Biggiesized
2008-12-08, 02:11
Here is my ComboFix log:
--------------------------------
ComboFix 08-12-06.06 - Chuck 2008-12-07 18:59:43.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2005 [GMT -5:00]
Running from: c:\users\Chuck\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Helper
C:\resycled
c:\users\Chuck\AppData\Roaming\inst.exe
c:\users\Chuck\FAVORI~1\SMS TRAP.url
c:\users\Chuck\Favorites\SMS TRAP.url
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
D:\resycled
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Windows Tribute Service
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-03 15:01 . 2008-12-03 15:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- c:\users\Default.LOG2
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- c:\users\Default.LOG1
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- C:\ProgramData.LOG2
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- C:\ProgramData.LOG1
2008-12-01 15:52 . 2008-12-01 15:52 <DIR> d-------- c:\program files\Common Files\CineForm
2008-12-01 15:52 . 2008-12-01 15:52 <DIR> d-------- c:\program files\CineForm
2008-11-30 22:42 . 2008-11-30 22:42 <DIR> d-------- C:\Binaries
2008-11-30 19:25 . 2008-11-30 19:25 123,952 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-30 19:25 . 2008-11-30 19:25 10,563 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-30 19:25 . 2008-11-30 19:25 805 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\programdata\Symantec
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\program files\Symantec
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\windows\System32\AGEIA
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-29 19:54 . 2008-11-12 14:54 801,312 --a------ c:\windows\System32\nvcplui.exe
2008-11-29 19:54 . 2008-11-12 13:45 453,152 --a------ c:\windows\System32\NVUNINST.EXE
2008-11-29 19:54 . 2008-11-12 14:54 420,384 --a------ c:\windows\System32\nvcpl.cpl
2008-11-18 01:21 . 2008-11-18 01:21 <DIR> d-------- c:\users\Chuck\AppData\Roaming\Creative
2008-11-18 00:53 . 2007-03-23 04:05 29,272 -ra------ c:\windows\System32\AdobePDF.dll
2008-11-17 22:50 . 2008-11-17 22:50 <DIR> d-------- c:\windows\PCHEALTH
2008-11-17 22:50 . 2008-11-17 22:50 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-17 22:49 . 2008-11-17 22:51 <DIR> d-------- c:\programdata\Microsoft Help
2008-11-17 22:49 . 2008-11-17 22:49 <DIR> dr-h----- C:\MSOCache
2008-11-14 18:14 . 2008-12-07 18:52 <DIR> d-------- c:\users\Chuck
2008-11-14 18:13 . 2008-12-02 03:20 <DIR> dr------- C:\Users
2008-11-13 16:20 . 2008-11-13 16:20 203,540 --a------ c:\windows\System32\nvapps.xml
2008-11-10 19:17 . 2008-11-10 19:17 29,192 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-10 15:02 . 2008-11-10 15:02 1,056,768 --a------ c:\windows\System32\CFHD.DLL
2008-11-10 14:22 . 2008-11-10 14:22 <DIR> d-------- c:\programdata\REDCINE
2008-11-10 14:21 . 2008-11-10 14:21 <DIR> d-------- c:\program files\REDCINE
2008-11-09 22:48 . 2008-11-09 22:48 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-09 22:44 . 2002-03-27 14:54 217,088 --a------ c:\windows\System32\libmySQL.dll
2008-11-09 22:44 . 2002-03-29 10:13 102,400 --a------ c:\windows\System32\TrackerNET.dll
2008-11-09 21:11 . 2008-11-09 21:11 <DIR> d-------- C:\SAVE
2008-11-09 20:28 . 2008-11-09 20:28 <DIR> d-------- C:\Sierra
2008-11-09 20:28 . 2008-11-09 20:28 57 --a------ c:\windows\sierra.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 00:04 --------- d---a-w c:\programdata\TEMP
2008-12-07 03:47 --------- d-----w c:\users\Chuck\AppData\Roaming\uTorrent
2008-12-07 03:47 --------- d-----w c:\programdata\Rosetta Stone
2008-12-03 19:58 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-02 05:17 --------- d-----w c:\program files\FlashGet
2008-12-02 04:55 --------- d-----w c:\program files\Steam
2008-12-01 19:30 --------- d-----w c:\program files\Common Files\Steam
2008-12-01 02:53 --------- d-----w c:\program files\megui
2008-11-30 22:17 --------- d-----w c:\programdata\NVIDIA
2008-11-27 07:18 --------- d-----w c:\users\Chuck\AppData\Roaming\vlc
2008-11-27 04:47 --------- d-----w c:\users\Chuck\AppData\Roaming\dvdcss
2008-11-12 19:54 7,611,360 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
2008-11-12 19:54 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd
2008-11-09 23:25 --------- d-----w c:\programdata\Apple Computer
2008-11-09 23:25 --------- d-----w c:\program files\QuickTime
2008-11-09 23:21 --------- d-----w c:\program files\VideoLAN
2008-11-09 23:19 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 23:16 --------- d-----w c:\program files\SpectraCal
2008-11-09 23:15 --------- d-----w c:\program files\PeerGuardian2
2008-10-20 19:48 --------- d-----w c:\program files\Yamb
2008-10-20 19:43 --------- d-----w c:\program files\MKVtoolnix
2008-10-19 05:31 --------- d-----w c:\program files\Burrrn
2008-10-19 00:11 --------- d-----w c:\program files\Monkey's Audio
2008-10-18 23:35 --------- d-----w c:\program files\Winamp
2008-10-17 03:33 --------- d-----w c:\program files\Windows Media Components
2008-10-15 07:48 --------- d-----w c:\program files\Windows Mail
2008-10-13 16:10 47,360 ----a-w c:\users\Chuck\AppData\Roaming\pcouffin.sys
2008-10-13 16:10 --------- d-----w c:\users\Chuck\AppData\Roaming\Vso
2008-10-11 05:25 --------- d-----w c:\program files\Viewpoint
2008-10-11 04:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-17 20:03 62 ----a-w c:\users\Chuck\AppData\Roaming\MTC-savedfolder.dat
2008-05-29 01:36 174 --sha-w c:\program files\desktop.ini
2007-12-27 16:03 23,040 ----a-w c:\program files\cm-dfscPremiereOut.prm
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Google Update"="c:\users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2008-02-20 19456]
"CTxfiHlp"="c:\windows\system32\CTXFIHLP.EXE" [2008-07-11 19968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-21 115560]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2008-02-15 708608]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2008-02-15 954368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i263_32.drv
"vidc.dfsc"= dfsc.dll
"msacm.dfscacm"= dfscacm.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.LAGS"= lagarith.dll
"vidc.CDVC"= cdvccodc.dll
"VIDC.ZMBV"= zmbv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RtHDVCpl"=RtHDVCpl.exe
"Skytel"=Skytel.exe
"<NO NAME>"=
"Adobe_ID0EYTHM"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8DD22FD6-86E3-4A35-9703-76CD6CF3D440}c:\\program files\\steam\\steamapps\\biggiesized\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\biggiesized\team fortress 2\hl2.exe:hl2
"UDP Query User{083FB472-BD49-45C2-8DDA-CE19B429FE91}c:\\program files\\steam\\steamapps\\biggiesized\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\biggiesized\team fortress 2\hl2.exe:hl2
"{658F94B3-6BE0-40ED-8516-A3875AF9F716}"= UDP:3703:Adobe Version Cue CS3 Server
"{990888B7-6D92-4D7F-A219-486040D7E7B4}"= UDP:3704:Adobe Version Cue CS3 Server
"{3C24D067-A0B7-4F5B-9A7C-89228D3E871D}"= UDP:50900:Adobe Version Cue CS3 Server
"{8BBBBAAA-B33D-49D0-913A-32F396B78174}"= UDP:50901:Adobe Version Cue CS3 Server
"{C90FCF6E-2169-4476-8942-0F45ADA6305F}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{46500B75-977D-48E7-AB48-41A7D63A909C}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{799A0B28-BDE8-4223-8C21-5DD715BE2F60}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{0C1E0ECE-F5DE-4900-BDB8-6B237E4CD56C}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{707A2DC1-7BF3-413B-B656-186641A40999}c:\\program files\\spectracal\\pattern generator\\patgen.exe"= UDP:c:\program files\spectracal\pattern generator\patgen.exe:CalMAN Pattern Generator
"UDP Query User{A28DA3F7-49BB-4AE8-8175-45C5BDE98F75}c:\\program files\\spectracal\\pattern generator\\patgen.exe"= TCP:c:\program files\spectracal\pattern generator\patgen.exe:CalMAN Pattern Generator
"TCP Query User{10087323-AC0D-498F-841F-FED77DECF33F}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{D430A612-F036-4D9B-A43F-B65551805B7E}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"{61F21655-52CA-496F-8A0F-AAB068A47329}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{32F7A814-DE20-46CF-9383-E6AC47EBA7AF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{65B97E4F-399A-40B8-A15F-E506F17F9A39}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{1A9C27A9-E69C-44A2-A9F6-92F1D7DECF03}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"{17836ADF-CDD4-4E55-AAA4-E6EE03044703}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent
"{CE94BB24-51CA-4739-B14E-6E8B2292AFF7}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent
"{4605DA6B-027C-4348-A51E-B0C00A212A6D}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E0F77ED7-5AAC-484F-9C16-7028CC07E612}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F37E9F78-E624-44B7-91CC-B7CA360092B3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B8C2D14D-25DE-447E-849F-0AC9475B594A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5D6CB7D4-64DB-423A-B064-9F21CE58EDD6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2F702DD0-1316-4EDD-AA5E-457EC57A979A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{09D9BE1F-DF09-452E-8F58-63D870082215}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"TCP Query User{DCF302ED-E089-447F-8E81-D38D40FC25C6}c:\\program files\\steam\\steamapps\\biggiesized\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\biggiesized\counter-strike source\hl2.exe:hl2
"UDP Query User{AC963E37-89E1-4ED3-972A-49F3DF6A5BFF}c:\\program files\\steam\\steamapps\\biggiesized\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\biggiesized\counter-strike source\hl2.exe:hl2
"{E8560181-7390-464B-8CFF-DF28ADA54C52}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{E681B2FA-9A5A-4412-8E6C-3BEE24E113BB}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{DC2A5F68-548D-4582-9DBA-9A6D688E1FA5}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{13A61FB8-4B4B-4719-8F3C-698DE24B4DD9}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{4F6AE31D-008D-4873-8542-087798DDD050}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B5F056E5-2B6F-4802-96FF-A2797C870E4D}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
R2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [2008-08-05 692325]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-04-16 689416]
R2 PDIHWCTL;PDIHWCTL;\??\c:\windows\system32\drivers\pdihwctl.sys [2008-02-15 14416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-30 99376]
R3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2008-02-15 44344]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [2008-05-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [2008-08-04 79360]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-10 29192]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-04-16 894216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5043e8f-b458-11dc-bab2-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed0d4e7a-64ab-11dd-b903-0016e68f6953}]
\shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 22:58]
2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{1B8A0F10-3AB7-4498-88F8-F996C3BFF4EA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Symantec Antvirus
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\scfm2wnd.default\
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\users\Chuck\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 19:04:17
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-07 19:07:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 00:07:33
Pre-Run: 92,935,356,416 bytes free
Post-Run: 92,720,676,864 bytes free
268 --- E O F --- 2008-11-10 21:52:59
--------------------------------------
--------------------------------------
--------------------------------------
And here is my new HijackThis log:
--------------------------------------
--------------------------------------
--------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:15 PM, on 12/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [CTHelper] "C:\Windows\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] "C:\Windows\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nexus Server (Carbon Coder) (Nexus Server) - Unknown owner - C:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 9683 bytes
Biggiesized
2008-12-09, 00:25
Okay, here's what's been found:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:45 PM, on 12/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [CTHelper] "C:\Windows\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] "C:\Windows\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nexus Server (Carbon Coder) (Nexus Server) - Unknown owner - C:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 9194 bytes
/////////////////////////////////////////////////////////////////////////
ComboFix 08-12-06.06 - Chuck 2008-12-08 12:29:07.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1944 [GMT -5:00]
Running from: c:\users\Chuck\Desktop\ComboFix.exe
Command switches used :: c:\users\Chuck\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Chuck\AppData\Roaming\uTorrent
c:\users\Chuck\AppData\Roaming\uTorrent\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+stuff.torrent
c:\users\Chuck\AppData\Roaming\uTorrent\Ginger - MILF Hunter (Ginger Spice).torrent
c:\users\Chuck\AppData\Roaming\uTorrent\Guns N' Roses - Appetite For Destruction (1987) (MFSL UDCD 699) [EAC-FLAC].torrent
c:\users\Chuck\AppData\Roaming\uTorrent\Jarhead.avi.torrent
.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-08 00:27 . 2008-12-08 00:27 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-08 00:06 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-08 00:06 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-08 00:05 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-08 00:05 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-12-08 00:05 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-08 00:05 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-08 00:05 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-08 00:05 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-07 23:56 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-07 23:56 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-07 23:56 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-07 23:56 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-07 23:56 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-07 23:56 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-07 23:56 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-07 23:56 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-07 23:56 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-07 20:35 . 2008-12-07 20:35 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-03 15:01 . 2008-12-03 15:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- c:\users\Default.LOG2
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- c:\users\Default.LOG1
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- C:\ProgramData.LOG2
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- C:\ProgramData.LOG1
2008-12-01 15:52 . 2008-12-01 15:52 <DIR> d-------- c:\program files\Common Files\CineForm
2008-12-01 15:52 . 2008-12-01 15:52 <DIR> d-------- c:\program files\CineForm
2008-11-30 22:42 . 2008-11-30 22:42 <DIR> d-------- C:\Binaries
2008-11-30 19:25 . 2008-11-30 19:25 123,952 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-30 19:25 . 2008-11-30 19:25 10,563 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-30 19:25 . 2008-11-30 19:25 805 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\programdata\Symantec
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\program files\Symantec
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\windows\System32\AGEIA
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-29 19:54 . 2008-11-12 14:54 801,312 --a------ c:\windows\System32\nvcplui.exe
2008-11-29 19:54 . 2008-11-12 13:45 453,152 --a------ c:\windows\System32\NVUNINST.EXE
2008-11-29 19:54 . 2008-11-12 14:54 420,384 --a------ c:\windows\System32\nvcpl.cpl
2008-11-18 01:21 . 2008-11-18 01:21 <DIR> d-------- c:\users\Chuck\AppData\Roaming\Creative
2008-11-18 00:53 . 2007-03-23 04:05 29,272 -ra------ c:\windows\System32\AdobePDF.dll
2008-11-17 22:50 . 2008-11-17 22:50 <DIR> d-------- c:\windows\PCHEALTH
2008-11-17 22:50 . 2008-11-17 22:50 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-17 22:49 . 2008-12-08 00:51 <DIR> d-------- c:\programdata\Microsoft Help
2008-11-17 22:49 . 2008-11-17 22:49 <DIR> dr-h----- C:\MSOCache
2008-11-14 18:14 . 2008-12-07 18:52 <DIR> d-------- c:\users\Chuck
2008-11-14 18:13 . 2008-12-02 03:20 <DIR> dr------- C:\Users
2008-11-13 16:20 . 2008-11-13 16:20 203,540 --a------ c:\windows\System32\nvapps.xml
2008-11-10 19:17 . 2008-11-10 19:17 29,192 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-10 15:02 . 2008-11-10 15:02 1,056,768 --a------ c:\windows\System32\CFHD.DLL
2008-11-10 14:22 . 2008-11-10 14:22 <DIR> d-------- c:\programdata\REDCINE
2008-11-10 14:21 . 2008-11-10 14:21 <DIR> d-------- c:\program files\REDCINE
2008-11-09 22:48 . 2008-11-09 22:48 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-09 22:44 . 2002-03-27 14:54 217,088 --a------ c:\windows\System32\libmySQL.dll
2008-11-09 22:44 . 2002-03-29 10:13 102,400 --a------ c:\windows\System32\TrackerNET.dll
2008-11-09 21:11 . 2008-11-09 21:11 <DIR> d-------- C:\SAVE
2008-11-09 20:28 . 2008-11-09 20:28 <DIR> d-------- C:\Sierra
2008-11-09 20:28 . 2008-11-09 20:28 57 --a------ c:\windows\sierra.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 17:29 --------- d---a-w c:\programdata\TEMP
2008-12-08 17:19 --------- d-----w c:\program files\megui
2008-12-08 17:18 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-08 03:00 --------- d-----w c:\program files\Steam
2008-12-08 02:13 --------- d-----w c:\program files\Common Files\Steam
2008-12-08 01:35 --------- d-----w c:\program files\Java
2008-12-07 03:47 --------- d-----w c:\programdata\Rosetta Stone
2008-12-02 05:17 --------- d-----w c:\program files\FlashGet
2008-11-30 22:17 --------- d-----w c:\programdata\NVIDIA
2008-11-27 07:18 --------- d-----w c:\users\Chuck\AppData\Roaming\vlc
2008-11-27 04:47 --------- d-----w c:\users\Chuck\AppData\Roaming\dvdcss
2008-11-09 23:25 --------- d-----w c:\programdata\Apple Computer
2008-11-09 23:25 --------- d-----w c:\program files\QuickTime
2008-11-09 23:21 --------- d-----w c:\program files\VideoLAN
2008-11-09 23:19 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 23:16 --------- d-----w c:\program files\SpectraCal
2008-11-09 23:15 --------- d-----w c:\program files\PeerGuardian2
2008-10-20 19:48 --------- d-----w c:\program files\Yamb
2008-10-20 19:43 --------- d-----w c:\program files\MKVtoolnix
2008-10-19 05:31 --------- d-----w c:\program files\Burrrn
2008-10-19 00:11 --------- d-----w c:\program files\Monkey's Audio
2008-10-18 23:35 --------- d-----w c:\program files\Winamp
2008-10-17 03:33 --------- d-----w c:\program files\Windows Media Components
2008-10-15 07:48 --------- d-----w c:\program files\Windows Mail
2008-10-13 16:10 47,360 ----a-w c:\users\Chuck\AppData\Roaming\pcouffin.sys
2008-10-13 16:10 --------- d-----w c:\users\Chuck\AppData\Roaming\Vso
2008-10-13 14:56 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2008-10-11 05:25 --------- d-----w c:\program files\Viewpoint
2008-10-11 04:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-17 20:03 62 ----a-w c:\users\Chuck\AppData\Roaming\MTC-savedfolder.dat
2008-05-29 01:36 174 --sha-w c:\program files\desktop.ini
2007-12-27 16:03 23,040 ----a-w c:\program files\cm-dfscPremiereOut.prm
.
((((((((((((((((((((((((((((( snapshot@2008-12-07_19.06.43.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-18 03:50:50 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-12-08 05:28:28 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-12-08 17:28:45 6,324,224 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2006-10-27 20:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 02:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 20:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 20:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 20:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 20:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 01:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 01:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 01:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 01:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 01:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 01:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 20:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 01:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 01:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 01:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 01:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 01:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 20:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 01:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 20:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 01:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 00:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 20:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 19:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-27 00:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 20:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 01:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 20:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 20:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 02:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 19:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-27 00:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 01:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 02:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 01:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 18:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 18:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 01:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 20:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 01:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 01:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 01:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 21:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 23:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 02:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 02:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 01:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 02:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 19:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-09-30 05:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 20:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2008-11-18 03:50:50 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 20:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 02:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2007-10-02 23:51:22 8,436,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-29 04:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 22:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2008-12-08 05:27:25 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-15 07:03:08 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-08 05:30:00 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-18 03:49:32 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-12-08 05:51:20 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-09-09 19:21:02 135,168 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-08 05:29:36 135,168 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-09 19:21:02 40,960 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2008-12-08 05:29:36 40,960 ----a-r c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2008-11-18 03:51:23 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-08 05:51:32 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-18 03:51:23 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-08 05:51:33 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-18 03:51:23 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-08 05:51:33 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-18 03:51:23 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-08 05:51:33 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-18 03:51:23 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-08 05:51:33 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-18 03:51:23 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-08 05:51:33 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-18 03:51:23 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-08 05:51:33 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-18 03:51:23 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-08 05:51:33 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-18 03:51:23 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-08 05:51:33 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-18 03:51:23 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-08 05:51:33 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-08 17:16:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-08 17:16:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-08 00:04:15 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-08 17:17:05 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-08 00:04:15 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-08 17:19:23 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-19 02:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 19:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-12-08 00:03:57 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-08 17:26:31 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-08 00:03:57 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-08 17:26:31 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-08 00:03:57 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-08 17:26:31 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-10-26 19:10:08 1,190,688 ----a-w c:\windows\System32\FM20.DLL
+ 2007-08-23 06:03:38 1,195,888 ----a-w c:\windows\System32\FM20.DLL
- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\System32\java.exe
+ 2008-12-08 01:35:36 144,792 ----a-w c:\windows\System32\java.exe
- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\System32\javaw.exe
+ 2008-12-08 01:35:37 144,792 ----a-w c:\windows\System32\javaw.exe
- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\System32\javaws.exe
+ 2008-12-08 01:35:37 148,888 ----a-w c:\windows\System32\javaws.exe
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\System32\mrt.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\System32\mrt.exe
- 2008-12-07 23:59:03 105,170 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-08 17:22:55 105,170 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-07 23:59:03 604,214 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-08 17:22:55 604,214 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-01 03:44:33 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-08 17:27:09 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-12-07 23:54:42 9,894 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3739551031-1583798233-1819922031-1000_UserData.bin
+ 2008-12-08 17:18:36 10,306 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3739551031-1583798233-1819922031-1000_UserData.bin
- 2008-12-07 23:54:42 76,052 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-08 17:18:36 77,000 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-01 03:42:47 142,081,339 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-08 05:27:29 146,000,594 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll
+ 2008-10-21 05:06:53 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll
+ 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll
+ 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll
+ 2008-09-05 04:48:28 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3.dll
+ 2008-09-05 04:45:14 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3r.dll
+ 2008-09-05 04:47:44 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3.dll
+ 2008-09-05 04:47:44 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3r.dll
+ 2008-09-05 05:14:05 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3r.dll
+ 2008-09-05 05:08:23 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3.dll
+ 2008-09-05 05:04:53 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3r.dll
+ 2008-09-10 03:25:00 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6.dll
+ 2008-09-10 03:21:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6r.dll
+ 2008-09-10 03:26:42 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6.dll
+ 2008-09-10 03:26:42 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6r.dll
+ 2008-09-10 03:40:14 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll
+ 2008-09-10 03:27:55 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6.dll
+ 2008-09-10 03:23:55 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6r.dll
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16764_none_f064ff046e80cc5f\OESpamFilter.dat
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20937_none_f1120e5787836182\OESpamFilter.dat
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18157_none_f2590e746b9c8d64\OESpamFilter.dat
+ 2008-09-15 22:27:41 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22288_none_f2c33bc584d19a58\OESpamFilter.dat
+ 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll
+ 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll
+ 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll
+ 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll
+ 2008-08-26 01:11:59 211,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
+ 2008-08-27 00:48:36 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys
+ 2008-08-27 01:05:41 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
+ 2008-08-27 00:52:38 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 18:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 19:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll
+ 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll
+ 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll
+ 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll
+ 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll
+ 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll
+ 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll
+ 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
+ 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll
+ 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll
+ 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll
+ 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll
+ 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll
+ 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll
+ 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll
+ 2008-01-19 07:36:07 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll
+ 2008-01-19 07:36:07 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll
+ 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll
+ 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll
+ 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll
+ 2008-12-08 05:27:25 1,286,152 ----a-w c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll
+ 2008-12-08 05:27:27 91,656 ----a-w c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Google Update"="c:\users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2008-02-20 19456]
"CTxfiHlp"="c:\windows\system32\CTXFIHLP.EXE" [2008-07-11 19968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-21 115560]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2008-02-15 708608]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2008-02-15 954368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i263_32.drv
"vidc.dfsc"= dfsc.dll
"msacm.dfscacm"= dfscacm.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.LAGS"= lagarith.dll
"vidc.CDVC"= cdvccodc.dll
"VIDC.ZMBV"= zmbv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RtHDVCpl"=RtHDVCpl.exe
"Skytel"=Skytel.exe
"<NO NAME>"=
"Adobe_ID0EYTHM"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8DD22FD6-86E3-4A35-9703-76CD6CF3D440}c:\\program files\\steam\\steamapps\\biggiesized\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\biggiesized\team fortress 2\hl2.exe:hl2
"UDP Query User{083FB472-BD49-45C2-8DDA-CE19B429FE91}c:\\program files\\steam\\steamapps\\biggiesized\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\biggiesized\team fortress 2\hl2.exe:hl2
"{658F94B3-6BE0-40ED-8516-A3875AF9F716}"= UDP:3703:Adobe Version Cue CS3 Server
"{990888B7-6D92-4D7F-A219-486040D7E7B4}"= UDP:3704:Adobe Version Cue CS3 Server
"{3C24D067-A0B7-4F5B-9A7C-89228D3E871D}"= UDP:50900:Adobe Version Cue CS3 Server
"{8BBBBAAA-B33D-49D0-913A-32F396B78174}"= UDP:50901:Adobe Version Cue CS3 Server
"{C90FCF6E-2169-4476-8942-0F45ADA6305F}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{46500B75-977D-48E7-AB48-41A7D63A909C}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{799A0B28-BDE8-4223-8C21-5DD715BE2F60}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{0C1E0ECE-F5DE-4900-BDB8-6B237E4CD56C}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{707A2DC1-7BF3-413B-B656-186641A40999}c:\\program files\\spectracal\\pattern generator\\patgen.exe"= UDP:c:\program files\spectracal\pattern generator\patgen.exe:CalMAN Pattern Generator
"UDP Query User{A28DA3F7-49BB-4AE8-8175-45C5BDE98F75}c:\\program files\\spectracal\\pattern generator\\patgen.exe"= TCP:c:\program files\spectracal\pattern generator\patgen.exe:CalMAN Pattern Generator
"TCP Query User{10087323-AC0D-498F-841F-FED77DECF33F}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{D430A612-F036-4D9B-A43F-B65551805B7E}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{65B97E4F-399A-40B8-A15F-E506F17F9A39}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{1A9C27A9-E69C-44A2-A9F6-92F1D7DECF03}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"{5D6CB7D4-64DB-423A-B064-9F21CE58EDD6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2F702DD0-1316-4EDD-AA5E-457EC57A979A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{09D9BE1F-DF09-452E-8F58-63D870082215}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"TCP Query User{DCF302ED-E089-447F-8E81-D38D40FC25C6}c:\\program files\\steam\\steamapps\\biggiesized\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\biggiesized\counter-strike source\hl2.exe:hl2
"UDP Query User{AC963E37-89E1-4ED3-972A-49F3DF6A5BFF}c:\\program files\\steam\\steamapps\\biggiesized\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\biggiesized\counter-strike source\hl2.exe:hl2
"{E8560181-7390-464B-8CFF-DF28ADA54C52}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{E681B2FA-9A5A-4412-8E6C-3BEE24E113BB}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{DC2A5F68-548D-4582-9DBA-9A6D688E1FA5}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{13A61FB8-4B4B-4719-8F3C-698DE24B4DD9}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{4F6AE31D-008D-4873-8542-087798DDD050}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B5F056E5-2B6F-4802-96FF-A2797C870E4D}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
R2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [2008-08-05 692325]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-04-16 689416]
R2 PDIHWCTL;PDIHWCTL;\??\c:\windows\system32\drivers\pdihwctl.sys [2008-02-15 14416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-30 99376]
R3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2008-02-15 44344]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [2008-05-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [2008-08-04 79360]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-10 29192]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-04-16 894216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5043e8f-b458-11dc-bab2-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed0d4e7a-64ab-11dd-b903-0016e68f6953}]
\shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2008-12-08 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 22:58]
2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{1B8A0F10-3AB7-4498-88F8-F996C3BFF4EA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\scfm2wnd.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\users\Chuck\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 12:30:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-08 12:31:49
ComboFix-quarantined-files.txt 2008-12-08 17:31:47
ComboFix2.txt 2008-12-08 00:07:38
Pre-Run: 88,057,688,064 bytes free
Post-Run: 88,024,420,352 bytes free
456 --- E O F --- 2008-12-08 17:22:08
//////////////////////////////////////////////
KASPERSKY LOG
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 14:42:00
Records in database: 1444031
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Files scanned: 397488
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:12:08
No malware has been detected. The scan area is clean.
The selected area was scanned.
///////////////////////////////////////
Wouldn't it be easier just to attach each log?
Also, I'd like to mention that I'm getting a ton of COM Surrogate errors. I don't know what it means, but I copied the error dump:
Problem signature:
Problem Event Name: BEX
Application Name: DllHost.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4549b14e
Fault Module Name: CFHD.DLL_unloaded
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 49124b05
Exception Offset: 037a23f0
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6001.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 6bc7
Additional Information 2: f3f6a1403802118ada460cd45530935b
Additional Information 3: 14d6
Additional Information 4: 81fa021282d4df50086ea760a0abc51f
Does this help at all?
Biggiesized
2008-12-10, 04:51
ComboFix 08-12-07.04 - Chuck 2008-12-09 21:21:57.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2041 [GMT -5:00]
Running from: c:\users\Chuck\Desktop\ComboFix.exe
Command switches used :: c:\users\Chuck\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\System32\drivers\ndisprot.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\drivers\ndisprot.sys
.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.
2008-12-08 00:27 . 2008-12-08 00:27 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-08 00:06 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-08 00:06 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-08 00:05 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-08 00:05 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-12-08 00:05 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-08 00:05 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-12-08 00:05 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-12-08 00:05 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-12-07 23:56 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-07 23:56 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-07 23:56 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-07 23:56 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-07 23:56 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-07 23:56 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-07 23:56 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-07 23:56 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-07 23:56 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-07 20:35 . 2008-12-07 20:35 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-03 15:01 . 2008-12-03 15:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- c:\users\Default.LOG2
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- c:\users\Default.LOG1
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- C:\ProgramData.LOG2
2008-12-02 03:20 . 2008-12-02 03:20 0 --ah----- C:\ProgramData.LOG1
2008-12-01 15:52 . 2008-12-01 15:52 <DIR> d-------- c:\program files\Common Files\CineForm
2008-12-01 15:52 . 2008-12-01 15:52 <DIR> d-------- c:\program files\CineForm
2008-11-30 22:42 . 2008-11-30 22:42 <DIR> d-------- C:\Binaries
2008-11-30 19:25 . 2008-11-30 19:25 123,952 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-30 19:25 . 2008-11-30 19:25 10,563 --a------ c:\windows\System32\drivers\SYMEVENT.CAT
2008-11-30 19:25 . 2008-11-30 19:25 805 --a------ c:\windows\System32\drivers\SYMEVENT.INF
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\programdata\Symantec
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\program files\Symantec
2008-11-30 19:23 . 2008-11-30 19:25 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\windows\System32\AGEIA
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-29 19:54 . 2008-11-29 19:54 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-29 19:54 . 2008-11-12 14:54 801,312 --a------ c:\windows\System32\nvcplui.exe
2008-11-29 19:54 . 2008-11-12 13:45 453,152 --a------ c:\windows\System32\NVUNINST.EXE
2008-11-29 19:54 . 2008-11-12 14:54 420,384 --a------ c:\windows\System32\nvcpl.cpl
2008-11-18 01:21 . 2008-11-18 01:21 <DIR> d-------- c:\users\Chuck\AppData\Roaming\Creative
2008-11-18 00:53 . 2007-03-23 04:05 29,272 -ra------ c:\windows\System32\AdobePDF.dll
2008-11-17 22:50 . 2008-11-17 22:50 <DIR> d-------- c:\windows\PCHEALTH
2008-11-17 22:50 . 2008-11-17 22:50 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-17 22:49 . 2008-12-08 00:51 <DIR> d-------- c:\programdata\Microsoft Help
2008-11-17 22:49 . 2008-11-17 22:49 <DIR> dr-h----- C:\MSOCache
2008-11-14 18:14 . 2008-12-08 16:43 <DIR> d-------- c:\users\Chuck
2008-11-14 18:13 . 2008-12-02 03:20 <DIR> dr------- C:\Users
2008-11-13 16:20 . 2008-11-13 16:20 203,540 --a------ c:\windows\System32\nvapps.xml
2008-11-10 15:02 . 2008-11-10 15:02 1,056,768 --a------ c:\windows\System32\CFHD.DLL
2008-11-10 14:22 . 2008-11-10 14:22 <DIR> d-------- c:\programdata\REDCINE
2008-11-10 14:21 . 2008-11-10 14:21 <DIR> d-------- c:\program files\REDCINE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 02:21 --------- d---a-w c:\programdata\TEMP
2008-12-09 04:40 --------- d-----w c:\program files\Steam
2008-12-09 04:22 --------- d-----w c:\program files\Common Files\Steam
2008-12-08 17:37 --------- d-----w c:\program files\Java
2008-12-08 17:19 --------- d-----w c:\program files\megui
2008-12-08 17:18 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-12-07 03:47 --------- d-----w c:\programdata\Rosetta Stone
2008-12-02 05:17 --------- d-----w c:\program files\FlashGet
2008-11-30 22:17 --------- d-----w c:\programdata\NVIDIA
2008-11-27 07:18 --------- d-----w c:\users\Chuck\AppData\Roaming\vlc
2008-11-27 04:47 --------- d-----w c:\users\Chuck\AppData\Roaming\dvdcss
2008-11-10 03:48 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-09 23:25 --------- d-----w c:\programdata\Apple Computer
2008-11-09 23:25 --------- d-----w c:\program files\QuickTime
2008-11-09 23:21 --------- d-----w c:\program files\VideoLAN
2008-11-09 23:19 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 23:16 --------- d-----w c:\program files\SpectraCal
2008-11-09 23:15 --------- d-----w c:\program files\PeerGuardian2
2008-10-20 19:48 --------- d-----w c:\program files\Yamb
2008-10-20 19:43 --------- d-----w c:\program files\MKVtoolnix
2008-10-19 05:31 --------- d-----w c:\program files\Burrrn
2008-10-19 00:11 --------- d-----w c:\program files\Monkey's Audio
2008-10-18 23:35 --------- d-----w c:\program files\Winamp
2008-10-17 03:33 --------- d-----w c:\program files\Windows Media Components
2008-10-15 07:48 --------- d-----w c:\program files\Windows Mail
2008-10-13 16:10 47,360 ----a-w c:\users\Chuck\AppData\Roaming\pcouffin.sys
2008-10-13 16:10 --------- d-----w c:\users\Chuck\AppData\Roaming\Vso
2008-10-13 14:56 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2008-10-11 05:25 --------- d-----w c:\program files\Viewpoint
2008-10-11 04:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-17 20:03 62 ----a-w c:\users\Chuck\AppData\Roaming\MTC-savedfolder.dat
2008-05-29 01:36 174 --sha-w c:\program files\desktop.ini
2007-12-27 16:03 23,040 ----a-w c:\program files\cm-dfscPremiereOut.prm
.
((((((((((((((((((((((((((((( snapshot_2008-12-08_12.31.02.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-08 17:16:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-10 02:08:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-08 17:16:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-10 02:08:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-08 17:17:05 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-10 02:18:24 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-08 17:19:23 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-10 02:18:30 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-08 17:26:31 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-10 02:18:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-08 17:26:31 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-10 02:18:52 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-08 17:26:31 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-10 02:18:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-07 23:59:35 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-10 02:21:38 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-12-08 17:22:55 105,170 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-10 02:15:28 105,170 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-08 17:22:55 604,214 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-10 02:15:28 604,214 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-08 17:27:09 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-08 22:27:56 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-12-08 17:18:36 10,306 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3739551031-1583798233-1819922031-1000_UserData.bin
+ 2008-12-10 02:19:30 10,778 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3739551031-1583798233-1819922031-1000_UserData.bin
- 2008-12-08 17:18:36 77,000 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-10 02:19:28 77,684 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 23:54:38 37,588 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-10 02:19:25 37,992 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Google Update"="c:\users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"CTHelper"="c:\windows\system32\CTHELPER.EXE" [2008-02-20 19456]
"CTxfiHlp"="c:\windows\system32\CTXFIHLP.EXE" [2008-07-11 19968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-21 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2008-02-15 708608]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2008-02-15 954368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i263_32.drv
"vidc.dfsc"= dfsc.dll
"msacm.dfscacm"= dfscacm.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"VIDC.LAGS"= lagarith.dll
"vidc.CDVC"= cdvccodc.dll
"VIDC.ZMBV"= zmbv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RtHDVCpl"=RtHDVCpl.exe
"Skytel"=Skytel.exe
"<NO NAME>"=
"Adobe_ID0EYTHM"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8DD22FD6-86E3-4A35-9703-76CD6CF3D440}c:\\program files\\steam\\steamapps\\biggiesized\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\biggiesized\team fortress 2\hl2.exe:hl2
"UDP Query User{083FB472-BD49-45C2-8DDA-CE19B429FE91}c:\\program files\\steam\\steamapps\\biggiesized\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\biggiesized\team fortress 2\hl2.exe:hl2
"{658F94B3-6BE0-40ED-8516-A3875AF9F716}"= UDP:3703:Adobe Version Cue CS3 Server
"{990888B7-6D92-4D7F-A219-486040D7E7B4}"= UDP:3704:Adobe Version Cue CS3 Server
"{3C24D067-A0B7-4F5B-9A7C-89228D3E871D}"= UDP:50900:Adobe Version Cue CS3 Server
"{8BBBBAAA-B33D-49D0-913A-32F396B78174}"= UDP:50901:Adobe Version Cue CS3 Server
"{C90FCF6E-2169-4476-8942-0F45ADA6305F}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{46500B75-977D-48E7-AB48-41A7D63A909C}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{799A0B28-BDE8-4223-8C21-5DD715BE2F60}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{0C1E0ECE-F5DE-4900-BDB8-6B237E4CD56C}c:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:c:\program files\thq\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{707A2DC1-7BF3-413B-B656-186641A40999}c:\\program files\\spectracal\\pattern generator\\patgen.exe"= UDP:c:\program files\spectracal\pattern generator\patgen.exe:CalMAN Pattern Generator
"UDP Query User{A28DA3F7-49BB-4AE8-8175-45C5BDE98F75}c:\\program files\\spectracal\\pattern generator\\patgen.exe"= TCP:c:\program files\spectracal\pattern generator\patgen.exe:CalMAN Pattern Generator
"TCP Query User{10087323-AC0D-498F-841F-FED77DECF33F}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{D430A612-F036-4D9B-A43F-B65551805B7E}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{65B97E4F-399A-40B8-A15F-E506F17F9A39}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{1A9C27A9-E69C-44A2-A9F6-92F1D7DECF03}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion
"{5D6CB7D4-64DB-423A-B064-9F21CE58EDD6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2F702DD0-1316-4EDD-AA5E-457EC57A979A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{09D9BE1F-DF09-452E-8F58-63D870082215}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"TCP Query User{DCF302ED-E089-447F-8E81-D38D40FC25C6}c:\\program files\\steam\\steamapps\\biggiesized\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\biggiesized\counter-strike source\hl2.exe:hl2
"UDP Query User{AC963E37-89E1-4ED3-972A-49F3DF6A5BFF}c:\\program files\\steam\\steamapps\\biggiesized\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\biggiesized\counter-strike source\hl2.exe:hl2
"{E8560181-7390-464B-8CFF-DF28ADA54C52}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{E681B2FA-9A5A-4412-8E6C-3BEE24E113BB}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{DC2A5F68-548D-4582-9DBA-9A6D688E1FA5}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{13A61FB8-4B4B-4719-8F3C-698DE24B4DD9}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{4F6AE31D-008D-4873-8542-087798DDD050}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B5F056E5-2B6F-4802-96FF-A2797C870E4D}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
R2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [2008-08-05 692325]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-04-16 689416]
R2 PDIHWCTL;PDIHWCTL;\??\c:\windows\system32\drivers\pdihwctl.sys [2008-02-15 14416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-30 99376]
R3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2008-02-15 44344]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [2008-05-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [2008-08-04 79360]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-04-16 894216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5043e8f-b458-11dc-bab2-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed0d4e7a-64ab-11dd-b903-0016e68f6953}]
\shell\AutoRun\command - G:\AUTORUN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2008-12-08 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 22:58]
2008-12-09 c:\windows\Tasks\User_Feed_Synchronization-{1B8A0F10-3AB7-4498-88F8-F996C3BFF4EA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\scfm2wnd.default\
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\users\Chuck\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 21:23:36
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-09 21:24:40
ComboFix-quarantined-files.txt 2008-12-10 02:24:39
ComboFix2.txt 2008-12-08 17:31:50
ComboFix3.txt 2008-12-08 00:07:38
Pre-Run: 86,837,772,288 bytes free
Post-Run: 86,864,449,536 bytes free
282 --- E O F --- 2008-12-08 17:22:08
--------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:31 PM, on 12/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [CTHelper] "C:\Windows\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] "C:\Windows\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chuck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nexus Server (Carbon Coder) (Nexus Server) - Unknown owner - C:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 9154 bytes
------------------------------
As per the COM Surrogate errors, I've been getting them for a few weeks now. They happen very often, sometimes when I'm do nothing at all. Today, I got one after logging into Vista.