Rootkit-Pakes.U infection - computer help forum

Myrmach
Topic Starter

Greenhorn

Posts: 7

« on: November 08, 2009, 02:15:14 AM »

Hello.

I came to this site because I read in one of the forums about the Trojan horse labelled Rootkit-Pakes.U, which is a virus that has presently taken root in my computer. AVG detected it in Windows/System32/drivers/atapi.sys. My AVG can't delete it, so I was hoping I could find some solutions here.


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 571
Posts: 6,550

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Rootkit-Pakes.U infection

« Reply #1 on: November 18, 2009, 06:34:26 PM »

Hello Myrmach and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1.I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2.The fixes are specific to your problem and should only be used for this issue on this machine.
3.If you don't know or understand something, please don't hesitate to ask.
4.Please DO NOT run any other tools or scans whilst I am helping you.
5.It is important that you reply to this thread. Do not start a new topic.
6.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7.Absence of symptoms does not mean that everything is clear.

The first thing I will need you to do is to go to this link and follow the directions precisely. If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. If you can't run any step, just jump to the next one. Please let me know how you are doing or have any questions. Initially, I will need the SuperAntiSpyware, MBAM and HJT logs. Please post any logs that you can generate.


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

Myrmach
Topic Starter

Greenhorn

Posts: 7

Re: Rootkit-Pakes.U infection

« Reply #2 on: November 24, 2009, 10:04:24 PM »

Hello, SuperDave.

My apologies for not being able to reply immediately.

First off, my AVG popped up when I made my Malwarebyte scan. It also did the same for the other scans. It basically was an alert on the file windows\system32\drivers\atapi.sys. I think it is preventing the scans from reading the file.

Anyway, here are the logs that I gained from all three scans:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/25/2009 at 02:15 AM

Application Version : 4.30.1004

Core Rules Database Version : 4307
Trace Rules Database Version: 2173

Scan type : Complete Scan
Total Scan Time : 02:00:00

Memory items scanned : 642
Memory threats detected : 0
Registry items scanned : 6512
Registry threats detected : 0
File items scanned : 280571
File threats detected : 6

Adware.Tracking Cookie
   C:\Documents and Settings\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@avgtechnologies.112.2o7[1].txt
   C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\Cookies\Low\owner@avgtechnologies.112.2o7[1].txt
   C:\Documents and Settings\Owner\Cookies\Low\owner@avgtechnologies.112.2o7[1].txt
   C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@avgtechnologies.112.2o7[1].txt
   C:\Users\Owner\Application Data\Microsoft\Windows\Cookies\Low\owner@avgtechnologies.112.2o7[1].txt
   C:\Users\Owner\Cookies\Low\owner@avgtechnologies.112.2o7[1].txt

Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 6.0.6001 Service Pack 1

25/11/2009 5:34:34 p.m.
mbam-log-2009-11-25 (17-34-34).txt

Scan type: Quick Scan
Objects scanned: 103504
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:11 p.m., on 25/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Update Service (gupdate1ca4734fee236f0) (gupdate1ca4734fee236f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6451 bytes


	IP logged

evilfantasy
Malware Removal Specialist
Moderator

Genius

Thanked: 458
Posts: 11,711

Experience: Beginner
OS: Windows 7

Calm like a bomb

Re: Rootkit-Pakes.U infection

« Reply #3 on: November 25, 2009, 08:53:50 AM »

Quote from: Myrmach on November 08, 2009, 02:15:14 AM

AVG detected it in Windows/System32/drivers/atapi.sys. My AVG can't delete it, so I was hoping I could find some solutions here.

We will fix this manually.

First...

Right click HijackThis and choose Run as Administrator

Next select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Please download SystemLook from one of the links below and save it to your desktop.

Link #1
Link #2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
atapi.sys

Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt


	IP logged

ƃolq

Myrmach
Topic Starter

Greenhorn

Posts: 7

Re: Rootkit-Pakes.U infection

« Reply #4 on: November 26, 2009, 12:29:40 AM »

I went to the page that tells you how to deactivate your anti-virus and anti-spyware programs. But I found it difficult to follow as the instructions talk about menu settings that seem different from that of my AVG . Still, I was able to deactivate the resident shield and the windows defender program. That is about all that I could accomplish with my meager computer skill.

I then followed the instructions on how to run the Systemlook program. I sense there may be something wrong in what I did because it took me just half a minute before the results came on screen.

This is what was shown:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:15 on 26/11/2009 by Reden (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys   --a--- 19944 bytes   [09:39 24/09/2009]   [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys   --a--- 19048 bytes   [10:25 02/11/2006]   [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys   --a--- 21560 bytes   [02:23 21/01/2008]   [02:23 21/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys   --a--- 21560 bytes   [02:23 21/01/2008]   [02:23 21/01/2008] 8154E5810E1993D71EB58D16966E553F
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys   --a--- 21560 bytes   [02:23 21/01/2008]   [02:23 21/01/2008] 2D9C903DC76A66813D350A562DE40ED9

-=End Of File=-


	IP logged

evilfantasy
Malware Removal Specialist
Moderator

Genius

Thanked: 458
Posts: 11,711

Experience: Beginner
OS: Windows 7

Calm like a bomb

Re: Rootkit-Pakes.U infection

« Reply #5 on: November 26, 2009, 08:42:21 AM »

We need to replace the infected file now.

Go to Start > Run (Vista and Windows 7 Start and type in the search box) > type Notepad.exe and click OK to open Notepad.

Copy all of the text in the below Code box into Notepad.

Code: [Select]

@echo off
copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys c:\atapi.sys
exit

In Notepad go to File > Save as, choose to save it to your desktop and name it atapi.bat

Now double click the event.bat file you just created and let it finish.

Important! Vista and Windows 7 users. Right click event.bat and choose Run as Administrator

It should only take a second to be finished.

Now download The Avenger by Swandog46 and save it to your desktop.

* Extract avenger.exe from the Zip file and save it to your Desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]

Comment:

Files to move:
c:\atapi.sys | C:\Windows\System32\drivers\atapi.sys

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

Copy and paste the entire contents of avenger.txt in your next post.


	IP logged

ƃolq

Myrmach
Topic Starter

Greenhorn

Posts: 7

Re: Rootkit-Pakes.U infection

« Reply #6 on: November 26, 2009, 09:37:50 PM »

Here is the avenger log that you requested.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\atapi.sys|C:\Windows\System32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


	IP logged

Myrmach
Topic Starter

Greenhorn

Posts: 7

Re: Rootkit-Pakes.U infection

« Reply #7 on: November 26, 2009, 09:42:30 PM »

Additional information: I ran my anti-virus program and it no longer flashed the Rootkit-Pakes.U infection page. I would guess this is a good sign, but I will continue to wait for further instructions.


	IP logged

evilfantasy
Malware Removal Specialist
Moderator

Genius

Thanked: 458
Posts: 11,711

Experience: Beginner
OS: Windows 7

Calm like a bomb

Re: Rootkit-Pakes.U infection

« Reply #8 on: November 26, 2009, 10:22:39 PM »

Now we need to see if anything else is hiding.

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix


	IP logged

ƃolq

Myrmach
Topic Starter

Greenhorn

Posts: 7

Re: Rootkit-Pakes.U infection

« Reply #9 on: November 27, 2009, 02:00:39 PM »

Here is the combofix log. It is quite long so I will break it up into portions. Here is the first part of the log.

ComboFix 09-11-27.02 - Reden 28/11/2009 9:44.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.64.1033.18.3326.1966 [GMT 13:00]
Running from: c:\users\Reden\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-27 20:51 . 2009-11-27 20:51   --------   d-----w-   c:\users\Reden\AppData\Local\temp
2009-11-27 20:51 . 2009-11-27 20:51   --------   d-----w-   c:\users\Public\AppData\Local\temp
2009-11-27 20:51 . 2009-11-27 20:51   --------   d-----w-   c:\users\Owner\AppData\Local\temp
2009-11-27 20:51 . 2009-11-27 20:51   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-11-25 08:33 . 2009-10-29 09:41   2048   ----a-w-   c:\windows\system32\tzres.dll
2009-11-25 04:47 . 2009-11-25 04:47   --------   d-----w-   c:\program files\Trend Micro
2009-11-25 04:39 . 2009-11-25 04:38   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-11-25 04:38 . 2009-11-25 04:38   --------   d-----w-   c:\program files\Java
2009-11-24 21:35 . 2009-08-10 11:01   1399296   ----a-w-   c:\windows\system32\msxml6.dll
2009-11-24 21:35 . 2009-08-10 11:00   1257472   ----a-w-   c:\windows\system32\msxml3.dll
2009-11-24 11:08 . 2009-11-24 11:08   117760   ----a-w-   c:\users\Reden\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-24 11:07 . 2009-11-24 11:07   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2009-11-24 11:06 . 2009-11-24 13:20   4096   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-24 11:06 . 2009-11-24 11:06   --------   d-----w-   c:\users\Reden\AppData\Roaming\SUPERAntiSpyware.com
2009-11-24 10:56 . 2009-11-24 10:56   --------   d-----w-   c:\program files\CCleaner
2009-11-20 07:44 . 2009-09-04 04:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-11-20 07:44 . 2009-09-04 04:29   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-11-11 19:19 . 2009-11-11 19:19   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2009-11-11 08:14 . 2009-11-11 08:14   --------   d-----w-   c:\programdata\BioWare
2009-11-11 06:58 . 2009-11-11 07:14   --------   d-----w-   c:\program files\Common Files\BioWare
2009-11-11 06:58 . 2009-11-11 07:08   4096   d-----w-   c:\program files\Dragon Age
2009-11-11 01:29 . 2009-08-14 13:53   2035712   ----a-w-   c:\windows\system32\win32k.sys
2009-11-11 01:25 . 2009-08-10 13:05   351232   ----a-w-   c:\windows\system32\WSDApi.dll
2009-11-09 21:48 . 2009-11-09 21:48   --------   d-----w-   c:\users\Reden\AppData\Local\AVG Security Toolbar
2009-11-08 11:11 . 2009-11-08 11:11   --------   d-----w-   c:\users\Reden\AppData\Roaming\Malwarebytes
2009-11-08 11:11 . 2009-09-10 01:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 11:11 . 2009-11-08 11:11   4096   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-08 11:11 . 2009-11-08 11:11   --------   d-----w-   c:\programdata\Malwarebytes
2009-11-08 11:11 . 2009-09-10 01:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-08 08:59 . 2009-03-08 11:33   18944   ----a-w-   c:\windows\system32\corpol.dll
2009-11-08 08:49 . 2009-11-24 10:55   --------   d-----w-   C:\$AVG
2009-11-08 08:49 . 2009-11-08 08:49   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-11-08 08:49 . 2009-11-08 08:49   161800   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2009-11-08 08:49 . 2009-11-09 21:36   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-11-08 08:49 . 2009-11-08 08:49   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-11-08 08:48 . 2009-11-08 08:48   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-11-08 08:48 . 2009-11-27 20:35   4096   d-----w-   c:\windows\system32\drivers\Avg
2009-11-08 08:48 . 2009-11-08 08:48   --------   d-----w-   c:\programdata\AVG Security Toolbar
2009-11-08 08:48 . 2009-11-08 08:48   4096   d-----w-   c:\programdata\avg9
2009-11-05 21:59 . 2009-11-05 21:59   15406728   ----a-w-   c:\windows\system32\xlive.dll
2009-11-05 21:59 . 2009-11-05 21:59   13642888   ----a-w-   c:\windows\system32\xlivefnt.dll
2009-11-04 10:50 . 2009-11-27 20:32   4096   d-----w-   c:\users\Reden\AppData\Roaming\skypePM
2009-11-04 10:48 . 2009-11-27 20:40   4096   d-----w-   c:\users\Reden\AppData\Roaming\Skype
2009-11-04 10:47 . 2009-11-04 10:48   --------   d-----r-   c:\program files\Skype
2009-11-04 10:47 . 2009-11-04 10:47   --------   d-----w-   c:\program files\Common Files\Skype
2009-11-04 10:47 . 2009-11-04 10:47   --------   d-----w-   c:\programdata\Skype
2009-11-02 05:05 . 2009-11-02 05:05   167064   ----a-w-   c:\windows\system32\xliveinstall.dll
2009-11-02 05:05 . 2009-11-02 05:05   71832   ----a-w-   c:\windows\system32\xliveinstallhost.exe
2009-10-30 05:23 . 2009-11-24 11:02   4096   d-----w-   c:\programdata\Spybot - Search & Destroy
2009-10-30 05:23 . 2009-11-24 10:12   8192   d-----w-   c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 20:40 . 2009-02-20 06:01   8192   d-----w-   c:\program files\Steam
2009-11-27 20:40 . 2009-10-07 07:05   8192   d-----w-   c:\users\Reden\AppData\Roaming\uTorrent
2009-11-27 05:01 . 2008-12-12 06:08   12288   d-----w-   c:\program files\Warcraft III
2009-11-26 22:06 . 2009-02-20 06:01   --------   d-----w-   c:\program files\Common Files\Steam
2009-11-24 11:05 . 2008-12-12 03:42   4096   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-11-11 19:37 . 2006-11-02 11:18   4096   d-----w-   c:\program files\Windows Mail
2009-11-11 19:22 . 2009-02-10 08:38   12288   d-----w-   c:\programdata\Microsoft Help
2009-11-11 07:14 . 2008-12-12 03:42   12288   d-----w-   c:\program files\AGEIA Technologies
2009-11-11 07:14 . 2008-12-25 10:22   4096   d-----w-   c:\programdata\Media Center Programs
2009-11-04 10:50 . 2009-11-04 10:50   56   ---ha-w-   c:\programdata\ezsidmv.dat
2009-11-02 07:42 . 2009-10-03 01:39   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-30 05:42 . 2009-02-06 21:13   --------   d-----w-   c:\program files\AVG
2009-10-27 05:14 . 2009-10-27 05:13   --------   d-----w-   c:\users\Reden\AppData\Roaming\Media Player Classic
2009-10-27 05:12 . 2009-10-27 05:12   4096   d-----w-   c:\program files\K-Lite Codec Pack
2009-10-27 05:09 . 2009-05-13 10:35   8192   d-----w-   c:\program files\DivX
2009-10-27 05:01 . 2009-10-27 05:01   --------   d-----w-   c:\program files\GPL MPEG Decoder
2009-10-27 04:55 . 2009-10-07 10:00   4096   d-----w-   c:\program files\Common Files\DivX Shared
2009-10-07 10:03 . 2009-10-07 10:01   --------   d-----w-   c:\users\Reden\AppData\Roaming\DivX
2009-10-07 10:01 . 2009-10-07 10:00   --------   d-----w-   c:\program files\Google
2009-10-07 10:00 . 2009-10-07 10:00   4096   d-----w-   c:\program files\Common Files\PX Storage Engine
2009-10-07 07:06 . 2009-10-07 07:06   --------   d-----w-   c:\program files\uTorrent
2009-09-14 09:44 . 2009-10-14 10:02   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2009-09-10 17:30 . 2009-10-14 10:03   213504   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-10 15:21 . 2009-10-27 19:20   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2009-09-10 15:21 . 2009-10-27 19:20   310784   ----a-w-   c:\windows\system32\unregmp2.exe
2009-09-04 12:24 . 2009-10-14 10:02   61440   ----a-w-   c:\windows\system32\msasn1.dll
2009-08-31 13:55 . 2009-10-14 10:02   293376   ----a-w-   c:\windows\system32\psisdecd.dll
2009-08-31 13:55 . 2009-10-14 10:02   428544   ----a-w-   c:\windows\system32\EncDec.dll
2009-09-25 16:41 . 2009-09-25 16:41   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 10:35 . 2009-05-13 10:35   56   --sh--r-   c:\windows\System32\1EC8D4C88E.sys
2009-05-13 10:35 . 2009-05-13 10:35   1890   --sha-w-   c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-08_08.33.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 08:59 . 2009-03-08 11:32   94720 c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22918_none_a940a7ff8d650ab7\iesetup.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22918_none_a940a7ff8d650ab7\iernonce.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18828_none_a8ac3b48744f86de\iesetup.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18828_none_a8ac3b48744f86de\iernonce.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   59904 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   34816 c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   66560 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
+ 2009-11-09 06:21 . 2009-10-01 11:55   92160 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22933_none_8444da075fea9e51\iecompat.dll
+ 2009-11-09 06:21 . 2009-10-01 03:59   92160 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18842_none_83af6d0646d60121\iecompat.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   66560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   45568 c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
+ 2009-11-08 09:00 . 2009-08-27 11:43   13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22918_none_dfbde1e509adc50e\msfeedssync.exe
+ 2009-11-08 09:00 . 2009-08-27 13:22   55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22918_none_dfbde1e509adc50e\msfeedsbs.dll
+ 2009-11-08 09:00 . 2009-08-27 03:41   13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18828_none_df29752df0984135\msfeedssync.exe
+ 2009-11-08 09:00 . 2009-08-27 05:18   55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18828_none_df29752df0984135\msfeedsbs.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
+ 2009-11-08 08:59 . 2009-03-08 11:31   55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   43008 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
+ 2009-11-08 09:00 . 2009-08-27 13:29   64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22918_none_e558e658d0bed32f\WininetPlugin.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22918_none_e558e658d0bed32f\jsproxy.dll
+ 2009-11-08 09:00 . 2009-08-27 05:22   64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56\WininetPlugin.dll
+ 2009-11-08 09:00 . 2009-08-27 05:18   25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56\jsproxy.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   18944 c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
+ 2009-11-25 08:33 . 2009-10-29 09:26   18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22254_none_17855e4d1ffaeb7e\tzupd.exe
+ 2008-01-21 02:23 . 2008-01-21 02:23   18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18132_none_170f60c606cee124\tzupd.exe
+ 2009-11-25 08:33 . 2009-10-29 09:44   18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22552_none_159cebd122d663ac\tzupd.exe
+ 2008-01-21 02:23 . 2008-01-21 02:23   18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18351_none_15124cd609b9ad64\tzupd.exe
+ 2009-11-25 08:33 . 2009-10-29 09:36   18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21150_none_13b482d325b1d628\tzupd.exe
+ 2009-11-25 08:33 . 2009-10-29 09:51   18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16947_none_133cdfd80c85988c\tzupd.exe
+ 2009-11-08 08:59 . 2009-03-08 11:31   46592 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   66560 c:\windows\System32\wextract.exe
+ 2008-01-21 01:58 . 2009-11-27 20:43   44842 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-14 03:37 . 2009-11-27 20:33   12572 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-904409299-471717701-596354257-1001_UserData.bin
+ 2009-11-08 08:59 . 2009-03-08 11:31   46592 c:\windows\System32\pngfilt.dll
- 2008-10-12 20:56 . 2008-10-12 20:56   70936 c:\windows\System32\PhysXLoader.dll
+ 2009-04-02 23:39 . 2009-04-02 23:39   70936 c:\windows\System32\PhysXLoader.dll
+ 2008-12-03 20:28 . 2008-12-03 20:28   24344 c:\windows\System32\PhysXDevice.dll
- 2006-11-02 07:33 . 2006-11-02 07:33   48128 c:\windows\System32\mshtmler.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   48128 c:\windows\System32\mshtmler.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   66560 c:\windows\System32\mshtmled.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   45568 c:\windows\System32\mshta.exe
- 2008-01-21 02:23 . 2008-01-21 02:23   45568 c:\windows\System32\mshta.exe
+ 2009-11-08 09:00 . 2009-08-27 03:41   13312 c:\windows\System32\msfeedssync.exe
+ 2009-11-08 09:00 . 2009-08-27 05:18   55296 c:\windows\System32\msfeedsbs.dll
- 2008-12-14 02:30 . 2008-02-22 05:01   64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-11-08 09:00 . 2009-08-27 05:22   64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   43008 c:\windows\System32\licmgr10.dll
+ 2009-11-08 09:00 . 2009-08-27 05:18   25600 c:\windows\System32\jsproxy.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   94720 c:\windows\System32\inseng.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   34816 c:\windows\System32\imgutil.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   71680 c:\windows\System32\iesetup.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   55808 c:\windows\System32\iernonce.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   59904 c:\windows\System32\icardie.dll
+ 2008-12-14 02:10 . 2009-11-27 20:34   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-14 02:10 . 2009-11-08 08:17   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-14 02:10 . 2009-11-27 20:34   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-14 02:10 . 2009-11-08 08:17   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-14 02:10 . 2009-11-08 08:17   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-14 02:10 . 2009-11-27 20:34   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 02:23 . 2008-01-21 02:23   72704 c:\windows\System32\admparse.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   72704 c:\windows\System32\admparse.dll
+ 2009-11-11 19:19 . 2009-11-11 19:22   16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-25 08:33 . 2009-11-25 08:33   32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-24 11:06 . 2009-11-24 11:06   65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-11-24 11:06 . 2009-11-24 11:06   18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-07-12 09:21 . 2009-07-12 09:21   12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-11-24 21:35 . 2009-08-11 16:58   2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05\msxml6r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41   2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1\msxml6r.dll
+ 2009-11-24 21:35 . 2009-08-11 17:04   2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485\msxml6r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41   2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\msxml6r.dll
+ 2009-11-24 21:35 . 2009-08-10 12:51   2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4\msxml6r.dll
+ 2009-11-24 21:35 . 2009-08-10 13:05   2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8\msxml6r.dll
+ 2009-11-24 21:35 . 2009-08-11 16:58   2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41   2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe\msxml3r.dll
+ 2009-11-24 21:35 . 2009-08-11 17:04   2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2\msxml3r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41   2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\msxml3r.dll
+ 2009-11-24 21:35 . 2009-08-10 12:51   2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1\msxml3r.dll
+ 2009-11-24 21:35 . 2009-08-10 13:05   2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\msxml3r.dll
+ 2009-11-08 08:59 . 2009-03-08 11:35   2048 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
+ 2009-11-25 08:33 . 2009-10-29 09:26   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22254_none_17855e4d1ffaeb7e\tzres.dll
+ 2009-11-25 08:33 . 2009-10-29 09:17   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18132_none_170f60c606cee124\tzres.dll
+ 2009-11-25 08:33 . 2009-10-29 09:44   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22552_none_159cebd122d663ac\tzres.dll
+ 2009-11-25 08:33 . 2009-10-29 09:41   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18351_none_15124cd609b9ad64\tzres.dll
+ 2009-11-25 08:33 . 2009-10-29 07:55   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21150_none_13b482d325b1d628\tzres.dll
+ 2009-11-25 08:33 . 2009-10-29 07:59   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16947_none_133cdfd80c85988c\tzres.dll
- 2009-11-08 08:08 . 2009-11-08 08:08   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-27 20:41 . 2009-11-27 20:41   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-08 08:08 . 2009-11-08 08:08   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-27 20:41 . 2009-11-27 20:41   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-24 11:06 . 2009-11-24 11:06   5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-11-11 01:25 . 2009-08-10 12:39   355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.22194_none_c0c6531463dfed55\WSDApi.dll
+ 2009-11-11 01:25 . 2009-08-10 12:35   355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.18085_none_c048867f4ab94af1\WSDApi.dll
+ 2009-11-11 01:25 . 2009-08-10 13:03   351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.22491_none_bedce04e66bc4c2c\WSDApi.dll
+ 2009-11-11 01:25 . 2009-08-10 13:05   351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.18306_none_beb994414d512f9c\WSDApi.dll
+ 2009-11-11 01:25 . 2009-08-10 12:53   323072 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.21103_none_bd59c9aa694b25b2\WSDApi.dll
+ 2009-11-11 01:25 . 2009-08-10 13:08   321536 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.16903_none_bcd054bd502d52a6\WSDApi.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
+ 2009-11-09 06:21 . 2009-06-06 12:55   726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18\jscript.dll
+ 2009-11-09 06:21 . 2009-06-06 05:01   726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8\jscript.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
+ 2009-11-08 08:59 . 2009-03-08 11:22   156160 c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
+ 2009-11-08 08:59 . 2009-03-08 11:35   121344 c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   256000 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
+ 2009-11-08 09:00 . 2009-08-27 13:21   164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22918_none_48125f7add0aca92\ieui.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18828_none_477df2c3c3f546b9\ieui.dll
+ 2009-11-08 08:59 . 2009-03-08 11:22   164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   208384 c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
+ 2009-11-08 08:59 . 2009-03-08 11:33   759296 c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22918_none_ff020cabe8e8477c\iesysprep.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18828_none_fe6d9ff4cfd2c3a3\iesysprep.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
+ 2009-11-08 09:00 . 2009-08-27 11:44   173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22918_none_a940a7ff8d650ab7\ie4uinit.exe
+ 2009-11-08 09:00 . 2009-08-27 03:42   173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18828_none_a8ac3b48744f86de\ie4uinit.exe
+ 2009-11-08 08:59 . 2009-03-08 11:32   173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
+ 2009-11-08 09:00 . 2009-08-27 13:29   129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22918_none_2b139d34bb6ff18c\sqmapi.dll
+ 2009-11-08 09:00 . 2009-08-27 05:22   129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18828_none_2a7f307da25a6db3\sqmapi.dll
+ 2009-11-08 08:59 . 2009-03-08 21:09   140128 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   193536 c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   109568 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
+ 2009-11-08 08:59 . 2009-01-08 01:20   355832 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
+ 2009-11-08 08:59 . 2009-01-08 01:20   265720 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   236544 c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
+ 2009-11-08 09:00 . 2009-08-27 13:26   206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22918_none_1a965b07430ed6fa\occache.dll
+ 2009-11-08 09:00 . 2009-08-27 05:20   206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18828_none_1a01ee5029f95321\occache.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   109568 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
+ 2009-11-08 08:59 . 2009-03-08 11:35   233984 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
+ 2009-11-08 08:59 . 2009-03-08 11:35   118272 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
+ 2009-11-08 08:59 . 2009-03-08 11:35   521216 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
+ 2009-11-08 09:00 . 2009-08-27 13:31   638216 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
+ 2009-11-08 09:00 . 2009-08-27 11:44   133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\ieUnatt.exe
+ 2009-11-08 09:00 . 2009-08-27 05:23   638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
+ 2009-11-08 09:00 . 2009-08-27 03:42   133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\ieUnatt.exe
+ 2009-11-08 08:59 . 2009-03-08 21:09   638816 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
+ 2009-11-08 08:59 . 2009-03-08 11:33   132608 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
+ 2009-11-08 08:59 . 2009-03-08 11:35   144384 c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
+ 2009-11-08 08:59 . 2009-03-08 11:32   169472 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
+ 2009-11-08 09:00 . 2009-08-27 13:21   197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22918_none_2afd22d0c924c41c\IEShims.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18828_none_2a68b619b00f4043\IEShims.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   196096 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22918_none_739ed73a797c5dae\ieproxy.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18828_none_730a6a836066d9d5\ieproxy.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   246784 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   115712 c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
+ 2009-11-08 09:00 . 2009-08-06 13:45   100352 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22909_none_846b4b875fcce288\iecompat.dll
+ 2009-11-08 09:00 . 2009-08-06 03:44   100352 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18819_none_83d6ded046b75eaf\iecompat.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   125952 c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
+ 2009-11-08 08:59 . 2009-03-08 11:33   103936 c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
+ 2009-11-08 08:59 . 2009-03-08 11:33   107520 c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
+ 2009-11-08 09:00 . 2009-08-27 13:22   594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22918_none_43567d27696225e7\msfeeds.dll
+ 2009-11-08 09:00 . 2009-08-27 05:18   594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18828_none_42c21070504ca20e\msfeeds.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   216064 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   348160 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
+ 2009-11-08 08:59 . 2009-03-08 11:35   742912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22918_none_2033778a20f99b91\iepeers.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18828_none_1f9f0ad307e417b8\iepeers.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   183808 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
+ 2009-11-08 08:59 . 2009-03-08 11:11   445952 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   163840 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   229376 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   125952 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22918_none_57c05f548668f3f6\iedkcs32.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18828_none_572bf29d6d53701d\iedkcs32.dll
+ 2009-11-08 08:59 . 2009-03-08 21:09   391536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
+ 2009-11-08 09:00 . 2009-08-27 13:29   916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22918_none_e558e658d0bed32f\wininet.dll
+ 2009-11-08 09:00 . 2009-08-27 05:22   916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56\wininet.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   914944 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   107008 c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
+ 2009-11-08 08:59 . 2009-03-08 11:32   128512 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll

(To be continued...)


	IP logged

Myrmach
Topic Starter

Greenhorn

Posts: 7

Re: Rootkit-Pakes.U infection

« Reply #10 on: November 27, 2009, 02:01:41 PM »

(Continuation of Combofix Log...)

+ 2009-11-08 09:00 . 2009-08-27 05:22   916480 c:\windows\System32\wininet.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   208384 c:\windows\System32\WinFXDocObj.exe
- 2008-01-21 02:23 . 2008-01-21 02:23   208384 c:\windows\System32\WinFXDocObj.exe
+ 2009-11-08 08:59 . 2009-03-08 11:34   236544 c:\windows\System32\webcheck.dll
+ 2006-11-02 13:05 . 2009-11-27 20:43   109788 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-08 08:59 . 2009-03-08 11:33   420352 c:\windows\System32\vbscript.dll
- 2008-01-21 02:24 . 2008-01-21 02:24   105984 c:\windows\System32\url.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   105984 c:\windows\System32\url.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   107008 c:\windows\System32\SetIEInstalledDate.exe
+ 2009-11-08 08:59 . 2009-03-08 11:33   103936 c:\windows\System32\SetDepNx.exe
+ 2009-11-08 08:59 . 2009-03-08 11:33   107520 c:\windows\System32\RegisterIEPKEYs.exe
- 2008-10-06 20:13 . 2008-10-06 20:13   288024 c:\windows\System32\PhysXCplUI.exe
+ 2008-11-25 19:55 . 2008-11-25 19:55   288024 c:\windows\System32\PhysXCplUI.exe
+ 2008-11-24 19:38 . 2008-11-24 19:38   288024 c:\windows\System32\PhysXCompatCplUI.exe
- 2008-10-06 20:13 . 2008-10-06 20:13   288024 c:\windows\System32\PhysXCompatCplUI.exe
- 2006-11-02 10:33 . 2009-11-08 08:15   638346 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-27 20:49   638346 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-08 08:15   121342 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-11-27 20:49   121342 c:\windows\System32\perfc009.dat
+ 2009-11-08 08:59 . 2009-03-08 11:33   109568 c:\windows\System32\PDMSetup.exe
+ 2009-11-08 09:00 . 2009-08-27 05:20   206848 c:\windows\System32\occache.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   611840 c:\windows\System32\mstime.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   193536 c:\windows\System32\msrating.dll
- 2008-01-21 02:24 . 2008-01-21 02:24   156160 c:\windows\System32\msls31.dll
+ 2009-11-08 08:59 . 2009-03-08 11:22   156160 c:\windows\System32\msls31.dll
+ 2009-11-08 09:00 . 2009-08-27 05:18   594432 c:\windows\System32\msfeeds.dll
+ 2009-11-09 06:21 . 2009-06-06 05:01   726528 c:\windows\System32\jscript.dll
+ 2009-11-25 04:39 . 2009-11-25 04:38   149280 c:\windows\System32\javaws.exe
+ 2009-11-25 04:39 . 2009-11-25 04:38   145184 c:\windows\System32\javaw.exe
+ 2009-11-25 04:39 . 2009-11-25 04:38   145184 c:\windows\System32\java.exe
+ 2009-11-08 08:59 . 2009-03-08 11:32   169472 c:\windows\System32\iexpress.exe
+ 2009-11-08 09:00 . 2009-08-27 03:42   133632 c:\windows\System32\ieUnatt.exe
+ 2009-11-08 09:00 . 2009-08-27 05:17   164352 c:\windows\System32\ieui.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   109056 c:\windows\System32\iesysprep.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   184320 c:\windows\System32\iepeers.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   387584 c:\windows\System32\iedkcs32.dll
+ 2009-11-08 08:59 . 2009-03-08 11:11   445952 c:\windows\System32\ieapfltr.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   163840 c:\windows\System32\ieakui.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   229376 c:\windows\System32\ieaksie.dll
+ 2009-11-08 08:59 . 2009-03-08 11:33   125952 c:\windows\System32\ieakeng.dll
+ 2009-11-08 09:00 . 2009-08-27 03:42   173056 c:\windows\System32\ie4uinit.exe
+ 2006-11-02 12:47 . 2009-11-11 19:38   370960 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-07-15 21:36   370960 c:\windows\System32\FNTCACHE.DAT
+ 2009-11-08 08:59 . 2009-03-08 11:31   216064 c:\windows\System32\dxtrans.dll
+ 2009-11-08 08:59 . 2009-03-08 11:31   348160 c:\windows\System32\dxtmsft.dll
+ 2009-11-08 09:27 . 2009-11-26 04:40   245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-08 08:59 . 2009-03-08 11:32   128512 c:\windows\System32\advpack.dll
+ 2009-11-25 04:38 . 2009-11-25 04:38   537600 c:\windows\Installer\ef4fc.msi
+ 2009-11-25 08:33 . 2009-11-25 08:33   429568 c:\windows\Installer\e558b3.msi
+ 2009-11-20 07:44 . 2009-11-20 07:44   847872 c:\windows\Installer\9308ef.msi
+ 2009-11-20 07:44 . 2009-11-20 07:44   752128 c:\windows\Installer\9308e1.msi
- 2009-02-10 08:41 . 2009-10-14 19:21   888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-11-11 06:56 . 2009-11-11 06:56   223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-11-11 06:57 . 2009-11-11 06:57   178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-11-11 06:57 . 2009-11-11 06:57   364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-11-11 06:57 . 2009-11-11 06:57   159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-11-11 06:57 . 2009-11-11 06:57   145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-11-11 06:57 . 2009-11-11 06:57   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-11-25 08:33 . 2009-11-25 08:33   1348432 c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5\msxml4.dll
+ 2009-11-11 01:29 . 2009-08-14 13:29   2045440 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22200_none_bb639005b0cab34a\win32k.sys
+ 2009-11-11 01:29 . 2009-08-14 13:27   2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18091_none_ba79a25297f52b29\win32k.sys
+ 2009-11-11 01:29 . 2009-08-14 13:46   2036224 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22497_none_b922cef1b3e70dd9\win32k.sys
+ 2009-11-11 01:29 . 2009-08-14 13:53   2035712 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys
+ 2009-11-11 01:29 . 2009-08-15 21:08   2032128 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys
+ 2009-11-11 01:29 . 2009-08-14 14:01   2031104 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
+ 2009-11-11 01:29 . 2009-10-16 08:39   2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22247_none_f4d3f2c581d85dd6\OESpamFilter.dat
+ 2009-11-11 01:29 . 2009-10-16 08:36   2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18124_none_f45cf4f468ad3a25\OESpamFilter.dat
+ 2009-11-11 01:29 . 2009-10-16 08:38   2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22544_none_f2ea7fff84b4bcad\OESpamFilter.dat
+ 2009-11-11 01:29 . 2009-10-16 08:39   2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18344_none_f260e14e6b971fbc\OESpamFilter.dat
+ 2009-11-11 01:29 . 2009-10-16 08:40   2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21142_none_f102170187902f29\OESpamFilter.dat
+ 2009-11-11 01:29 . 2009-10-16 08:41   2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16939_none_f08a74066e63f18d\OESpamFilter.dat
+ 2009-11-24 21:35 . 2009-08-11 16:58   1401856 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05\msxml6.dll
+ 2009-11-24 21:35 . 2009-08-11 16:44   1401856 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1\msxml6.dll
+ 2009-11-24 21:35 . 2009-08-11 15:26   1401344 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485\msxml6.dll
+ 2009-11-24 21:35 . 2009-08-10 11:01   1399296 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\msxml6.dll
+ 2009-11-24 21:35 . 2009-08-10 12:51   1409536 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4\msxml6.dll
+ 2009-11-24 21:35 . 2009-08-10 13:05   1406464 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8\msxml6.dll
+ 2009-11-24 21:35 . 2009-08-11 16:58   1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222\msxml3.dll
+ 2009-11-24 21:35 . 2009-08-11 16:44   1248768 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe\msxml3.dll
+ 2009-11-24 21:35 . 2009-08-11 15:25   1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2\msxml3.dll
+ 2009-11-24 21:35 . 2009-08-10 11:00   1257472 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\msxml3.dll
+ 2009-11-24 21:35 . 2009-08-10 12:51   1260032 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1\msxml3.dll
+ 2009-11-24 21:35 . 2009-08-10 13:05   1260032 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\msxml3.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   1986048 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22918_none_2b139d34bb6ff18c\iertutil.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18828_none_2a7f307da25a6db3\iertutil.dll
+ 2009-11-08 08:59 . 2009-03-08 11:32   1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
+ 2009-11-09 06:22 . 2009-10-21 19:26   5943296 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22942_none_f68c93f75132f82e\mshtml.dll
+ 2009-11-08 09:00 . 2009-08-27 13:22   5942272 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22918_none_f6b3057751153c65\mshtml.dll
+ 2009-11-09 06:22 . 2009-10-21 10:40   5939712 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18852_none_f5f82740381d7455\mshtml.dll
+ 2009-11-08 09:00 . 2009-08-27 05:18   5940224 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18828_none_f61e98c037ffb88c\mshtml.dll
+ 2009-11-08 08:59 . 2009-03-08 11:41   5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
+ 2009-11-08 08:59 . 2009-02-07 04:07   3698584 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
+ 2009-11-08 09:00 . 2009-08-27 13:29   1209344 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22918_none_98530ab705b5ac9c\urlmon.dll
+ 2009-11-08 09:00 . 2009-08-27 05:22   1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18828_none_97be9dffeca028c3\urlmon.dll
+ 2009-11-08 08:59 . 2009-03-08 11:34   1206784 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
+ 2009-11-08 09:00 . 2009-08-27 05:22   1208832 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2009-11-04 20:49   6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-11-25 13:25   6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-20 11:05 . 2009-07-20 11:05   1348432 c:\windows\System32\msxml4.dll
+ 2009-11-09 06:22 . 2009-10-21 10:40   5939712 c:\windows\System32\mshtml.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   1985536 c:\windows\System32\iertutil.dll
+ 2009-11-08 08:59 . 2009-02-07 04:07   3698584 c:\windows\System32\ieapfltr.dat
+ 2009-11-11 07:14 . 2009-11-11 07:14   1500160 c:\windows\Installer\66eb96.msi
+ 2009-10-15 18:03 . 2009-10-15 18:03   5003776 c:\windows\Installer\46bc6.msp
+ 2009-08-17 23:58 . 2009-08-17 23:58   8301056 c:\windows\Installer\46b99.msp
+ 2009-08-17 23:57 . 2009-08-17 23:57   9122304 c:\windows\Installer\46b83.msp
+ 2009-11-24 11:06 . 2009-11-24 11:06   1583616 c:\windows\Installer\1e9b19.msi
- 2009-02-10 08:41 . 2009-10-14 19:21   1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-10 08:41 . 2009-11-11 19:22   1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-02-10 08:41 . 2009-10-14 19:21   1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-12 09:21 . 2009-07-12 09:21   2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-12 09:21 . 2009-07-12 09:21   2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-11 06:56 . 2009-11-11 06:56   2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-11-08 09:00 . 2009-08-27 13:21   11069952 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22918_none_48125f7add0aca92\ieframe.dll
+ 2009-11-08 09:00 . 2009-08-27 05:17   11069440 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18828_none_477df2c3c3f546b9\ieframe.dll
+ 2009-11-08 08:59 . 2009-03-08 11:39   11063808 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
+ 2006-11-02 10:24 . 2009-11-05 17:36   26768832 c:\windows\System32\mrt.exe
+ 2009-11-08 09:00 . 2009-08-27 05:17   11069440 c:\windows\System32\ieframe.dll
+ 2009-08-18 00:19 . 2009-08-18 00:19   10098688 c:\windows\Installer\46bb0.msp
+ 2009-05-17 02:24 . 2009-11-25 08:33   200597337 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-15 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-15 23:13   1115392   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-15 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-07 289072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 01:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [8/11/2009 9:49 p.m. 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [8/11/2009 9:49 p.m. 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [8/11/2009 9:49 p.m. 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 a.m. 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 a.m. 74480]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/11/2009 9:48 p.m. 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30/10/2009 6:23 p.m. 1153368]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [15/12/2008 12:04 p.m. 47616]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [5/01/2009 6:26 p.m. 717296]
S2 gupdate1ca4734fee236f0;Google Update Service (gupdate1ca4734fee236f0);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2009 11:00 p.m. 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/11/2009 8:07 p.m. 25832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 a.m. 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2009-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 10:00]

2009-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 10:00]

2009-11-26 c:\windows\Tasks\User_Feed_Synchronization-{653B16E0-257E-4954-9CE2-C2D2468CFFA9}.job
- c:\windows\system32\msfeedssync.exe [2009-11-08 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Reden\AppData\Roaming\Mozilla\Firefox\Profiles\rpx6lv48.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-Sins of a Solar Empire - c:\programdata\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Steam App 15620 - c:\program files\Steam\steam.exe steam://uninstall/15620

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 09:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

@?@?

?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-904409299-471717701-596354257-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:70,75,1b,4a,1d,d0,30,f4,0d,0e,93,a0,43,a5,6a,b0,0f,34,fe,17,53,e8,1b,
6f,8a,db,c6,87,83,17,1e,7b,ed,b7,1b,d4,ca,e9,4f,9f,0e,dc,0f,5a,db,6b,aa,77,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

[HKEY_USERS\S-1-5-21-904409299-471717701-596354257-1001\Software\SecuROM\License information*]
"datasecu"=hex:f3,b2,fd,f8,69,a1,01,19,d1,ca,73,ce,ef,4b,14,cd,00,d0,56,19,f1,
a3,03,bc,fa,70,09,38,35,91,49,b9,36,34,42,4a,02,b1,16,35,fa,17,57,d1,f1,91,\
"rkeysecu"=hex:3f,c4,f9,3c,41,7a,e7,85,6a,2e,79,ff,aa,a2,bf,8d
.
Completion time: 2009-11-28 09:53
ComboFix-quarantined-files.txt 2009-11-27 20:53
ComboFix2.txt 2009-11-08 08:35

Pre-Run: 398,845,313,024 bytes free
Post-Run: 398,807,769,088 bytes free

- - End Of File - - F0C2C5F67548AA82607DBD13799FB976


	IP logged

evilfantasy
Malware Removal Specialist
Moderator

Genius

Thanked: 458
Posts: 11,711

Experience: Beginner
OS: Windows 7

Calm like a bomb

Re: Rootkit-Pakes.U infection

« Reply #11 on: November 27, 2009, 05:01:11 PM »

Looks good. If there are no other malware issues we can finish up now.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.

Click START then RUN
Now type Combofix /Uninstall in the runbox
Make sure there's a space between Combofix and /Uninstall
Then hit Enter.

.
.
The above procedure will:

Delete: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.


	IP logged

ƃolq

Pages: [1] - (Top)

Home / Software / Computer viruses and spyware / Rootkit-Pakes.U infection	« previous next »