\windows\system32\drivers\epfwtdir.sys
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-03-23 11:31 . 2010-03-23 11:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 15:43 . 2010-09-22 15:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 21:55 . 2010-09-23 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 09:17 . 2010-09-23 09:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 21:32 . 2010-03-31 21:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 09:17 . 2010-09-23 09:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 21:32 . 2010-03-31 21:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-10-02 08:35 . 2010-10-02 08:35 10134 c:\windows\Installer\{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}\callmsi.exe
+ 2010-10-02 21:40 . 2010-10-02 21:40 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6875b0bc\System.Drawing.Design.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d454dfb1\CustomMarshalers.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-11 06:28 . 2010-06-11 06:28 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-09-06 00:23 . 2010-09-06 00:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-28 12:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
+ 2006-02-28 12:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2006-02-28 12:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2006-02-28 12:00 . 2010-09-06 00:24 443368 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2010-10-02 21:39 443368 c:\windows\system32\perfh009.dat
- 2006-10-19 03:47 . 2006-10-19 03:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 03:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2007-02-17 08:39 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2010-03-29 23:12 . 2010-03-29 23:12 114984 c:\windows\system32\drivers\ehdrv.sys
+ 2010-03-29 23:07 . 2010-03-29 23:07 140216 c:\windows\system32\drivers\eamon.sys
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2009-03-10 22:21 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-03-23 11:31 . 2010-03-23 11:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 20:49 . 2010-03-31 20:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 08:25 . 2010-09-23 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 09:17 . 2010-09-23 09:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-03-31 21:32 . 2010-03-31 21:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-10-02 08:35 . 2010-10-02 08:35 950784 c:\windows\Installer\68fe1.msi
+ 2010-09-24 03:02 . 2010-09-24 03:02 798208 c:\windows\Installer\2d38814.msp
+ 2010-10-02 08:35 . 2010-10-02 08:35 101480 c:\windows\Installer\{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}\egui.exe
+ 2010-10-02 21:41 . 2010-10-02 21:41 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e8abc29e\System.Drawing.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f163b87b\System.Drawing.Design.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_71195625\CustomMarshalers.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-02 21:43 . 2010-10-02 21:43 422912 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Web\799743ca9828861b7bc6761ffcb43062\Sd.Web.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 804352 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Irc\2cf9e311bda80739806f302e4bc039cd\Sd.Irc.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-03-23 11:32 . 2010-03-23 11:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 15:44 . 2010-09-22 15:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 20:50 . 2010-03-31 20:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 08:25 . 2010-09-23 08:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 13:39 . 2010-09-23 13:39 4265472 c:\windows\Installer\2d3880a.msp
+ 2010-10-02 21:41 . 2010-10-02 21:41 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ac01e990\System.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_70480d87\System.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f6616d55\System.Xml.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_81456f8e\System.Xml.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c4653652\System.Windows.Forms.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_501356da\System.Windows.Forms.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4f758638\System.Drawing.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ff4d0976\System.Design.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_522bd1fb\System.Design.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bab272e8\mscorlib.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22ce847f\mscorlib.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 6196736 c:\windows\assembly\NativeImages_v2.0.50727_32\Impulse\35523eca357db1a7f2c1885bd3dfd9c4\Impulse.ni.exe
+ 2010-10-02 21:39 . 2010-10-02 21:39 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2006-02-28 12:00 . 2010-10-02 21:39 443368 c:\windows\system32\perfh009.dat
- 2006-10-19 03:47 . 2006-10-19 03:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-19 03:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2007-02-17 08:39 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2010-03-29 23:12 . 2010-03-29 23:12 114984 c:\windows\system32\drivers\ehdrv.sys
+ 2010-03-29 23:07 . 2010-03-29 23:07 140216 c:\windows\system32\drivers\eamon.sys
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2009-03-10 22:21 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-03-23 11:31 . 2010-03-23 11:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 20:49 . 2010-03-31 20:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 08:25 . 2010-09-23 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 09:17 . 2010-09-23 09:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-03-31 21:32 . 2010-03-31 21:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-10-02 08:35 . 2010-10-02 08:35 950784 c:\windows\Installer\68fe1.msi
+ 2010-09-24 03:02 . 2010-09-24 03:02 798208 c:\windows\Installer\2d38814.msp
+ 2010-10-02 08:35 . 2010-10-02 08:35 101480 c:\windows\Installer\{B91B4988-2671-4C7A-9B84-5FE9E38EDDE0}\egui.exe
+ 2010-10-02 21:41 . 2010-10-02 21:41 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e8abc29e\System.Drawing.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f163b87b\System.Drawing.Design.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_71195625\CustomMarshalers.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-02 21:43 . 2010-10-02 21:43 422912 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Web\799743ca9828861b7bc6761ffcb43062\Sd.Web.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 804352 c:\windows\assembly\NativeImages_v2.0.50727_32\Sd.Irc\2cf9e311bda80739806f302e4bc039cd\Sd.Irc.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-03-23 11:32 . 2010-03-23 11:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 15:44 . 2010-09-22 15:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 20:50 . 2010-03-31 20:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 08:25 . 2010-09-23 08:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 13:39 . 2010-09-23 13:39 4265472 c:\windows\Installer\2d3880a.msp
+ 2010-10-02 21:41 . 2010-10-02 21:41 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ac01e990\System.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_70480d87\System.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f6616d55\System.Xml.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_81456f8e\System.Xml.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c4653652\System.Windows.Forms.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_501356da\System.Windows.Forms.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4f758638\System.Drawing.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ff4d0976\System.Design.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_522bd1fb\System.Design.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bab272e8\mscorlib.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22ce847f\mscorlib.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-02 21:44 . 2010-10-02 21:44 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-10-02 21:43 . 2010-10-02 21:43 6196736 c:\windows\assembly\NativeImages_v2.0.50727_32\Impulse\35523eca357db1a7f2c1885bd3dfd9c4\Impulse.ni.exe
+ 2010-10-02 21:39 . 2010-10-02 21:39 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-03-10 22:40 . 2009-03-10 22:40 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-11 06:28 . 2010-06-11 06:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-11 06:28 . 2010-06-11 06:28 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-30 22:37 . 2010-10-02 21:38 35552200 c:\windows\system32\MRT.exe
+ 2010-09-24 20:08 . 2010-09-24 20:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-09-24 13:08 . 2010-09-24 13:08 17518080 c:\windows\Installer\2d3882e.msp
+ 2010-10-02 21:40 . 2010-10-02 21:40 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52ca772b93f517fc8fe53d0a240642b3\System.ServiceModel.ni.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"egui"="g:\tools\nod32\egui.exe" [2010-03-29 2145000]
c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
+ 2010-10-02 21:40 . 2010-10-02 21:40 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-03-10 22:40 . 2009-03-10 22:40 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-09-06 00:24 . 2010-09-06 00:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-02 21:39 . 2010-10-02 21:39 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-09-06 00:23 . 2010-09-06 00:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-11 06:28 . 2010-06-11 06:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-11 06:28 . 2010-06-11 06:28 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-02 21:40 . 2010-10-02 21:40 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-30 22:37 . 2010-10-02 21:38 35552200 c:\windows\system32\MRT.exe
+ 2010-09-24 20:08 . 2010-09-24 20:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-09-24 13:08 . 2010-09-24 13:08 17518080 c:\windows\Installer\2d3882e.msp
+ 2010-10-02 21:40 . 2010-10-02 21:40 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-02 21:42 . 2010-10-02 21:42 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52ca772b93f517fc8fe53d0a240642b3\System.ServiceModel.ni.dll
+ 2010-10-02 21:41 . 2010-10-02 21:41 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\games\steam\steam.exe" [2010-08-23 1242448]
"Google Update"="c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"egui"="g:\tools\nod32\egui.exe" [2010-03-29 2145000]
c:\documents and settings\Brad\Start Menu\Programs\Startup\AutorunsDisabled
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2007-3-30 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-2-17 987136]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avvenu Access n Share Update]
2007-03-21 18:51 28672 ----a-w- c:\program files\Avvenu\Avvenu_updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"NVSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Games\\Starcraft\\StarCraft.exe"=
"e:\\Games\\NWN 2\\nwn2main.exe"=
"e:\\Games\\NWN 2\\nwn2main_amdxp.exe"=
"e:\\Games\\NWN 2\\nwupdate.exe"=
"e:\\Games\\NWN 2\\nwn2server.exe"=
"e:\\Games\\FEAR\\fpupdate.exe"=
"e:\\Games\\FEAR\\FEAR.exe"=
"e:\\Games\\FEAR\\FEARMP.exe"=
"e:\\Games\\Battle for Middle Earth\\game.dat"=
"e:\\Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"e:\\Games\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Games\\Sins of a Solar Empire\\Sins of a Solar Empire Entrenchment.exe"=
"g:\\Games\\Steam\\steamapps\\common\\beyond good and evil\\CheckApplication.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dark sector\\DS.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCry.exe"=
"g:\\Games\\Steam\\steamapps\\common\\farcry\\Bin32\\FarCryConfigurator.exe"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"g:\\Games\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"g:\\Games\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"g:\\Games\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mirrors edge\\Binaries\\MirrorsEdge.exe"=
"g:\\Games\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"g:\\Games\\Steam\\steamapps\\common\\spore\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos igf demo\\OsmosDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\rip\\RIP\\RIP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"g:\\Games\\Steam\\steamapps\\common\\larva mortus\\larvamortus.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"g:\\Games\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\world of goo demo\\WorldOfGoo.exe"=
"g:\\Games\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\thief deadly shadows\\System\\runme.exe"=
"g:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"g:\\Games\\Steam\\steamapps\\common\\swkotor\\swkotor.exe"=
"g:\\Games\\Steam\\steamapps\\common\\timeshift\\bin\\TimeShift.Exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"g:\\Games\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\Shadowgrounds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\shadowgrounds\\ShadowgroundsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\aaaaaaaaaaaaaaaaaaaaaaaaa!!! demo\\main.exe"=
"g:\\Games\\Steam\\steamapps\\common\\machinarium demo\\machinarium.exe"=
"g:\\Games\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"g:\\Games\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"g:\\Games\\Steam\\steamapps\\common\\deus ex\\System\\DeusEx.exe"=
"g:\\Games\\Steam\\steamapps\\common\\lumines\\lumines.exe"=
"g:\\Games\\Steam\\steamapps\\common\\prototype\\prototypef.exe"=
"g:\\Games\\Steam\\steamapps\\common\\stalker clear sky\\bin\\xrEngine.exe"=
"g:\\Games\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\witcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the witcher enhanced edition\\System\\djinni!.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
"g:\\Games\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
"g:\\Games\\Steam\\steamapps\\common\\psychonauts\\PsychoLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Games\\Unreal Anthology\\UT2004\\System\\UT2004.exe"=
"g:\\Games\\Steam\\steamapps\\common\\eufloria - demo\\Eufloria.exe"=
"g:\\Games\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\StarCraft II.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base14803\\SC2.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Game.exe"=
"g:\\Games\\Steam\\steamapps\\common\\the void\\bin\\win32\\Config.exe"=
"g:\\Games\\MW4\\MW4MERCS.ICD"=
"g:\\Games\\MW4\\MTX\\mtx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"=
"g:\\Games\\StarCraft 2 beta\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"=
"g:\\Games\\MW4\\MTX\\Download\\Mechwarrior Mercenaries - Mektek Mekpak\\MW4Mercs.exe"=
"g:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"g:\\Games\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"g:\\Games\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RedFaction.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\full spectrum warrior\\help.htm"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"g:\\Games\\Steam\\steamapps\\common\\red faction\\RF.exe"=
"g:\\Games\\Steam\\steamapps\\common\\galcon fusion\\GalconFusion.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"g:\\Games\\Steam\\steamapps\\common\\trine\\trine_launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\disciples iii renaissance - demo\\DisciplesIII.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"g:\\Games\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"g:\\Games\\Steam\\steamapps\\common\\gratuitous space battles\\GSB.exe"=
"g:\\Games\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\metro 2033\\metro2033.exe"=
"g:\\Games\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"g:\\Games\\Steam\\steamapps\\common\\morrowind\\Morrowind Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\amnesia the dark descent demo\\Launcher.exe"=
"g:\\Games\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2/15/2009 9:27 PM 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
R2 ekrn;ESET Service;g:\tools\nod32\ekrn.exe [3/29/2010 5:12 PM 810120]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2009 9:09 PM 1519168]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/21/2009 5:46 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/2/2010 10:00 PM 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S3 RPGNCM;RPGNCM;c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe --> c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/17/2007 2:52 AM 176128]
S3 SaiH0006;SaiH0006;c:\windows\system32\drivers\SaiH0006.sys [7/26/2004 1:54 PM 56576]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/17/2007 2:52 AM 13532]
S3 UCZGBTEWN;UCZGBTEWN;c:\docume~1\ADMINI~1\LOCALS~1\Temp\UCZGBTEWN.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\UCZGBTEWN.exe [?]
S3 WJFXGVWEU;WJFXGVWEU;c:\docume~1\Brad\LOCALS~1\Temp\WJFXGVWEU.exe --> c:\docume~1\Brad\LOCALS~1\Temp\WJFXGVWEU.exe [?]
S4 4401D;4401D;c:\windows\system32\4401D.sys [2/24/2008 5:44 PM 54624]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2/15/2009 9:27 PM 160640]
S4 gel90xne;gel90xne;\??\c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys [?]
S4 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2007 4:17 PM 646392]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:3073
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 17:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-02 17:41:17
ComboFix-quarantined-files.txt 2010-10-02 23:41
ComboFix2.txt 2010-10-02 06:46
ComboFix3.txt 2010-10-02 06:18
Pre-Run: 7,248,924,672 bytes free
Post-Run: 7,261,896,704 bytes free
- - End Of File - - 1D97CFFFAB1B7D9FC22FC2AE802BCCB7
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/29/2010 5:12 PM 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/29/2010 5:13 PM 95872]
R2 ekrn;ESET Service;g:\tools\nod32\ekrn.exe [3/29/2010 5:12 PM 810120]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [1/12/2009 9:09 PM 1519168]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [1/22/2010 9:57 PM 70704]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [1/22/2010 9:00 PM 563760]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/21/2009 5:46 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/2/2010 10:00 PM 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S3 RPGNCM;RPGNCM;c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe --> c:\docume~1\Brad\LOCALS~1\Temp\RPGNCM.exe [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/17/2007 2:52 AM 176128]
S3 SaiH0006;SaiH0006;c:\windows\system32\drivers\SaiH0006.sys [7/26/2004 1:54 PM 56576]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/17/2007 2:52 AM 13532]
S3 UCZGBTEWN;UCZGBTEWN;c:\docume~1\ADMINI~1\LOCALS~1\Temp\UCZGBTEWN.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\UCZGBTEWN.exe [?]
S3 WJFXGVWEU;WJFXGVWEU;c:\docume~1\Brad\LOCALS~1\Temp\WJFXGVWEU.exe --> c:\docume~1\Brad\LOCALS~1\Temp\WJFXGVWEU.exe [?]
S4 4401D;4401D;c:\windows\system32\4401D.sys [2/24/2008 5:44 PM 54624]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2/15/2009 9:27 PM 160640]
S4 gel90xne;gel90xne;\??\c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\Brad\LOCALS~1\Temp\gel90xne.sys [?]
S4 mfefeatk01;McAfee Inc.;\Device\mfefeatk01.sys --> \Device\mfefeatk01.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/17/2007 4:17 PM 646392]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-854245398-839522115-1003UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 04:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:3073
uInternet Settings,ProxyOverride = <local>
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\gn9wnj7g.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 17:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,37,c8,94,82,b9,b6,ff,46,86,c8,c4,9c,7e,17,0f,87,53,71,c7,f2,cf,da,
91,64,66,b3,9f,fa,38,87,49,e6,6b,43,cd,b7,87,23,8d,b5,5a,fd,86,2b,96,3e,7e,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-790525478-854245398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:4a,a7,ba,46,ed,c1,96,5f,4e,e2,2f,e7,69,31,43,d0,bb,16,31,ad,bb,
5e,a7,fb,9c,5f,58,85,1f,02,96,8e,bb,b4,b3,0e,db,60,d5,a3,7d,b9,1f,24,d5,63,\
"rkeysecu"=hex:b9,20,94,2f,ae,ae,e5,89,f2,28,e6,75,9f,0f,a8,11
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-02 17:41:17
ComboFix-quarantined-files.txt 2010-10-02 23:41
ComboFix2.txt 2010-10-02 06:46
ComboFix3.txt 2010-10-02 06:18
Pre-Run: 7,248,924,672 bytes free
Post-Run: 7,261,896,704 bytes free
- - End Of File - - 1D97CFFFAB1B7D9FC22FC2AE802BCCB7
Ok. Going to try and fix this using Bootkit Remover. I don't like the idea of doing it on a Raid setup, but it should be ok as Raid is done in the bios.
Open Notepad
Copy and paste following text into Notepad:
Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.
Run fix.bat by double clicking.
You may see a black box appear; this is normal.
When done, run remover.exe again and post its output.
Open Notepad
Copy and paste following text into Notepad:
Code:
@ECHO OFF
START remover.exe fix \\.\PhysicalDrive2
EXITThen in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.
Run fix.bat by double clicking.
You may see a black box appear; this is normal.
When done, run remover.exe again and post its output.
Well, System still runs, but issue still exists.
result of second run:
-------------------------------
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive3 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 96d582cc2961041aba7e9700bfe28a1e
Size Device Name MBR Status
--------------------------------------------
467 GB \\.\PhysicalDrive3 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
result of second run:
-------------------------------
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive3 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 96d582cc2961041aba7e9700bfe28a1e
Size Device Name MBR Status
--------------------------------------------
467 GB \\.\PhysicalDrive3 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
Ok. Same again.
Open Notepad
Copy and paste following text into Notepad:
Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.
Run fix.bat by double clicking.
You may see a black box appear; this is normal.
When done, run remover.exe again and post its output.
Open Notepad
Copy and paste following text into Notepad:
Code:
@ECHO OFF
START remover.exe fix \\.\PhysicalDrive3
EXITThen in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.
Run fix.bat by double clicking.
You may see a black box appear; this is normal.
When done, run remover.exe again and post its output.
Did you install the recovery console at all? If so, try this:
When you boot the PC, you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
You should get a black screen with a C:\> prompt. Type with an Enter after each line:
fixmbr
(If it asks you if you are sure then say "Y".)
exit
Reboot computer.
When you boot the PC, you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
You should get a black screen with a C:\> prompt. Type with an Enter after each line:
fixmbr
(If it asks you if you are sure then say "Y".)
exit
Reboot computer.
Ok, so you will have to try to access the recovery console in different way.
If you have Windows CD...(if you don't have Windows CD, scroll down)
1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:
3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
Select the installation number, and hit Enter.
If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
You will be greeted with this screen, which indicates a recovery console at the ready:
If you don't have Windows CD...
Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
Once in the recovery console, You should get a black screen with a C:\> prompt. Type with an Enter after each line:
fixmbr
(If it asks you if you are sure then say "Y".)
exit
Reboot computer.
If you have Windows CD...(if you don't have Windows CD, scroll down)
1. Insert your Windows XP CD into your CD and assure that your CD-ROM drive is capable of booting the CD.
2. Once you have booted from CD, do NOT select the option that states: Press F2 to initiate the Automated System Recovery (ASR) tool.
You’re going to proceed until you see the following screen, at which point you will press the “R” key to enter the recovery console:
3. After you have selected the appropriate option from step two, you will be prompted to select a valid Windows installation (typically number 1).
Select the installation number, and hit Enter.
If there is an administrator password for the administrator account, enter it and hit Enter (if asked for the password, and you don't know it, you're out of luck).
You will be greeted with this screen, which indicates a recovery console at the ready:
If you don't have Windows CD...
Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
Once in the recovery console, You should get a black screen with a C:\> prompt. Type with an Enter after each line:
fixmbr
(If it asks you if you are sure then say "Y".)
exit
Reboot computer.
Raid is definitely not a strong point of mine, but is there any way you can rebuild the array from scratch? I have only done one Raid 0 ever, so I am not familiar with it enough to give any guidance.
Do you know if you can install to a separate hard drive and then repair the MBR from that drive to fix the raid?
Do you know if you can install to a separate hard drive and then repair the MBR from that drive to fix the raid?
- Status
Similar threads
Latest posts
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
-
Amazon denies reports it started a business just to spy on rivals- nitebird replied
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
