Cute Wolf
08-14-2010, 09:21
just curious since 3 my laptop's last routine scan with Combo fix contains this kind of infection... well, it amazed me, because my laptop rarely got some kind of infection...
here's the log:
ComboFix 10-08-12.03 - User 08/14/2010 15:01:03.24.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.534 [GMT 7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\inf\mdmcpq3.PNF
c:\windows\inf\mdmeric3.PNF
c:\windows\inf\oem6C.PNF
c:\windows\inf\oem7A.PNF
c:\windows\system\BisonC07.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MRXCLS
-------\Legacy_MRXNET
-------\Service_MRxCls
-------\Service_MRxNet
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.
2010-07-22 03:50 . 2010-07-22 03:50 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 15:39 . 2009-04-19 12:27 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2008-11-27 01:49 . 2009-03-27 06:30 69120 --sha-r- c:\windows\system32\RemovableCache\lpawux.pif
2009-02-22 01:12 . 2009-03-27 06:30 243199 --sha-r- c:\windows\system32\RemovableCache\xcdxll.exe
2009-03-12 15:30 . 2009-03-23 00:31 44544 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL1861.tmp
2009-03-12 15:48 . 2009-03-23 00:31 27136 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL2817.tmp
2009-03-12 15:26 . 2009-03-23 00:31 226816 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL3182.tmp
2009-03-12 15:40 . 2009-03-23 00:31 27136 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL3318.tmp
.
((((((((((((((((((((((((((((( SnapShot_2010-04-12_07.40.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-02-20 22:16 . 2003-02-20 22:16 49152 c:\windows\system32\URTTEMP\regtlib.exe
+ 2001-08-23 12:00 . 2010-04-20 12:27 80698 c:\windows\system32\perfc009.dat
+ 2001-08-17 13:48 . 2001-08-23 12:00 12160 c:\windows\system32\dllcache\mouhid.sys
+ 2003-03-18 16:43 . 2003-03-18 16:43 69632 c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2003-02-20 13:10 . 2003-02-20 13:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjslibcw.dll
+ 2003-03-18 18:50 . 2003-03-18 18:50 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\VJSharpCodeProvider.DLL
+ 2003-03-18 16:43 . 2003-03-18 16:43 19968 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjc.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 00:26 . 2003-02-21 00:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 12:09 . 2003-02-20 12:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 11:43 . 2003-02-20 11:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 12:18 . 2003-02-20 12:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 12:06 . 2003-02-20 12:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 00:25 . 2003-02-21 00:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 00:25 . 2003-02-21 00:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 12:22 . 2003-02-20 12:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-20 21:12 . 2003-02-20 21:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 03:20 . 2003-02-21 03:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 12:09 . 2003-02-20 12:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 12:19 . 2003-02-20 12:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-20 22:00 . 2003-02-20 22:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2002-02-12 04:55 . 2002-02-12 04:55 54688 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\dwintl.dll
+ 2003-02-20 20:55 . 2003-02-20 20:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-20 19:59 . 2003-02-20 19:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 10240 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_b1f27b 92\VJSWfcBrowserStubLib.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 32768 c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_b04dd3cc\vjslibcw. dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 69632 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_c7d16a7 f\VJSharpCodeProvider.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 20480 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_184c53d4\vjscor.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_bf029 905\System.Drawing.Design.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_cd83e7e4\C ustomMarshalers.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 32768 c:\windows\assembly\GAC\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a\vjslibcw.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 57344 c:\windows\assembly\GAC\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a\VJSharpCodeProvider.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Regula rExpressions.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Thunk.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServic es.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configurati on.Install.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa .Vb.CodeDOMProcessor.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic .Vsa.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2003-02-20 11:43 . 2003-02-20 11:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 8704 c:\windows\Microsoft.NET\Framework\v1.1.4322\VJSWfcBrowserStubLib.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 8704 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjscor.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 8704 c:\windows\assembly\GAC\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 8704 c:\windows\assembly\GAC\vjscor\1.0.5000.0__b03f5f7f11d50a3a\vjscor.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-10-09 13:48 . 2010-07-22 03:50 691700 c:\windows\system32\Restore\rstrlog.dat
+ 2001-08-23 12:00 . 2010-04-20 12:27 463362 c:\windows\system32\perfh009.dat
+ 2003-03-18 16:38 . 2003-03-18 16:38 110592 c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 189952 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfccw.dll
+ 2003-03-18 16:30 . 2003-03-18 16:30 266240 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjsnativ.dll
+ 2003-02-21 03:20 . 2003-02-21 03:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 00:27 . 2003-02-21 00:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 21:42 . 2003-02-20 21:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 11:43 . 2003-02-20 11:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 12:06 . 2003-02-20 12:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 12:06 . 2003-02-20 12:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 12:16 . 2003-02-20 12:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2002-05-30 19:15 . 2002-05-30 19:15 186696 c:\windows\Microsoft.NET\Framework\v1.1.4322\dw15.exe
+ 2003-02-21 03:21 . 2003-02-21 03:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 03:21 . 2003-02-21 03:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 04:11 . 2002-07-29 04:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 12:19 . 2003-02-20 12:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 22:04 . 2003-02-20 22:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-03-18 16:36 . 2003-03-18 16:36 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vjslibui.dll
+ 2003-03-18 16:38 . 2003-03-18 16:38 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vjscui.dll
+ 2003-02-20 20:02 . 2003-02-20 20:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8441b017\Sys tem.Drawing.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 189952 c:\windows\assembly\GAC\vjswfccw\1.0.5000.0__b03f5f7f11d50a3a\vjswfccw.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\Sy stem.Runtime.Serialization.Formatters.Soap.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting .dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClie nt.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
+ 2003-02-20 22:04 . 2003-02-20 22:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-03-18 18:50 . 2003-03-18 18:50 1105920 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfchtml.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 3399680 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfc.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 3739648 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjslib.dll
+ 2003-03-18 16:43 . 2003-03-18 16:43 1613824 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjsc.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-20 12:08 . 2003-02-20 12:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 12:07 . 2003-02-20 12:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 1620992 c:\windows\Installer\42a136.msi
+ 2010-04-20 12:27 . 2010-04-20 12:27 3443712 c:\windows\Installer\412807.msi
+ 2010-04-20 12:28 . 2010-04-20 12:28 4460544 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_22aff3d1\vjslib.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 1929216 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f215d986\System.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 2076672 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_78e37639\System. Xml.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 2994176 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8efb8d 80\System.Windows.Forms.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 1462272 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d590e33d\Syst em.Design.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 3289088 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f5d5140b\mscorlib. dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 1105920 c:\windows\assembly\GAC\vjswfchtml\1.0.5000.0__b03f5f7f11d50a3a\vjswfchtml.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 3399680 c:\windows\assembly\GAC\vjswfc\1.0.5000.0__b03f5f7f11d50a3a\vjswfc.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 3739648 c:\windows\assembly\GAC\vjslib\1.0.5000.0__b03f5f7f11d50a3a\vjslib.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1216512 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1335296 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 2039808 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1245184 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1699840 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1290240 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-05 16844288]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-06-16 1177368]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-18 06:40 53248 ----a-w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-08 04:06 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 04:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 06:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 13:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-10 15:04 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"AVGEMS"=3 (0x3)
"Avg7UpdSvc"=3 (0x3)
"Avg7Alrt"=3 (0x3)
"AVG Anti-Spyware Guard"=3 (0x3)
"AgereModemAudio"=2 (0x2)
"wuauserv"=2 (0x2)
"btwdins"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\Chem3D\\Chem3D.exe"=
"d:\\GAMES\\Battle Realms\\Battle_Realms_F.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\GAMES\\Command Conquer FireStorm\\game.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/16/2008 4:38 PM 96520]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2008 4:38 PM 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/16/2008 4:38 PM 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/16/2008 4:38 PM 75272]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S2 MPKrnl;MPKrnl;c:\mpkrnl.exe --> c:\MPKrnl.exe [?]
S2 yxhinbk;Update Security;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 11:56 PM 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yxhinbk
.
Contents of the 'Scheduled Tasks' folder
2010-08-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-10 14:11]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = cache.itb.ac.id:8080
uInternet Settings,ProxyOverride = 167.205.*;*.itb.ac.id;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\proewildfire 3.0\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\oul44zux.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.ftp - cache.itb.ac.id
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - cache.itb.ac.id
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - cache.itb.ac.id
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - cache.itb.ac.id
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - cache.itb.ac.id
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 15:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxhinbk]
"ServiceDll"="c:\windows\system32\smckng.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\docume~1\User\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-14 15:12:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 08:12
ComboFix2.txt 2010-04-15 16:06
ComboFix3.txt 2010-04-12 07:42
ComboFix4.txt 2009-09-03 02:45
ComboFix5.txt 2010-08-14 07:59
Pre-Run: 14,383,853,568 bytes free
Post-Run: 14,363,586,560 bytes free
- - End Of File - - 4A277C4AC8766C1058AE44C8867F0CCA
here's the log:
ComboFix 10-08-12.03 - User 08/14/2010 15:01:03.24.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.534 [GMT 7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\inf\mdmcpq3.PNF
c:\windows\inf\mdmeric3.PNF
c:\windows\inf\oem6C.PNF
c:\windows\inf\oem7A.PNF
c:\windows\system\BisonC07.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MRXCLS
-------\Legacy_MRXNET
-------\Service_MRxCls
-------\Service_MRxNet
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.
2010-07-22 03:50 . 2010-07-22 03:50 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 15:39 . 2009-04-19 12:27 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2008-11-27 01:49 . 2009-03-27 06:30 69120 --sha-r- c:\windows\system32\RemovableCache\lpawux.pif
2009-02-22 01:12 . 2009-03-27 06:30 243199 --sha-r- c:\windows\system32\RemovableCache\xcdxll.exe
2009-03-12 15:30 . 2009-03-23 00:31 44544 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL1861.tmp
2009-03-12 15:48 . 2009-03-23 00:31 27136 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL2817.tmp
2009-03-12 15:26 . 2009-03-23 00:31 226816 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL3182.tmp
2009-03-12 15:40 . 2009-03-23 00:31 27136 --sha-w- c:\windows\system32\RemovableCache\Kuliah Tamu ITB\~WRL3318.tmp
.
((((((((((((((((((((((((((((( SnapShot_2010-04-12_07.40.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-02-20 22:16 . 2003-02-20 22:16 49152 c:\windows\system32\URTTEMP\regtlib.exe
+ 2001-08-23 12:00 . 2010-04-20 12:27 80698 c:\windows\system32\perfc009.dat
+ 2001-08-17 13:48 . 2001-08-23 12:00 12160 c:\windows\system32\dllcache\mouhid.sys
+ 2003-03-18 16:43 . 2003-03-18 16:43 69632 c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2003-02-20 13:10 . 2003-02-20 13:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjslibcw.dll
+ 2003-03-18 18:50 . 2003-03-18 18:50 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\VJSharpCodeProvider.DLL
+ 2003-03-18 16:43 . 2003-03-18 16:43 19968 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjc.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 00:26 . 2003-02-21 00:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 12:09 . 2003-02-20 12:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 11:43 . 2003-02-20 11:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 12:18 . 2003-02-20 12:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 12:06 . 2003-02-20 12:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 00:25 . 2003-02-21 00:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 00:25 . 2003-02-21 00:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 12:22 . 2003-02-20 12:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-20 21:12 . 2003-02-20 21:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 03:20 . 2003-02-21 03:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 12:09 . 2003-02-20 12:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 12:19 . 2003-02-20 12:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 12:19 . 2003-02-20 12:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-20 22:00 . 2003-02-20 22:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2002-02-12 04:55 . 2002-02-12 04:55 54688 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\dwintl.dll
+ 2003-02-20 20:55 . 2003-02-20 20:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-20 19:59 . 2003-02-20 19:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 10240 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_b1f27b 92\VJSWfcBrowserStubLib.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 32768 c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_b04dd3cc\vjslibcw. dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 69632 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_c7d16a7 f\VJSharpCodeProvider.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 20480 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_184c53d4\vjscor.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_bf029 905\System.Drawing.Design.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_cd83e7e4\C ustomMarshalers.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 32768 c:\windows\assembly\GAC\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a\vjslibcw.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 57344 c:\windows\assembly\GAC\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a\VJSharpCodeProvider.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Regula rExpressions.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Thunk.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServic es.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configurati on.Install.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa .Vb.CodeDOMProcessor.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic .Vsa.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .Diagnostics.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft. DirectX.AudioVideoPlayback.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2003-02-20 11:43 . 2003-02-20 11:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 8704 c:\windows\Microsoft.NET\Framework\v1.1.4322\VJSWfcBrowserStubLib.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 8704 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjscor.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 00:24 . 2003-02-21 00:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 00:24 . 2003-02-21 00:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 8704 c:\windows\assembly\GAC\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 8704 c:\windows\assembly\GAC\vjscor\1.0.5000.0__b03f5f7f11d50a3a\vjscor.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-10-09 13:48 . 2010-07-22 03:50 691700 c:\windows\system32\Restore\rstrlog.dat
+ 2001-08-23 12:00 . 2010-04-20 12:27 463362 c:\windows\system32\perfh009.dat
+ 2003-03-18 16:38 . 2003-03-18 16:38 110592 c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 189952 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfccw.dll
+ 2003-03-18 16:30 . 2003-03-18 16:30 266240 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjsnativ.dll
+ 2003-02-21 03:20 . 2003-02-21 03:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 00:27 . 2003-02-21 00:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 21:42 . 2003-02-20 21:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 11:43 . 2003-02-20 11:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 12:06 . 2003-02-20 12:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 12:09 . 2003-02-20 12:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 12:06 . 2003-02-20 12:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 12:16 . 2003-02-20 12:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2002-05-30 19:15 . 2002-05-30 19:15 186696 c:\windows\Microsoft.NET\Framework\v1.1.4322\dw15.exe
+ 2003-02-21 03:21 . 2003-02-21 03:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 03:21 . 2003-02-21 03:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 04:11 . 2002-07-29 04:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 12:19 . 2003-02-20 12:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 22:04 . 2003-02-20 22:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-03-18 16:36 . 2003-03-18 16:36 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vjslibui.dll
+ 2003-03-18 16:38 . 2003-03-18 16:38 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vjscui.dll
+ 2003-02-20 20:02 . 2003-02-20 20:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8441b017\Sys tem.Drawing.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 189952 c:\windows\assembly\GAC\vjswfccw\1.0.5000.0__b03f5f7f11d50a3a\vjswfccw.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\Sy stem.Runtime.Serialization.Formatters.Soap.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting .dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClie nt.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectSound.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectPlay.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX .DirectInput.dll
- 2009-12-05 16:11 . 2009-12-05 16:11 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX. DirectDraw.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.D irect3DX.dll
- 2009-12-05 16:10 . 2009-12-05 16:10 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Di rect3D.dll
+ 2003-02-20 22:04 . 2003-02-20 22:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-03-18 18:50 . 2003-03-18 18:50 1105920 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfchtml.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 3399680 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfc.dll
+ 2003-03-18 18:52 . 2003-03-18 18:52 3739648 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjslib.dll
+ 2003-03-18 16:43 . 2003-03-18 16:43 1613824 c:\windows\Microsoft.NET\Framework\v1.1.4322\vjsc.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 00:27 . 2003-02-21 00:27 1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-20 12:08 . 2003-02-20 12:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 12:07 . 2003-02-20 12:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 00:26 . 2003-02-21 00:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 00:25 . 2003-02-21 00:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2010-04-20 12:28 . 2010-04-20 12:28 1620992 c:\windows\Installer\42a136.msi
+ 2010-04-20 12:27 . 2010-04-20 12:27 3443712 c:\windows\Installer\412807.msi
+ 2010-04-20 12:28 . 2010-04-20 12:28 4460544 c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_22aff3d1\vjslib.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 1929216 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f215d986\System.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 2076672 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_78e37639\System. Xml.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 2994176 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8efb8d 80\System.Windows.Forms.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 1462272 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d590e33d\Syst em.Design.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 3289088 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f5d5140b\mscorlib. dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 1105920 c:\windows\assembly\GAC\vjswfchtml\1.0.5000.0__b03f5f7f11d50a3a\vjswfchtml.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 3399680 c:\windows\assembly\GAC\vjswfc\1.0.5000.0__b03f5f7f11d50a3a\vjswfc.dll
+ 2010-04-20 12:27 . 2010-04-20 12:27 3739648 c:\windows\assembly\GAC\vjslib\1.0.5000.0__b03f5f7f11d50a3a\vjslib.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1216512 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1335296 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 2039808 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1245184 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1699840 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1290240 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2010-04-20 12:26 . 2010-04-20 12:26 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-05 16844288]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-06-16 1177368]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-18 06:40 53248 ----a-w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-08 04:06 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 04:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 06:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 13:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-10 15:04 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"AVGEMS"=3 (0x3)
"Avg7UpdSvc"=3 (0x3)
"Avg7Alrt"=3 (0x3)
"AVG Anti-Spyware Guard"=3 (0x3)
"AgereModemAudio"=2 (0x2)
"wuauserv"=2 (0x2)
"btwdins"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2006\\Chem3D\\Chem3D.exe"=
"d:\\GAMES\\Battle Realms\\Battle_Realms_F.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\GAMES\\Command Conquer FireStorm\\game.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/16/2008 4:38 PM 96520]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2008 4:38 PM 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/16/2008 4:38 PM 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/16/2008 4:38 PM 75272]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S2 MPKrnl;MPKrnl;c:\mpkrnl.exe --> c:\MPKrnl.exe [?]
S2 yxhinbk;Update Security;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 11:56 PM 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yxhinbk
.
Contents of the 'Scheduled Tasks' folder
2010-08-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-10 14:11]
.
.
------- Supplementary Scan -------
.
uStart Page =
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = cache.itb.ac.id:8080
uInternet Settings,ProxyOverride = 167.205.*;*.itb.ac.id;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\proewildfire 3.0\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\oul44zux.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.ftp - cache.itb.ac.id
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - cache.itb.ac.id
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - cache.itb.ac.id
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - cache.itb.ac.id
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - cache.itb.ac.id
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2006\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 15:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxhinbk]
"ServiceDll"="c:\windows\system32\smckng.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\docume~1\User\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-14 15:12:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 08:12
ComboFix2.txt 2010-04-15 16:06
ComboFix3.txt 2010-04-12 07:42
ComboFix4.txt 2009-09-03 02:45
ComboFix5.txt 2010-08-14 07:59
Pre-Run: 14,383,853,568 bytes free
Post-Run: 14,363,586,560 bytes free
- - End Of File - - 4A277C4AC8766C1058AE44C8867F0CCA