Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > scroll down to and tick the 'Run command' box > OK > Apply > OK.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus after posting the ComboFix.txt log.

------------------------------------------------------

 

Here is my ComboFox Report.




ComboFix 09-10-24.01 - Trenton 10/24/2009 21:40.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2351 [GMT -5:00]
Running from: c:\users\Trenton\Desktop\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2236547783-2794111919-3939305134-500
c:\$recycle.bin\S-1-5-21-749063198-1285173502-2966318055-500
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\users\Trenton\AppData\Roaming\Malwarebytes
2009-10-24 04:42 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\programdata\Malwarebytes
2009-10-24 04:42 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 20:49 . 2009-10-22 21:12 -------- d-----w- c:\users\Trenton\AppData\Local\Temporary Projects
2009-10-21 03:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 03:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 03:26 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 03:26 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 03:25 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 03:25 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 03:25 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 03:25 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 03:25 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 03:35 . 2009-10-03 03:37 145422 ----a-w- c:\windows\hpqins00.dat
2009-10-03 03:32 . 2009-10-10 03:54 -------- d-----w- c:\users\Trenton\AppData\Roaming\HpUpdate
2009-10-03 03:32 . 2009-10-03 03:32 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-03 02:28 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 19:19 . 2009-10-25 01:38 139640 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-01 19:18 . 2009-10-25 02:13 190216 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-01 19:18 . 2009-10-01 19:18 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-01 19:18 . 2009-10-01 19:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\users\Trenton\AppData\Local\PunkBuster
2009-09-29 00:27 . 2009-09-30 03:46 -------- d-----w- c:\program files\EA GAMES
2009-09-29 00:03 . 2009-09-29 00:03 -------- d-sh--w- c:\windows\ftpcache
2009-09-28 19:21 . 2009-09-28 19:25 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-28 19:20 . 2009-09-28 19:25 -------- d-----w- c:\users\Trenton\AppData\Roaming\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 04:58 . 2008-06-05 17:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-24 04:18 . 2009-09-05 02:46 -------- d-----w- c:\users\Trenton\AppData\Roaming\vlc
2009-10-22 14:06 . 2009-09-04 03:37 -------- d-----w- c:\users\Trenton\AppData\Roaming\BitTorrent
2009-10-21 14:54 . 2009-10-03 22:30 54 ----a-w- c:\users\Trenton\AppData\Roaming\MTC-savedfolder.dat
2009-10-15 13:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-03 03:32 . 2009-09-03 14:49 -------- d-----w- c:\program files\HP
2009-10-01 21:31 . 2008-06-05 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-01 21:08 . 2008-06-05 18:47 -------- d-----w- c:\program files\Sony
2009-10-01 19:19 . 2009-10-01 19:19 139152 ----a-w- c:\users\Trenton\AppData\Roaming\PnkBstrK.sys
2009-09-23 04:07 . 2009-09-22 04:12 -------- d-----w- c:\users\Trenton\AppData\Roaming\dvdcss
2009-09-17 03:08 . 2009-09-17 03:08 -------- d-----w- c:\program files\DivX
2009-09-17 03:08 . 2009-09-17 03:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-17 01:11 . 2009-09-02 18:43 93704 ----a-w- c:\users\Trenton\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-16 18:39 . 2009-09-02 20:08 -------- d-----w- c:\programdata\Microsoft Help
2009-09-16 18:37 . 2009-09-02 20:03 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 17:38 . 2009-09-16 17:00 -------- d-----w- c:\users\Trenton\AppData\Roaming\GetRightToGo
2009-09-16 14:17 . 2009-09-16 14:17 -------- d-----w- c:\program files\CCleaner
2009-09-14 09:29 . 2009-10-15 01:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 01:49 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 02:45 . 2009-09-05 02:45 -------- d-----w- c:\program files\VideoLAN
2009-09-04 11:41 . 2009-10-15 01:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 03:36 . 2009-09-04 03:36 -------- d-----w- c:\program files\BitTorrent
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 18:44 . 2009-09-03 18:41 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-03 18:41 . 2009-09-03 18:41 -------- d-----w- c:\program files\Microsoft SDKs
2009-09-03 15:01 . 2009-09-03 15:01 -------- d-----w- c:\programdata\WEBREG
2009-09-03 15:01 . 2009-09-03 14:47 144000 ----a-w- c:\windows\hpoins16.dat
2009-09-03 15:00 . 2009-09-03 14:47 -------- d-----w- c:\programdata\HP
2009-09-03 14:58 . 2009-09-03 14:58 -------- d-----w- c:\program files\Common Files\HP
2009-09-03 14:57 . 2009-09-03 14:57 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-03 03:37 . 2008-06-05 18:48 -------- d-----w- c:\programdata\Sony Corporation
2009-09-03 03:22 . 2009-09-03 03:22 -------- d-----w- c:\users\Trenton\AppData\Roaming\Sony Corporation
2009-09-03 03:17 . 2009-09-02 20:29 -------- d-----w- c:\program files\ArcSoft
2009-09-03 02:34 . 2008-06-05 18:56 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-03 02:19 . 2009-09-02 20:06 -------- d-----w- c:\programdata\Intuit
2009-09-03 02:19 . 2009-09-02 20:06 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-03 02:15 . 2008-06-05 18:42 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-09-03 01:40 . 2008-06-05 20:04 -------- d-----w- c:\programdata\Napster
2009-09-02 20:37 . 2009-09-02 20:37 -------- d-----w- c:\programdata\ATI
2009-09-02 20:30 . 2009-09-02 20:30 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-09-02 20:29 . 2008-06-05 18:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-02 20:26 . 2009-09-02 20:26 -------- d-----w- c:\program files\ATI Technologies
2009-09-02 20:26 . 2009-09-02 20:26 -------- d-----w- c:\program files\ATI
2009-09-02 20:19 . 2009-09-02 20:19 -------- d-----w- c:\programdata\Uninstall
2009-09-02 20:19 . 2009-09-02 20:19 -------- d-----w- c:\programdata\Sonic
2009-09-02 20:17 . 2009-09-02 20:17 0 ------w- c:\windows\system32\drivers\Sony_VGN-FW139E.mrk
2009-09-02 20:17 . 2009-09-02 20:17 -------- d-----w- c:\program files\OCA Marker
2009-09-02 20:17 . 2009-09-02 20:17 -------- d-----w- c:\programdata\Corel
2009-09-02 20:09 . 2009-09-02 20:09 -------- d-----w- c:\program files\Microsoft.NET
2009-09-02 20:06 . 2009-09-02 20:06 -------- d-----w- c:\program files\Intuit
2009-09-02 20:06 . 2009-09-02 20:06 -------- d-----w- c:\programdata\COMMON FILES
2009-09-02 20:00 . 2009-09-02 20:00 -------- d-----w- c:\programdata\SmartWi Connection Utility
2009-09-02 19:31 . 2009-09-02 19:31 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-09-02 19:31 . 2009-09-02 19:31 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-09-02 19:31 . 2009-09-02 19:31 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 19:31 . 2009-09-02 19:31 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-02 19:31 . 2009-09-02 19:31 -------- d-----w- c:\program files\AVG
2009-09-02 19:31 . 2009-09-02 19:31 -------- d-----w- c:\programdata\avg8
2009-09-02 18:44 . 2009-09-02 18:44 -------- d-----w- c:\users\Trenton\AppData\Roaming\ATI
2009-08-29 00:27 . 2009-09-02 20:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 01:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 01:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 01:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 01:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 13:46 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 13:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 13:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 13:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 13:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 13:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 13:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 13:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 13:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 13:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 13:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 12:34 . 2009-10-15 01:49 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:34 . 2009-10-15 01:49 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-20 2025752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-29 6111232]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-04-29 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ------w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):02,c5,8a,ee,de,2c,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/2/2009 2:31 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/2/2009 2:31 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/2/2009 2:31 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/2/2009 2:31 PM 297752]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [6/5/2008 1:12 PM 98304]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [6/5/2008 3:00 PM 411488]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6/5/2008 1:19 PM 28464]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [6/5/2008 12:34 PM 9344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Trenton\AppData\Roaming\Mozilla\Firefox\Profiles\cc552z31.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 21:48
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-25 21:51
ComboFix-quarantined-files.txt 2009-10-25 02:51

Pre-Run: 154,322,946,048 bytes free
Post-Run: 153,694,860,288 bytes free

- - End Of File - - 990C207322634D72AC431AF909CEF71E

 

Hello, pcshootshed.

Please go to: VirusTotal

• On the page you'll find a Browse button.
  
• Next to the Browse button you'll see a box to enter text.
• Please copy/paste the following bolded text into the box:
  
  C:\Windows\system32\drivers\iaStor.sys
  
  
• Then click the Send File button just below.
• This will scan the file. Please be patient.
• If you get a message saying File has already been analysed: click Reanalyse file now
• Once scanned, copy and paste the results in your next reply.

------------------------------------------------------

 

Result: 0/41 (0%)

Antivirus Version Last Update Result
AVG 8.5.0.423 2009.10.24 -
ClamAV 0.94.1 2009.10.25 -
DrWeb 5.0.0.12182 2009.10.25 -
GData 19 2009.10.25 -
K7AntiVirus 7.10.879 2009.10.24 -
McAfee+Artemis 5781 2009.10.24 -
McAfee-GW-Edition 6.8.5 2009.10.25 -
Microsoft 1.5202 2009.10.24 -
NOD32 4539 2009.10.24 -
Norman 6.03.02 2009.10.23 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.25 -
Additional information
File size: 312344 bytes
MD5...: db0cc620b27a928d968c1a1e9cd9cb87
SHA1..: 9a4c17caca2ef6d0ef0f287a2a870969070d1703
SHA256: 62f2faf027c217a3a035759af47d848aeffa7a94c54b4c424b67459d464b8aa8
ssdeep: 6144:6lXXLv6WZgs6Xfn/EJQ5OtIZ1JGakVeDfhkdNdNq:cXxgs6XU1IbJGakVWq
dr
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc9005
timedatestamp.....: 0x48054343 (Wed Apr 16 00:07:31 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44eae 0x45000 6.48 f9b76168d783588393d65e7fe848757c
.rdata 0x46000 0xc0c 0xe00 5.17 979154d9b2a5698341f6f9e872a2025a
.data 0x47000 0x812b0 0x1000 4.81 c543a9c7f1c122bfdebc88c0627ef40b
INIT 0xc9000 0xe10 0x1000 5.30 770825432213e31eb4d9caee0727cd95
.rsrc 0xca000 0x458 0x600 2.59 138894981386d42bf1485ad2e565d400
.reloc 0xcb000 0x20e2 0x2200 5.43 e4f190b539f29e93bc8a2b920436e041

( 2 imports )
> ntoskrnl.exe: ZwOpenKey, DbgPrint, _allmul, IofCompleteRequest, KeSetEvent, PoSetPowerState, _aullshr, MmIsAddressValid, KeWaitForSingleObject, IoFreeWorkItem, IoUnregisterPlugPlayNotification, ObfDereferenceObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memcpy, IoGetDeviceObjectPointer, IoQueueWorkItem, IoAllocateWorkItem, IoRegisterPlugPlayNotification, KeClearEvent, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, ObReferenceObjectByHandle, KeQueryTimeIncrement, KeTickCount, _aulldiv, KeDelayExecutionThread, MmGetPhysicalAddress, KeCancelTimer, KeSetTimerEx, KeInitializeTimerEx, memmove, strncpy, strncmp, _purecall, sprintf, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlCompareMemory, IoInvalidateDeviceRelations, KeSetTimer, ExSystemTimeToLocalTime, KeQuerySystemTime, MmUnmapIoSpace, MmMapIoSpace, RtlWriteRegistryValue, ZwCreateKey, swprintf, KeLeaveCriticalRegion, KeEnterCriticalRegion, MmMapLockedPagesSpecifyCache, ExDeleteNPagedLookasideList, KeBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, ExInitializeNPagedLookasideList, _aullrem, ZwQueryValueKey, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, IoReleaseRemoveLockEx, IoAcquireRemoveLockEx, IoFreeIrp, IoAllocateIrp, IoGetAttachedDeviceReference, _alldiv, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCsqInitialize, IoInitializeRemoveLockEx, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, IoDeleteDevice, IoDetachDevice, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, KeInitializeDpc, KeInitializeTimer, ExRegisterCallback, ExCreateCallback, IoConnectInterrupt, IoReportResourceForDetection, ExUnregisterCallback, IoDisconnectInterrupt, IoReleaseRemoveLockAndWaitEx, IoGetConfigurationInformation, KeRemoveQueueDpc, IoCsqInsertIrp, IoCsqRemoveNextIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, strncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfReferenceObject, PoRegisterDeviceForIdleDetection, IoInvalidateDeviceState, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetDmaAdapter, RtlFreeUnicodeString, RtlGetVersion, strstr, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoRequestDeviceEject, RtlCreateRegistryKey, RtlCopyUnicodeString, KeBugCheckEx, RtlUnwind, ZwClose, memset, RtlInitUnicodeString, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, _aulldvrm, ExFreePoolWithTag
> HAL.dll: KeAcquireInStackQueuedSpinLock, KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql, KeStallExecutionProcessor, KeReleaseInStackQueuedSpinLock

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

 

Hello again, pcshootshed. That last log has a lot of missing entries.

There aren't 41 scanners shown. Is that what you see?

------------------------------------------------------

 

I re-did the Virus Total tool....Here is my new Result/Log.
FYI-I am starting to get a lot more redirects to iffy sites and also yahoo now.


ile iaStor.sys received on 2009.10.26 01:36:04 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.25 -
AhnLab-V3 5.0.0.2 2009.10.23 -
AntiVir 7.9.1.44 2009.10.25 -
Antiy-AVL 2.0.3.7 2009.10.23 -
Authentium 5.1.2.4 2009.10.25 -
Avast 4.8.1351.0 2009.10.25 -
AVG 8.5.0.423 2009.10.25 -
BitDefender 7.2 2009.10.26 -
CAT-QuickHeal 10.00 2009.10.24 -
ClamAV 0.94.1 2009.10.25 -
Comodo 2732 2009.10.26 -
DrWeb 5.0.0.12182 2009.10.26 -
eSafe 7.0.17.0 2009.10.25 -
eTrust-Vet 35.1.7082 2009.10.23 -
F-Prot 4.5.1.85 2009.10.25 -
F-Secure 9.0.15370.0 2009.10.22 -
Fortinet 3.120.0.0 2009.10.25 -
GData 19 2009.10.26 -
Ikarus T3.1.1.72.0 2009.10.25 -
Jiangmin 11.0.800 2009.10.24 -
K7AntiVirus 7.10.879 2009.10.24 -
Kaspersky 7.0.0.125 2009.10.26 -
McAfee 5782 2009.10.25 -
McAfee+Artemis 5782 2009.10.25 -
McAfee-GW-Edition 6.8.5 2009.10.26 -
Microsoft 1.5202 2009.10.25 -
NOD32 4541 2009.10.25 -
Norman 6.03.02 2009.10.23 -
nProtect 2009.1.8.0 2009.10.25 -
Panda 10.0.2.2 2009.10.25 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 -
Rising 21.52.62.00 2009.10.25 -
Sophos 4.46.0 2009.10.25 -
Sunbelt 3.2.1858.2 2009.10.25 -
Symantec 1.4.4.12 2009.10.26 -
TheHacker 6.5.0.2.053 2009.10.24 -
TrendMicro 8.950.0.1094 2009.10.25 -
VBA32 3.12.10.11 2009.10.23 -
ViRobot 2009.10.23.2003 2009.10.23 -
VirusBuster 4.6.5.0 2009.10.25 -
Additional information
File size: 312344 bytes
MD5...: db0cc620b27a928d968c1a1e9cd9cb87
SHA1..: 9a4c17caca2ef6d0ef0f287a2a870969070d1703
SHA256: 62f2faf027c217a3a035759af47d848aeffa7a94c54b4c424b67459d464b8aa8
ssdeep: 6144:6lXXLv6WZgs6Xfn/EJQ5OtIZ1JGakVeDfhkdNdNq:cXxgs6XU1IbJGakVWq
dr
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc9005
timedatestamp.....: 0x48054343 (Wed Apr 16 00:07:31 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44eae 0x45000 6.48 f9b76168d783588393d65e7fe848757c
.rdata 0x46000 0xc0c 0xe00 5.17 979154d9b2a5698341f6f9e872a2025a
.data 0x47000 0x812b0 0x1000 4.81 c543a9c7f1c122bfdebc88c0627ef40b
INIT 0xc9000 0xe10 0x1000 5.30 770825432213e31eb4d9caee0727cd95
.rsrc 0xca000 0x458 0x600 2.59 138894981386d42bf1485ad2e565d400
.reloc 0xcb000 0x20e2 0x2200 5.43 e4f190b539f29e93bc8a2b920436e041

( 2 imports )
> ntoskrnl.exe: ZwOpenKey, DbgPrint, _allmul, IofCompleteRequest, KeSetEvent, PoSetPowerState, _aullshr, MmIsAddressValid, KeWaitForSingleObject, IoFreeWorkItem, IoUnregisterPlugPlayNotification, ObfDereferenceObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memcpy, IoGetDeviceObjectPointer, IoQueueWorkItem, IoAllocateWorkItem, IoRegisterPlugPlayNotification, KeClearEvent, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, ObReferenceObjectByHandle, KeQueryTimeIncrement, KeTickCount, _aulldiv, KeDelayExecutionThread, MmGetPhysicalAddress, KeCancelTimer, KeSetTimerEx, KeInitializeTimerEx, memmove, strncpy, strncmp, _purecall, sprintf, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlCompareMemory, IoInvalidateDeviceRelations, KeSetTimer, ExSystemTimeToLocalTime, KeQuerySystemTime, MmUnmapIoSpace, MmMapIoSpace, RtlWriteRegistryValue, ZwCreateKey, swprintf, KeLeaveCriticalRegion, KeEnterCriticalRegion, MmMapLockedPagesSpecifyCache, ExDeleteNPagedLookasideList, KeBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, ExInitializeNPagedLookasideList, _aullrem, ZwQueryValueKey, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, IoReleaseRemoveLockEx, IoAcquireRemoveLockEx, IoFreeIrp, IoAllocateIrp, IoGetAttachedDeviceReference, _alldiv, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCsqInitialize, IoInitializeRemoveLockEx, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, IoDeleteDevice, IoDetachDevice, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, KeInitializeDpc, KeInitializeTimer, ExRegisterCallback, ExCreateCallback, IoConnectInterrupt, IoReportResourceForDetection, ExUnregisterCallback, IoDisconnectInterrupt, IoReleaseRemoveLockAndWaitEx, IoGetConfigurationInformation, KeRemoveQueueDpc, IoCsqInsertIrp, IoCsqRemoveNextIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, strncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfReferenceObject, PoRegisterDeviceForIdleDetection, IoInvalidateDeviceState, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetDmaAdapter, RtlFreeUnicodeString, RtlGetVersion, strstr, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoRequestDeviceEject, RtlCreateRegistryKey, RtlCopyUnicodeString, KeBugCheckEx, RtlUnwind, ZwClose, memset, RtlInitUnicodeString, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, _aulldvrm, ExFreePoolWithTag
> HAL.dll: KeAcquireInStackQueuedSpinLock, KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql, KeStallExecutionProcessor, KeReleaseInStackQueuedSpinLock

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 1994-2008
product......: Intel Matrix Storage Manager driver
description..: Intel Matrix Storage Manager driver - ia32
original name: iaStor.sys
internal name: iaStor.sys
file version.: 8.0.0.1039
comments.....: -ia32
signers......: Intel Corporation
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 1:53 AM 4/16/2008
verified.....: -

 

Hello again, pcshootshed.

Download RootRepeal.zip to your Desktop and click 'Extract all files' to extract the compressed file to it's own folder.

• Double-click on RootRepeal.exe to run it.
• Click on the 'Report' tab, and then click on 'Scan'.
• A window opens asking what to include in the scan.
• Check the following boxes then click 'OK':

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services​

• You will then be asked which drive to scan.
• Check C: (or the drive your operating system is installed on, if not C
• Click 'OK' once again.
• The tool will begin scanning and may take a while to complete, so please be patient.
• When the scan finishes, click on 'Save Report'.
• Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
• Post the log in your next reply.

------------------------------------------------------

 

I get an error half way through that says "Error-Cant Read Registry" (Tried scanning twice) Here is the report they gave me.


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/26 18:46
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x83313000 Size: 843776 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9BFE6000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

==EOF==

 

Hello again, pcshootshed. Are you still being redirected?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it. (Vista users, right click, Run As Administrator)
• Copy/paste the contents of the following codebox into the main textfield:
  

  :filefind
  iaStor.sys

• Click the Look button to start the scan.
• When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------

 

Yes, I am still getting redirects to numerous sites, one in particular that starts with www.spyware________.com....And also, I still cant turn on 'My Security Settings' in Windows.


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:32 on 26/10/2009 by Trenton (Administrator - Elevation successful)

No Context:

========== filefind ==========

Searching for "iaStor.sys"
C:\Windows\DRIVERS\INF\SATA Driver (Intel) (Non-RAID) 8.0A - 8.0.0.1039\IaStor.sys -ra--- 312344 bytes [18:23 05/06/2008] [00:20 22/04/2008] DB0CC620B27A928D968C1A1E9CD9CB87
C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys --a--- 312344 bytes [17:32 05/06/2008] [00:20 22/04/2008] DB0CC620B27A928D968C1A1E9CD9CB87
C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys --a--- 312344 bytes [17:34 05/06/2008] [00:20 22/04/2008] DB0CC620B27A928D968C1A1E9CD9CB87
C:\Windows\System32\drivers\iaStor.sys ------ 312344 bytes [17:32 05/06/2008] [00:20 22/04/2008] DB0CC620B27A928D968C1A1E9CD9CB87

-=End Of File=-

 

Hello again, pcshootshed. ComboFix has been updated. Delete ComboFix.exe from your desktop.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

------------------------------------------------------

Disable your antivirus as before and double-click ComboFix.exe to run it.

Post the ComboFix.txt log in your next reply.

------------------------------------------------------

 

Thank you for helping me out with all this. I truely hope we can get my Virus/Spyware problem figured out!! Also, Here is my new ComboFix Log:



ComboFix 09-10-26.06 - Trenton 10/27/2009 13:04.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1996 [GMT -5:00]
Running from: c:\users\Trenton\Desktop\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-27 18:12 . 2009-10-27 18:13 -------- d-----w- c:\users\Trenton\AppData\Local\temp
2009-10-27 18:12 . 2009-10-27 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-27 18:12 . 2009-10-27 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-27 18:12 . 2009-10-27 18:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-27 01:45 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-10-27 01:45 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-10-27 01:45 . 2008-07-31 15:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-10-27 01:45 . 2008-07-12 13:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-10-27 01:45 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-10-27 01:45 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-10-27 01:45 . 2007-04-04 23:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-27 01:45 . 2007-04-04 23:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-10-27 01:45 . 2007-03-15 21:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-10-27 01:45 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-10-27 01:45 . 2007-03-12 21:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-10-27 01:45 . 2007-03-05 17:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-10-27 01:42 . 2009-10-27 01:42 -------- d-----w- c:\windows\system32\AGEIA
2009-10-27 01:42 . 2009-10-27 01:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-27 01:41 . 2009-10-27 01:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-27 01:40 . 2009-10-27 01:40 -------- d-----w- c:\program files\Sony Online Entertainment
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\users\Trenton\AppData\Roaming\Malwarebytes
2009-10-24 04:42 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\programdata\Malwarebytes
2009-10-24 04:42 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 20:49 . 2009-10-22 21:12 -------- d-----w- c:\users\Trenton\AppData\Local\Temporary Projects
2009-10-21 03:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 03:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 03:26 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 03:26 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 03:25 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 03:25 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 03:25 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 03:25 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 03:25 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 03:35 . 2009-10-03 03:37 145422 ----a-w- c:\windows\hpqins00.dat
2009-10-03 03:32 . 2009-10-10 03:54 -------- d-----w- c:\users\Trenton\AppData\Roaming\HpUpdate
2009-10-03 03:32 . 2009-10-03 03:32 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-03 02:28 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 19:19 . 2009-10-27 00:04 139640 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-01 19:18 . 2009-10-27 00:03 190216 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-01 19:18 . 2009-10-01 19:18 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-01 19:18 . 2009-10-01 19:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\users\Trenton\AppData\Local\PunkBuster
2009-09-29 00:27 . 2009-09-30 03:46 -------- d-----w- c:\program files\EA GAMES
2009-09-29 00:03 . 2009-09-29 00:03 -------- d-sh--w- c:\windows\ftpcache
2009-09-28 19:21 . 2009-09-28 19:25 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-28 19:20 . 2009-09-28 19:25 -------- d-----w- c:\users\Trenton\AppData\Roaming\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 15:46 . 2008-06-05 17:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-27 15:30 . 2009-09-05 02:46 -------- d-----w- c:\users\Trenton\AppData\Roaming\vlc
2009-10-27 03:22 . 2008-06-05 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 01:39 . 2009-10-27 01:36 -------- d-----w- c:\programdata\Media Center Programs
2009-10-27 01:39 . 2009-10-27 01:36 -------- d-----w- c:\program files\Electronic Arts
2009-10-22 14:06 . 2009-09-04 03:37 -------- d-----w- c:\users\Trenton\AppData\Roaming\BitTorrent
2009-10-21 14:54 . 2009-10-03 22:30 54 ----a-w- c:\users\Trenton\AppData\Roaming\MTC-savedfolder.dat
2009-10-15 13:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-03 03:32 . 2009-09-03 14:49 -------- d-----w- c:\program files\HP
2009-10-01 21:08 . 2008-06-05 18:47 -------- d-----w- c:\program files\Sony
2009-10-01 19:19 . 2009-10-01 19:19 139152 ----a-w- c:\users\Trenton\AppData\Roaming\PnkBstrK.sys
2009-09-23 04:07 . 2009-09-22 04:12 -------- d-----w- c:\users\Trenton\AppData\Roaming\dvdcss
2009-09-17 03:08 . 2009-09-17 03:08 -------- d-----w- c:\program files\DivX
2009-09-17 03:08 . 2009-09-17 03:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-17 01:11 . 2009-09-02 18:43 93704 ----a-w- c:\users\Trenton\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-16 18:39 . 2009-09-02 20:08 -------- d-----w- c:\programdata\Microsoft Help
2009-09-16 18:37 . 2009-09-02 20:03 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 17:38 . 2009-09-16 17:00 -------- d-----w- c:\users\Trenton\AppData\Roaming\GetRightToGo
2009-09-16 14:17 . 2009-09-16 14:17 -------- d-----w- c:\program files\CCleaner
2009-09-14 09:29 . 2009-10-15 01:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 01:49 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 02:45 . 2009-09-05 02:45 -------- d-----w- c:\program files\VideoLAN
2009-09-04 11:41 . 2009-10-15 01:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 03:36 . 2009-09-04 03:36 -------- d-----w- c:\program files\BitTorrent
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 18:44 . 2009-09-03 18:41 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-03 18:41 . 2009-09-03 18:41 -------- d-----w- c:\program files\Microsoft SDKs
2009-09-03 15:01 . 2009-09-03 15:01 -------- d-----w- c:\programdata\WEBREG
2009-09-03 15:01 . 2009-09-03 14:47 144000 ----a-w- c:\windows\hpoins16.dat
2009-09-03 15:00 . 2009-09-03 14:47 -------- d-----w- c:\programdata\HP
2009-09-03 14:58 . 2009-09-03 14:58 -------- d-----w- c:\program files\Common Files\HP
2009-09-03 14:57 . 2009-09-03 14:57 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-03 03:37 . 2008-06-05 18:48 -------- d-----w- c:\programdata\Sony Corporation
2009-09-03 03:22 . 2009-09-03 03:22 -------- d-----w- c:\users\Trenton\AppData\Roaming\Sony Corporation
2009-09-03 03:17 . 2009-09-02 20:29 -------- d-----w- c:\program files\ArcSoft
2009-09-03 02:34 . 2008-06-05 18:56 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-03 02:19 . 2009-09-02 20:06 -------- d-----w- c:\programdata\Intuit
2009-09-03 02:19 . 2009-09-02 20:06 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-03 02:15 . 2008-06-05 18:42 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-09-03 01:40 . 2008-06-05 20:04 -------- d-----w- c:\programdata\Napster
2009-09-02 20:37 . 2009-09-02 20:37 -------- d-----w- c:\programdata\ATI
2009-09-02 20:30 . 2009-09-02 20:30 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-09-02 20:29 . 2008-06-05 18:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-02 20:26 . 2009-09-02 20:26 -------- d-----w- c:\program files\ATI Technologies
2009-09-02 20:26 . 2009-09-02 20:26 -------- d-----w- c:\program files\ATI
2009-09-02 20:19 . 2009-09-02 20:19 -------- d-----w- c:\programdata\Uninstall
2009-09-02 20:19 . 2009-09-02 20:19 -------- d-----w- c:\programdata\Sonic
2009-09-02 20:17 . 2009-09-02 20:17 0 ------w- c:\windows\system32\drivers\Sony_VGN-FW139E.mrk
2009-09-02 20:17 . 2009-09-02 20:17 -------- d-----w- c:\program files\OCA Marker
2009-09-02 20:17 . 2009-09-02 20:17 -------- d-----w- c:\programdata\Corel
2009-09-02 20:09 . 2009-09-02 20:09 -------- d-----w- c:\program files\Microsoft.NET
2009-09-02 20:06 . 2009-09-02 20:06 -------- d-----w- c:\program files\Intuit
2009-09-02 20:06 . 2009-09-02 20:06 -------- d-----w- c:\programdata\COMMON FILES
2009-09-02 20:00 . 2009-09-02 20:00 -------- d-----w- c:\programdata\SmartWi Connection Utility
2009-09-02 19:31 . 2009-09-02 19:31 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-09-02 19:31 . 2009-09-02 19:31 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-09-02 19:31 . 2009-09-02 19:31 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 19:31 . 2009-09-02 19:31 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-02 19:31 . 2009-09-02 19:31 -------- d-----w- c:\program files\AVG
2009-09-02 19:31 . 2009-09-02 19:31 -------- d-----w- c:\programdata\avg8
2009-09-02 18:44 . 2009-09-02 18:44 -------- d-----w- c:\users\Trenton\AppData\Roaming\ATI
2009-08-29 00:27 . 2009-09-02 20:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 01:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 01:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 01:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 01:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 13:46 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 13:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 13:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 13:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 13:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 13:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 13:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 13:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 13:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 13:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 13:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 12:34 . 2009-10-15 01:49 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:34 . 2009-10-15 01:49 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-25_02.48.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-27 01:36 . 2008-05-30 19:17 65032 c:\windows\System32\XAPOFX1_0.dll
+ 2009-10-27 01:36 . 2008-05-30 19:17 25608 c:\windows\System32\X3DAudio1_4.dll
+ 2009-10-27 01:36 . 2008-03-05 21:00 25608 c:\windows\System32\X3DAudio1_3.dll
+ 2009-10-27 01:36 . 2007-10-22 08:37 17928 c:\windows\System32\X3DAudio1_2.dll
+ 2008-01-21 01:58 . 2009-10-27 17:50 38372 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-27 17:50 81836 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-10-24 21:00 81836 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-13 15:54 . 2007-11-13 15:54 70944 c:\windows\System32\PhysXLoader.dll
- 2009-09-02 20:01 . 2009-10-24 20:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-02 20:01 . 2009-10-27 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-02 20:01 . 2009-10-27 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-02 20:01 . 2009-10-24 20:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-02 20:01 . 2009-10-24 20:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-02 20:01 . 2009-10-27 17:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelTraditionalChinese.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelSwedish.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelSpanish.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelSimplifiedChinese.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelPortugese.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelKorean.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelJapanese.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelGerman.dll
+ 2007-07-23 14:03 . 2007-07-23 14:03 53248 c:\windows\System32\AgCPanelFrench.dll
+ 2006-11-02 10:25 . 2009-10-27 01:43 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-09-04 14:49 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-09-04 14:49 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-10-27 01:43 51200 c:\windows\inf\infpub.dat
+ 2009-10-27 01:45 . 2009-10-27 01:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-02 18:45 . 2009-10-27 17:50 5476 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-749063198-1285173502-2966318055-1000_UserData.bin
- 2009-10-24 20:56 . 2009-10-24 20:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-27 17:47 . 2009-10-27 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-24 20:56 . 2009-10-24 20:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-27 17:47 . 2009-10-27 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-27 01:36 . 2008-05-30 19:19 507400 c:\windows\System32\XAudio2_1.dll
+ 2009-10-27 01:36 . 2008-03-05 21:03 479752 c:\windows\System32\XAudio2_0.dll
+ 2009-10-27 01:36 . 2008-05-30 19:18 238088 c:\windows\System32\xactengine3_1.dll
+ 2009-10-27 01:36 . 2008-03-05 21:03 238088 c:\windows\System32\xactengine3_0.dll
+ 2009-10-27 01:36 . 2007-07-20 05:57 267112 c:\windows\System32\xactengine2_9.dll
+ 2009-10-27 01:36 . 2007-06-21 01:46 266088 c:\windows\System32\xactengine2_8.dll
+ 2009-10-27 01:36 . 2007-10-22 08:39 267272 c:\windows\System32\xactengine2_10.dll
+ 2007-09-13 12:43 . 2007-09-13 12:43 120320 c:\windows\System32\DriverStore\FileRepository\physx32.inf_8752b7f2\physX32.sys
+ 2009-10-27 01:36 . 2008-05-30 19:11 467984 c:\windows\System32\d3dx10_38.dll
+ 2009-10-27 01:36 . 2008-02-06 04:07 462864 c:\windows\System32\d3dx10_37.dll
+ 2009-10-27 01:36 . 2007-10-02 14:56 444776 c:\windows\System32\d3dx10_36.dll
+ 2009-10-27 01:36 . 2007-07-19 23:14 444776 c:\windows\System32\d3dx10_35.dll
+ 2009-10-27 01:36 . 2007-05-16 21:45 443752 c:\windows\System32\d3dx10_34.dll
- 2009-09-03 03:20 . 2009-10-24 20:56 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-03 03:20 . 2009-10-27 17:47 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2007-10-25 13:29 . 2007-10-25 13:29 114505 c:\windows\System32\AGEIA\AG1021\diag.bin
+ 2007-07-25 13:30 . 2007-07-25 13:30 214141 c:\windows\System32\AGEIA\AG1021\app.bin
+ 2007-05-16 13:42 . 2007-05-16 13:42 122249 c:\windows\System32\AGEIA\AG1011\diag.bin
+ 2007-07-24 13:20 . 2007-07-24 13:20 207405 c:\windows\System32\AGEIA\AG1011\app.bin
+ 2009-10-27 01:41 . 2009-10-27 01:41 217088 c:\windows\Installer\6fd1d5.msi
- 2006-11-02 10:25 . 2009-09-04 14:49 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-10-27 01:43 143360 c:\windows\inf\infstrng.dat
+ 2009-10-27 01:45 . 2009-10-27 01:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:45 . 2009-10-27 01:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-10-01 02:24 . 2009-10-01 02:24 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-10-27 01:36 . 2008-05-30 19:11 3850760 c:\windows\System32\D3DX9_38.dll
+ 2009-10-27 01:36 . 2008-03-05 20:56 3786760 c:\windows\System32\D3DX9_37.dll
+ 2009-10-27 01:36 . 2007-10-12 20:14 3734536 c:\windows\System32\d3dx9_36.dll
+ 2009-10-27 01:36 . 2007-07-19 23:14 3727720 c:\windows\System32\d3dx9_35.dll
+ 2009-10-27 01:36 . 2007-05-16 21:45 3497832 c:\windows\System32\d3dx9_34.dll
+ 2009-10-27 01:36 . 2008-05-30 19:11 1491992 c:\windows\System32\D3DCompiler_38.dll
+ 2009-10-27 01:36 . 2008-03-05 20:56 1420824 c:\windows\System32\D3DCompiler_37.dll
+ 2009-10-27 01:36 . 2007-10-12 20:14 1374232 c:\windows\System32\D3DCompiler_36.dll
+ 2009-10-27 01:36 . 2007-07-19 23:14 1358192 c:\windows\System32\D3DCompiler_35.dll
+ 2009-10-27 01:36 . 2007-05-16 21:45 1124720 c:\windows\System32\D3DCompiler_34.dll
+ 2009-10-27 01:43 . 2009-10-27 01:43 1799168 c:\windows\Installer\6fd1d9.msi
+ 2009-10-27 00:49 . 2009-10-27 00:49 8462848 c:\windows\Installer\24b20d.msi
- 2009-09-02 20:30 . 2009-09-02 20:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-27 01:44 . 2009-10-27 01:44 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-09-02 20:30 . 2009-09-02 20:30 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-20 2025752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-29 6111232]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-04-29 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ------w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):02,c5,8a,ee,de,2c,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/2/2009 2:31 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/2/2009 2:31 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/2/2009 2:31 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/2/2009 2:31 PM 297752]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [6/5/2008 1:12 PM 98304]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [6/5/2008 3:00 PM 411488]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6/5/2008 1:19 PM 28464]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [6/5/2008 12:34 PM 9344]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Trenton\AppData\Roaming\Mozilla\Firefox\Profiles\cc552z31.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Sony Online Entertainment\Station Launcher\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 13:13
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-27 13:16
ComboFix-quarantined-files.txt 2009-10-27 18:16
ComboFix2.txt 2009-10-25 02:51

Pre-Run: 146,062,326,784 bytes free
Post-Run: 146,026,319,872 bytes free

- - End Of File - - 973A0DDE9454B030D26646E4F0C8B0EC

 

Hello again, pcshootshed.

Please run gmer once more as before, then post the log in your next reply.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

@PUSHD %tmp%
mbr -t iastor
Notepad mbr.txt

Save this as peek.bat Choose to Save type as - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Copy/paste that information into your next reply, please. Please delete the file afterwards.

------------------------------------------------------

 

Where is the DL File for 'GMER' ??

**I have not ran this test yet

 

gmer.exe should be on your desktop if you extracted the contents of the gmer.zip file to your desktop as instructed in the 'First Steps' thread.

If not > http://www.gmer.net/gmer.zip

 

I can't run 'gmer' anymore. When I run it, it will get about 1 minute into the scan and all of a sudden my entire screen goes black/gray/white and im forced to restart. Upon restarting, it says my 'PFN_List_Corrupt'


When I run the other tool 'peek.bat', it said:
Device: Opened Properly
User: Error reading MBR
Kernal: Error reading MBR and gave me an error 'cannot find mbr.txt file'


:upset:
Now what should I try? Again-thanks for everything!

 

Does it give an error number with the PFN_List_Corrupt message? Try re-seating your RAM. It's going to be hard to move forward without a gmer log. Keep trying.

 

It Doesn't give me an error message with the PFN Corrupt...

How would I go about re-seating my RAM? I have never heard of this before..

And what would cause the GMER now to work anymore? Would be be because after ComboFix and all the other Downloads/Logs-I deleted them?

 

never mind on the above message...

I Didn't Re-Seat my ram, but once more, Downloaded 'GMER' and ran it. Somehow, it worked this time!

Also, the other tool using Notepad (Peek.Bat) still doesn't work-I keep getting the error. And no, it did not give me an error message with the PFN_Corrupt.....The notepad opens but there is no txt in it. Here is my GMER Log:


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 21:04:02
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Trenton\AppData\Local\Temp\fxddrfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 [82A47EAE] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82A47EAE] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\BTHUSB \Device\00000074 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b731a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3deaad3b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3d8b731a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3deaad3b (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

 

Hello again, pcshootshed. ComboFix has been updated yet again. Please delete ComboFix.exe from your desktop.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

------------------------------------------------------

Disable your antivirus as before and double-click ComboFix.exe to run it.

Post the ComboFix.txt log in your next reply.

------------------------------------------------------

 

I downloaded and ran ComboFix. Once it was done scanning I got a pop-up message saying, ' ComboFix had detected the presence of rootkit activity on your machine and needs to reboot the machine'

I click OK and it reboots, and nothing happens. MY PC goes into the same state it was at before. I keep running ComboFix and get the same message everytime.

 

Try running ComboFix in Safe Mode.

 

I ran ComboFix in Safe Mode with Networking. After it was done Scanning, I got the following error:

'MBR.cfxxe - Application Error ...........The Instruction at 0x004063ef referenced memory at 0x00155ea6. The Memory Could not be Read'


Then...my log showed up and here it is:



ComboFix 09-10-28.08 - Trenton 10/29/2009 14:59.3.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2637 [GMT -5:00]
Running from: c:\users\Trenton\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 20:05 . 2009-10-29 20:05 -------- d-----w- c:\users\Trenton\AppData\Local\temp
2009-10-29 20:05 . 2009-10-29 20:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-29 20:05 . 2009-10-29 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-29 20:05 . 2009-10-29 20:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-29 19:01 . 2009-10-29 19:02 -------- d-----w- c:\users\Trenton\AppData\Local\Temporary Projects
2009-10-29 17:49 . 2008-01-21 02:23 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 02:56 . 2009-10-29 02:56 -------- d-----w- c:\users\Trenton\AppData\Roaming\Turbine
2009-10-29 02:56 . 2009-10-29 02:56 95 ----a-w- c:\users\Trenton\AppData\Local\fusioncache.dat
2009-10-29 02:56 . 2009-10-29 02:56 -------- d-----w- c:\users\Trenton\AppData\Local\Turbine
2009-10-29 01:45 . 2009-10-29 04:23 -------- d-----w- c:\users\Trenton\AppData\Local\ApplicationHistory
2009-10-29 01:42 . 2009-10-29 01:42 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-29 00:55 . 2009-10-29 00:55 -------- d-----w- c:\program files\Turbine
2009-10-28 15:26 . 2009-10-29 19:54 -------- d-----w- c:\users\Trenton\AppData\Local\PMB Files
2009-10-28 15:26 . 2009-10-29 02:12 -------- d-----w- c:\programdata\PMB Files
2009-10-28 15:26 . 2009-10-28 15:26 -------- d-----w- c:\program files\Pando Networks
2009-10-27 19:37 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:37 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 01:45 . 2008-07-31 15:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-10-27 01:45 . 2008-07-31 15:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-10-27 01:45 . 2008-07-31 15:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-10-27 01:45 . 2008-07-12 13:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-10-27 01:45 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-10-27 01:45 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-10-27 01:45 . 2007-04-04 23:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-27 01:45 . 2007-04-04 23:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-10-27 01:45 . 2007-03-15 21:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-10-27 01:45 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-10-27 01:45 . 2007-03-12 21:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-10-27 01:45 . 2007-03-05 17:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-10-27 01:42 . 2009-10-27 01:42 -------- d-----w- c:\windows\system32\AGEIA
2009-10-27 01:42 . 2009-10-27 01:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-27 01:41 . 2009-10-27 01:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-27 01:40 . 2009-10-27 01:40 -------- d-----w- c:\program files\Sony Online Entertainment
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\users\Trenton\AppData\Roaming\Malwarebytes
2009-10-24 04:42 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 04:42 . 2009-10-24 04:42 -------- d-----w- c:\programdata\Malwarebytes
2009-10-24 04:42 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 03:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 03:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 03:26 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 03:26 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 03:25 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 03:25 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 03:25 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 03:25 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 03:25 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 03:35 . 2009-10-03 03:37 145422 ----a-w- c:\windows\hpqins00.dat
2009-10-03 03:32 . 2009-10-10 03:54 -------- d-----w- c:\users\Trenton\AppData\Roaming\HpUpdate
2009-10-03 03:32 . 2009-10-03 03:32 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-03 02:28 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 19:19 . 2009-10-27 00:04 139640 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-01 19:18 . 2009-10-27 00:03 190216 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-01 19:18 . 2009-10-01 19:18 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-01 19:18 . 2009-10-01 19:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-01 19:09 . 2009-10-01 19:09 -------- d-----w- c:\users\Trenton\AppData\Local\PunkBuster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 19:55 . 2008-06-05 17:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-29 15:11 . 2009-09-05 02:46 -------- d-----w- c:\users\Trenton\AppData\Roaming\vlc
2009-10-28 15:40 . 2009-09-04 03:36 -------- d-----w- c:\program files\BitTorrent
2009-10-28 15:40 . 2009-09-04 03:37 -------- d-----w- c:\users\Trenton\AppData\Roaming\BitTorrent
2009-10-27 03:22 . 2008-06-05 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 01:39 . 2009-10-27 01:36 -------- d-----w- c:\programdata\Media Center Programs
2009-10-27 01:39 . 2009-10-27 01:36 -------- d-----w- c:\program files\Electronic Arts
2009-10-21 14:54 . 2009-10-03 22:30 54 ----a-w- c:\users\Trenton\AppData\Roaming\MTC-savedfolder.dat
2009-10-15 13:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-03 03:32 . 2009-09-03 14:49 -------- d-----w- c:\program files\HP
2009-10-01 21:08 . 2008-06-05 18:47 -------- d-----w- c:\program files\Sony
2009-10-01 19:19 . 2009-10-01 19:19 139152 ----a-w- c:\users\Trenton\AppData\Roaming\PnkBstrK.sys
2009-09-30 03:46 . 2009-09-29 00:27 -------- d-----w- c:\program files\EA GAMES
2009-09-28 19:25 . 2009-09-28 19:21 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-28 19:25 . 2009-09-28 19:20 -------- d-----w- c:\users\Trenton\AppData\Roaming\SystemRequirementsLab
2009-09-23 04:07 . 2009-09-22 04:12 -------- d-----w- c:\users\Trenton\AppData\Roaming\dvdcss
2009-09-17 03:08 . 2009-09-17 03:08 -------- d-----w- c:\program files\DivX
2009-09-17 03:08 . 2009-09-17 03:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-17 01:11 . 2009-09-02 18:43 93704 ----a-w- c:\users\Trenton\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-16 18:39 . 2009-09-02 20:08 -------- d-----w- c:\programdata\Microsoft Help
2009-09-16 18:37 . 2009-09-02 20:03 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 17:38 . 2009-09-16 17:00 -------- d-----w- c:\users\Trenton\AppData\Roaming\GetRightToGo
2009-09-16 14:17 . 2009-09-16 14:17 -------- d-----w- c:\program files\CCleaner
2009-09-14 09:29 . 2009-10-15 01:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 01:49 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 02:45 . 2009-09-05 02:45 -------- d-----w- c:\program files\VideoLAN
2009-09-04 11:41 . 2009-10-15 01:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-03 21:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 18:44 . 2009-09-03 18:41 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-09-03 18:44 . 2009-09-03 18:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-03 18:41 . 2009-09-03 18:41 -------- d-----w- c:\program files\Microsoft SDKs
2009-09-03 15:01 . 2009-09-03 15:01 -------- d-----w- c:\programdata\WEBREG
2009-09-03 15:01 . 2009-09-03 14:47 144000 ----a-w- c:\windows\hpoins16.dat
2009-09-03 15:00 . 2009-09-03 14:47 -------- d-----w- c:\programdata\HP
2009-09-03 14:58 . 2009-09-03 14:58 -------- d-----w- c:\program files\Common Files\HP
2009-09-03 14:57 . 2009-09-03 14:57 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-03 03:37 . 2008-06-05 18:48 -------- d-----w- c:\programdata\Sony Corporation
2009-09-03 03:22 . 2009-09-03 03:22 -------- d-----w- c:\users\Trenton\AppData\Roaming\Sony Corporation
2009-09-03 03:17 . 2009-09-02 20:29 -------- d-----w- c:\program files\ArcSoft
2009-09-03 02:34 . 2008-06-05 18:56 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-03 02:19 . 2009-09-02 20:06 -------- d-----w- c:\programdata\Intuit
2009-09-03 02:19 . 2009-09-02 20:06 -------- d-----w- c:\program files\Common Files\Intuit
2009-09-03 02:15 . 2008-06-05 18:42 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-09-03 01:40 . 2008-06-05 20:04 -------- d-----w- c:\programdata\Napster
2009-09-02 20:37 . 2009-09-02 20:37 -------- d-----w- c:\programdata\ATI
2009-09-02 20:30 . 2009-09-02 20:30 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-09-02 20:29 . 2008-06-05 18:10 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-02 20:26 . 2009-09-02 20:26 -------- d-----w- c:\program files\ATI Technologies
2009-09-02 20:26 . 2009-09-02 20:26 -------- d-----w- c:\program files\ATI
2009-09-02 20:19 . 2009-09-02 20:19 -------- d-----w- c:\programdata\Uninstall
2009-09-02 20:19 . 2009-09-02 20:19 -------- d-----w- c:\programdata\Sonic
2009-09-02 20:17 . 2009-09-02 20:17 0 ------w- c:\windows\system32\drivers\Sony_VGN-FW139E.mrk
2009-09-02 20:17 . 2009-09-02 20:17 -------- d-----w- c:\program files\OCA Marker
2009-09-02 20:17 . 2009-09-02 20:17 -------- d-----w- c:\programdata\Corel
2009-09-02 20:09 . 2009-09-02 20:09 -------- d-----w- c:\program files\Microsoft.NET
2009-09-02 20:06 . 2009-09-02 20:06 -------- d-----w- c:\program files\Intuit
2009-09-02 20:06 . 2009-09-02 20:06 -------- d-----w- c:\programdata\COMMON FILES
2009-09-02 20:00 . 2009-09-02 20:00 -------- d-----w- c:\programdata\SmartWi Connection Utility
2009-09-02 19:31 . 2009-09-02 19:31 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-09-02 19:31 . 2009-09-02 19:31 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-09-02 19:31 . 2009-09-02 19:31 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 19:31 . 2009-09-02 19:31 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-02 19:31 . 2009-09-02 19:31 -------- d-----w- c:\program files\AVG
2009-09-02 19:31 . 2009-09-02 19:31 -------- d-----w- c:\programdata\avg8
2009-09-02 18:44 . 2009-09-02 18:44 -------- d-----w- c:\users\Trenton\AppData\Roaming\ATI
2009-08-29 00:27 . 2009-09-02 20:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 01:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 01:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 01:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 01:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 13:46 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 13:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 13:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 13:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 13:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 13:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 13:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 13:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 13:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 13:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 13:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 12:34 . 2009-10-15 01:49 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:34 . 2009-10-15 01:49 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-27_18.13.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 01:46 . 2009-10-29 01:46 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087\vcomp.dll
+ 2009-10-27 19:37 . 2009-10-01 11:55 92160 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22933_none_8444da075fea9e51\iecompat.dll
+ 2009-10-27 19:37 . 2009-10-01 03:59 92160 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18842_none_83af6d0646d60121\iecompat.dll
+ 2008-01-21 01:58 . 2009-10-29 17:55 39392 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-29 17:55 81922 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2003-02-21 10:16 . 2003-02-21 10:16 49152 c:\windows\System32\URTTEMP\regtlib.exe
- 2009-09-02 20:01 . 2009-10-27 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-02 20:01 . 2009-10-29 19:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-02 20:01 . 2009-10-29 19:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-02 20:01 . 2009-10-27 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-02 20:01 . 2009-10-29 19:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-02 20:01 . 2009-10-27 17:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-16 16:35 . 2009-10-23 13:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 16:35 . 2009-10-29 18:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 16:35 . 2009-10-29 18:58 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-16 16:35 . 2009-10-23 13:56 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-16 16:35 . 2009-10-23 13:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-16 16:35 . 2009-10-29 18:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2004-07-15 07:11 . 2004-07-15 07:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-06-22 18:51 . 2004-06-22 18:51 53248 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 05:34 . 2004-07-15 05:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 23:43 . 2003-02-20 23:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-21 00:18 . 2003-02-21 00:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 00:06 . 2003-02-21 00:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2004-07-15 05:32 . 2004-07-15 05:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 12:25 . 2003-02-21 12:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 00:22 . 2003-02-21 00:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2004-07-15 19:31 . 2004-07-15 19:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-10-08 19:30 . 2003-10-08 19:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 09:12 . 2003-02-21 09:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2004-07-15 16:23 . 2004-07-15 16:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 05:32 . 2004-07-15 05:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 00:19 . 2003-02-21 00:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 10:00 . 2003-02-21 10:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 08:55 . 2003-02-21 08:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 07:59 . 2003-02-21 07:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3ba8e3ca\System.Drawing.Design.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_af514eba\CustomMarshalers.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-27 19:37 . 2009-09-10 15:10 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\spwmp.dll
+ 2009-10-27 19:37 . 2009-09-10 15:10 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\dxmasf.dll
+ 2009-09-02 20:17 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\spwmp.dll
+ 2009-09-02 20:17 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\dxmasf.dll
+ 2009-10-27 19:37 . 2009-09-10 20:45 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\spwmp.dll
+ 2009-10-27 19:37 . 2009-09-10 20:45 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\dxmasf.dll
+ 2009-09-02 20:17 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\spwmp.dll
+ 2009-09-02 20:17 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\dxmasf.dll
+ 2009-10-27 19:37 . 2009-09-10 17:30 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\spwmp.dll
+ 2009-10-27 19:37 . 2009-09-10 17:31 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\dxmasf.dll
+ 2009-10-27 19:37 . 2009-09-10 17:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\spwmp.dll
+ 2009-10-27 19:37 . 2009-09-10 17:40 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\dxmasf.dll
+ 2009-09-17 04:31 . 2009-10-29 16:12 2680 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-09-02 18:45 . 2009-10-29 17:55 5972 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-749063198-1285173502-2966318055-1000_UserData.bin
+ 2009-10-29 17:27 . 2009-10-29 17:27 9560 c:\windows\System32\networklist\icons\{458E06CB-DF3A-49F7-8D52-48B5643E05E2}_48.bin
+ 2009-10-29 17:27 . 2009-10-29 17:27 4280 c:\windows\System32\networklist\icons\{458E06CB-DF3A-49F7-8D52-48B5643E05E2}_32.bin
+ 2009-10-29 17:27 . 2009-10-29 17:27 2456 c:\windows\System32\networklist\icons\{458E06CB-DF3A-49F7-8D52-48B5643E05E2}_24.bin
+ 2003-02-20 23:43 . 2003-02-20 23:43 4096 c:\windows\System32\MUI\0409\mscoreer.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-27 19:37 . 2009-09-10 15:10 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e\unregmp2.exe
+ 2009-10-27 19:37 . 2009-09-10 14:58 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5\unregmp2.exe
+ 2009-10-27 19:37 . 2009-09-10 15:23 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635\unregmp2.exe
+ 2009-10-27 19:37 . 2009-09-10 15:21 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535\unregmp2.exe
+ 2009-10-27 19:37 . 2009-09-10 15:14 311296 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12\unregmp2.exe
+ 2009-10-27 19:37 . 2009-09-10 15:29 311296 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d\unregmp2.exe
+ 2009-10-27 19:37 . 2009-09-10 15:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmpshare.exe
+ 2009-10-27 19:37 . 2009-09-10 15:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmplayer.exe
+ 2009-10-27 19:37 . 2009-09-10 15:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmpconfig.exe
+ 2009-09-02 20:17 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmpshare.exe
+ 2009-10-27 19:37 . 2009-09-10 14:58 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmplayer.exe
+ 2009-09-02 20:17 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmpconfig.exe
+ 2009-10-27 19:37 . 2009-09-10 15:23 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmpshare.exe
+ 2009-10-27 19:37 . 2009-09-10 15:23 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmplayer.exe
+ 2009-10-27 19:37 . 2009-09-10 15:23 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmpconfig.exe
+ 2009-09-02 20:17 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmpshare.exe
+ 2009-10-27 19:37 . 2009-09-10 15:21 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmplayer.exe
+ 2009-09-02 20:17 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmpconfig.exe
+ 2009-10-27 19:37 . 2009-09-10 15:14 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\wmpshare.exe
+ 2009-10-27 19:37 . 2009-09-10 15:14 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\wmplayer.exe
+ 2009-10-27 19:37 . 2009-09-10 15:14 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\wmpconfig.exe
+ 2009-10-27 19:37 . 2009-09-10 15:29 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\wmpshare.exe
+ 2009-10-27 19:37 . 2009-09-10 15:29 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\wmplayer.exe
+ 2009-10-27 19:37 . 2009-09-10 15:29 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\wmpconfig.exe
+ 2009-09-03 18:37 . 2009-10-29 16:11 263430 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-10-29 01:44 604452 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-29 01:44 105376 c:\windows\System32\perfc009.dat
- 2009-09-03 03:20 . 2009-10-27 17:47 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-03 03:20 . 2009-10-29 19:56 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2004-07-15 16:23 . 2004-07-15 16:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 19:31 . 2004-07-15 19:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2004-08-10 21:20 . 2004-08-10 21:20 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-21 09:42 . 2003-02-21 09:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 23:43 . 2003-02-20 23:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-15 05:25 . 2004-07-15 05:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 05:32 . 2004-07-15 05:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 05:24 . 2004-07-15 05:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 00:16 . 2003-02-21 00:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 15:21 . 2003-02-21 15:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2004-07-15 16:23 . 2004-07-15 16:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 16:11 . 2002-07-29 16:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2004-07-15 06:49 . 2004-07-15 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 10:04 . 2003-02-21 10:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 08:02 . 2003-02-21 08:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 213504 c:\windows\Installer\24833d4.msi
+ 2009-10-29 01:45 . 2009-10-29 01:45 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_3bf69972\System.Drawing.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_85363c4f\System.Drawing.Design.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5f1f38e8\CustomMarshalers.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-27 19:37 . 2009-09-10 15:10 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e\setup_wm.exe
+ 2009-10-27 19:37 . 2009-09-10 14:58 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5\setup_wm.exe
+ 2009-10-27 19:37 . 2009-09-10 15:23 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635\setup_wm.exe
+ 2009-10-27 19:37 . 2009-09-10 15:21 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535\setup_wm.exe
+ 2009-10-27 19:37 . 2009-09-10 15:14 1418240 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12\setup_wm.exe
+ 2009-10-27 19:37 . 2009-09-10 15:29 1418240 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d\setup_wm.exe
+ 2009-10-27 19:37 . 2009-09-10 15:11 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmploc.DLL
+ 2009-10-27 19:37 . 2009-09-10 14:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmploc.DLL
+ 2009-10-27 19:37 . 2009-09-10 15:24 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmploc.DLL
+ 2009-10-27 19:37 . 2009-09-10 15:21 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmploc.DLL
+ 2009-10-27 19:37 . 2009-09-10 15:14 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\wmploc.DLL
+ 2009-10-27 19:37 . 2009-09-10 15:29 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\wmploc.DLL
- 2006-11-02 10:22 . 2009-10-21 13:54 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-10-29 04:36 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:47 . 2009-09-03 21:38 4295855 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:47 . 2009-10-28 04:47 4295855 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2004-07-15 13:15 . 2004-07-15 13:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 05:28 . 2004-07-15 05:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-15 05:26 . 2004-07-15 05:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2009-10-29 01:43 . 2009-10-29 01:43 3443712 c:\windows\Installer\246c0f0.msi
+ 2009-10-29 01:45 . 2009-10-29 01:45 1953792 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6cb39d37\System.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 4763648 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6921ed97\System.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 5505024 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_dde59a5a\System.Xml.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_353516e0\System.Xml.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 7880704 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_79c54fee\System.Windows.Forms.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 3014656 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3f8cb41c\System.Windows.Forms.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2483c18b\System.Drawing.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f8b44892\System.Design.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7b00065e\System.Design.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 3379200 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b612714b\mscorlib.dll
+ 2009-10-29 01:46 . 2009-10-29 01:46 8880128 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0d8365a4\mscorlib.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 1224704 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 2052096 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-29 01:45 . 2009-10-29 01:45 1257472 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-29 01:44 . 2009-10-29 01:44 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-10-29 01:42 . 2009-10-29 01:42 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-10-27 19:37 . 2009-09-10 17:10 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmp.dll
+ 2009-10-27 19:37 . 2009-09-10 16:49 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmp.dll
+ 2009-10-27 19:37 . 2009-09-10 20:46 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmp.dll
+ 2009-10-27 19:37 . 2009-09-10 17:33 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmp.dll
+ 2009-10-27 19:37 . 2009-09-10 17:31 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\wmp.dll
+ 2009-10-27 19:37 . 2009-09-10 17:40 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\wmp.dll
+ 2009-10-27 19:37 . 2009-09-10 16:49 10627584 c:\windows\System32\wmp.dll
+ 2009-10-29 01:43 . 2009-10-29 01:43 19210240 c:\windows\Installer\24833cf.msp
+ 2009-09-03 13:34 . 2009-10-29 01:46 147980302 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-28 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-20 2025752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-29 6111232]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-04-29 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ------w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):02,c5,8a,ee,de,2c,ca,01

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/2/2009 2:31 PM 108552]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [6/5/2008 12:34 PM 9344]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/2/2009 2:31 PM 335240]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/2/2009 2:31 PM 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/2/2009 2:31 PM 297752]
S2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [6/5/2008 1:12 PM 98304]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [6/5/2008 3:00 PM 411488]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6/5/2008 1:19 PM 28464]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Trenton\AppData\Roaming\Mozilla\Firefox\Profiles\cc552z31.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Sony Online Entertainment\Station Launcher\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 15:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1840)
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiamENU.dll
.
Completion time: 2009-10-29 15:08
ComboFix-quarantined-files.txt 2009-10-29 20:08
ComboFix2.txt 2009-10-27 18:16
ComboFix3.txt 2009-10-25 02:51

Pre-Run: 134,703,912,960 bytes free
Post-Run: 134,606,825,472 bytes free

- - End Of File - - EE92349FBF4DCF7BDF68E7622AB1235A

 

I will randomly receive a popup from a website stating 'Would you like to make 5,000 a day on google', along with redirects and other popups.

Are you still getting redirects after the last ComboFix run?

Please post a fresh GMER log.

 

I'm not getting so badly of pop ups anymore, it's more of the re-directs that are the problem...

And once again, when I start the GMER Scan, the screen goes crazy and my PC Reboots. I tried it as admin, safe mode, and regular mode.