C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove

Free Antivirus Forum - Learn about antivirus, firewalls and personal security

BullGuard Antivirus Forum > Virus information > Alerts & New Threats > C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove

Forum Quick Jump

$Post reply to : C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Printable version of : C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

[ << Previous Thread | Next Thread >> ]

timrivera2
New Member

Date Joined Feb 2009
Total Posts : 1

Posted 2/9/2009 8:05 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

I delete this trojan virus and restart my computer and it regenerates everytime I start internet explorer. Does anyone know how to remove this. I tried running in safe mode and scanning but it will not let my norton do a full scan.

felipemenezes
New Member

Date Joined Feb 2009
Total Posts : 13

Posted 2/13/2009 7:27 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

Im having the same problem.

but it regenerates everytime i restart the computer without opening anything.

and my problem is abit worst. When i restarted my computer i get blue screen, computer restarts.
the same thing happens when i boot in safemod with network.

the only way to restart the computer is on safemod, or if i go on "msconfig" and disable all "services"

Right now for me to be talking here i had to disable services, restart in normal windows and enable just the enough services to browse the internet.

I'm running windows vista home premmiun 32bit service pack1 updated

felipemenezes
New Member

Date Joined Feb 2009
Total Posts : 13

Posted 2/14/2009 12:48 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

I fixed this problem!

here is what you wanna do:

Download this program: http://www.ctrlaltdel.dk/Fix_download.exe

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.

Please follow the instructions and copy the logs here, in this Topic.

Note : Fix_download.exe is detected by some antivirus programs as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

If necessary, temporarily disable your anti-virus, real-time protection before downloading

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Big thanx to Touch (Forum Moderator) he posted this for another topic and i tried this method for this virus and it worked!

felipemenezes
New Member

Date Joined Feb 2009
Total Posts : 13

Posted 2/14/2009 12:54 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

and here are my logs for malwerebytes:

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 6.0.6001 Service Pack 1

2009-02-13 13:29:10
mbam-log-2009-02-13 (13-29-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 279382
Time elapsed: 42 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 12
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\navigator (Rootkit.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\navigator (Rootkit.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\navigator (Rootkit.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\QuickTime Task (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c8966dfe-77be-42a2-892e-a74da53990d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c8966dfe-77be-42a2-892e-a74da53990d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d24eb228-6e5d-4f9f-b39b-49d93ae12b97}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c8966dfe-77be-42a2-892e-a74da53990d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c8966dfe-77be-42a2-892e-a74da53990d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d24eb228-6e5d-4f9f-b39b-49d93ae12b97}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c8966dfe-77be-42a2-892e-a74da53990d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c8966dfe-77be-42a2-892e-a74da53990d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d24eb228-6e5d-4f9f-b39b-49d93ae12b97}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\Felipe Menezes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Users\Felipe Menezes\Desktop\EC224BB2636FBA03\EC224BB2636FBA03.vir (Rootkit.Zlob) -> Quarantined and deleted successfully.
C:\Users\Felipe Menezes\Favorites\Cheap Software.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Felipe Menezes\Favorites\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\RECYCLER\S-7-3-79-100004027-100030189-100027771-6464.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Felipe Menezes\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\fd.dll (Rootkit.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\drivers\gaopdxtehiphfo.sys (Trojan.Agent) -> Quarantined and deleted successfully.

felipemenezes
New Member

Date Joined Feb 2009
Total Posts : 13

Posted 2/14/2009 12:57 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

heres my combofix log.

ComboFix 09-02-12.03 - Felipe Menezes 2009-02-13 14:01:54.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2041 [GMT -5:00]
Running from: c:\users\Felipe Menezes\Desktop\FIX\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gaopdxcounter
c:\windows\system32\SystemsHook.dll
d:\recycler\S-7-3-79-100004027-100030189-100027771-6464.com

.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-02-13 12:09 . 2009-02-13 12:32 205,076,730 --a------ c:\windows\MEMORY.DMP
2009-02-13 12:01 . 2009-02-13 12:01 <DIR> d-------- c:\users\Felipe Menezes\AppData\Roaming\Malwarebytes
2009-02-13 12:01 . 2009-02-13 12:01 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-13 12:01 . 2009-02-13 12:01 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-13 12:01 . 2009-02-13 12:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 12:01 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-13 12:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 05:55 . 2009-02-13 07:54 <DIR> d-------- c:\program files\Total Video Converter
2009-02-12 04:52 . 2009-02-12 04:52 <DIR> d-------- c:\users\Felipe Menezes\AppData\Roaming\teamspeak2
2009-02-12 04:52 . 2009-02-12 04:52 34,064 --a------ c:\windows\System32\lhacm.acm
2009-02-11 21:21 . 2009-02-11 21:31 <DIR> d-------- c:\program files\XAimer
2009-02-11 21:21 . 2004-12-06 06:10 192,512 --a------ c:\windows\System32\ssresources.dll
2009-02-11 21:21 . 2006-05-08 19:59 49,152 --a------ c:\windows\System32\AIMDL.exe
2009-02-11 18:48 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-11 18:48 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-11 18:48 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-11 18:48 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-11 18:48 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 04:22 . 2009-02-11 04:22 <DIR> d-------- c:\program files\CCleaner
2009-02-11 03:57 . 2009-02-11 03:57 <DIR> d-------- c:\users\Felipe Menezes\Library
2009-02-11 03:57 . 2009-02-11 03:57 <DIR> d-------- c:\users\Felipe Menezes\AppData\Roaming\com.adobe.ExMan
2009-02-09 04:55 . 2009-02-09 04:55 <DIR> d-------- c:\program files\Real
2009-02-09 04:55 . 2009-02-09 04:55 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-09 04:55 . 2009-02-09 04:55 <DIR> d-------- c:\program files\Common Files\Real
2009-02-08 23:59 . 2009-02-13 05:04 <DIR> d-------- c:\users\All Users\Google Updater
2009-02-08 23:59 . 2009-02-13 05:04 <DIR> d-------- c:\programdata\Google Updater
2009-02-08 21:57 . 2009-02-13 09:15 <DIR> d-------- C:\Temp
2009-02-06 22:12 . 2009-02-06 22:12 0 --a------ c:\windows\nsreg.dat
2009-02-05 23:54 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-05 23:54 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-05 23:54 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-05 23:54 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-05 23:54 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-05 23:54 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-05 23:54 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-05 23:54 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-05 23:43 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-05 23:43 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-05 23:43 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-05 23:42 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-05 23:42 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-28 13:27 . 2009-02-11 20:29 <DIR> d-------- c:\users\Felipe Menezes\AppData\Roaming\Ventrilo
2009-01-28 13:27 . 2009-01-28 13:27 <DIR> d-------- c:\program files\Ventrilo
2009-01-28 13:27 . 2009-01-28 13:27 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-28 13:26 . 2009-01-28 13:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-28 03:41 . 2009-01-28 03:41 <DIR> d-------- c:\users\All Users\AOL OCP
2009-01-28 03:41 . 2009-01-28 03:42 <DIR> d-------- c:\users\All Users\AOL
2009-01-28 03:41 . 2009-01-28 03:41 <DIR> d-------- c:\programdata\AOL OCP
2009-01-28 03:41 . 2009-01-28 03:42 <DIR> d-------- c:\programdata\AOL
2009-01-26 08:29 . 2009-01-26 08:29 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-26 00:55 . 2009-01-28 00:45 68 --a------ c:\windows\felipe.INI
2009-01-23 05:02 . 2009-01-23 05:02 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-23 04:05 . 2009-01-23 04:05 <DIR> d-------- c:\users\All Users\Citrix
2009-01-23 04:05 . 2009-01-23 04:05 <DIR> d-------- c:\programdata\Citrix
2009-01-23 04:00 . 2009-01-23 04:00 61,224 --a------ c:\users\Felipe Menezes\GoToAssistDownloadHelper.exe
2009-01-23 03:53 . 2009-01-23 03:53 <DIR> d-------- c:\users\Felipe Menezes\AppData\Roaming\McAfee
2009-01-22 17:51 . 2009-01-22 17:51 <DIR> d-------- c:\users\All Users\Azureus
2009-01-22 17:51 . 2009-01-22 17:51 <DIR> d-------- c:\programdata\Azureus
2009-01-22 17:50 . 2009-01-23 03:20 <DIR> d-------- c:\users\Felipe Menezes\AppData\Roaming\Azureus
2009-01-22 17:50 . 2009-01-23 03:45 <DIR> d-------- c:\program files\Vuze
2009-01-22 17:50 . 2009-01-23 03:36 <DIR> d-------- c:\program files\AskBarDis
2009-01-22 17:09 . 2009-01-27 14:45 <DIR> d--h----- c:\windows\msdownld.tmp
2009-01-22 16:26 . 2009-01-22 16:27 <DIR> d-------- c:\users\Felipe Menezes\AppData\Roaming\DriverCure
2009-01-22 16:26 . 2009-01-22 16:26 <DIR> d-------- c:\users\All Users\ParetoLogic
2009-01-22 16:26 . 2009-01-23 03:44 <DIR> d-------- c:\users\All Users\DriverCure
2009-01-22 16:26 . 2009-01-22 16:26 <DIR> d-------- c:\programdata\ParetoLogic
2009-01-22 16:26 . 2009-01-23 03:44 <DIR> d-------- c:\programdata\DriverCure
2009-01-22 16:25 . 2009-01-22 16:25 <DIR> d-------- c:\users\All Users\Downloaded Installations
2009-01-22 16:25 . 2009-01-22 16:25 <DIR> d-------- c:\programdata\Downloaded Installations
2009-01-22 15:35 . 2009-01-22 15:35 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters
2009-01-22 15:35 . 2009-01-22 15:35 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters
2009-01-21 00:50 . 2009-01-22 15:06 68 --a------ c:\windows\razor.INI
2009-01-20 02:37 . 2009-01-20 02:47 <DIR> d-------- c:\users\All Users\Google
2009-01-20 02:36 . 2009-01-20 02:39 <DIR> d-------- c:\users\All Users\NOS
2009-01-20 02:36 . 2009-01-20 02:39 <DIR> d-------- c:\programdata\NOS
2009-01-20 02:36 . 2009-01-20 02:36 <DIR> d-------- c:\program files\NOS
2009-01-20 02:36 . 2009-02-11 23:05 <DIR> d-------- c:\program files\Google
2009-01-19 21:28 . 2009-01-19 21:28 <DIR> d-------- c:\program files\Microsoft
2009-01-17 16:54 . 2009-01-17 16:54 <DIR> d-------- c:\windows\System32\Adobe
2009-01-14 11:04 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 18:56 --------- d-----w c:\program files\McAfee
2009-02-12 23:35 --------- d-----w c:\program files\Steam
2009-02-12 23:26 716,800 ----a-w c:\windows\System32\SkinFeature.dll
2009-02-11 23:50 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 23:49 --------- d-----w c:\program files\Windows Mail
2009-02-11 10:29 --------- d-----w c:\program files\Bonjour
2009-02-07 01:13 --------- d-----w c:\program files\Common Files\Steam
2009-02-02 03:32 28,190 ----a-w c:\users\Felipe Menezes\AppData\Roaming\nvModes.dat
2009-02-02 03:09 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-28 08:43 --------- d-----w c:\program files\GameSpy Arcade
2009-01-26 13:29 --------- d-----w c:\program files\Java
2009-01-23 10:05 --------- d-----w c:\program files\MSBuild
2009-01-23 08:54 --------- d-----w c:\programdata\McAfee
2009-01-23 08:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 23:58 --------- d-----w c:\users\Felipe Menezes\AppData\Roaming\LimeWire
2009-01-20 07:41 --------- d-----w c:\program files\Common Files\Adobe
2009-01-19 02:15 --------- d-----w c:\program files\CyberLink
2009-01-19 02:11 --------- d---a-w c:\programdata\TEMP
2009-01-17 17:50 --------- d-----w c:\program files\Safari
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-15 01:28 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-09 14:59 --------- d-----w c:\programdata\Electronic Arts
2009-01-09 03:01 --------- d-----w c:\users\Felipe Menezes\AppData\Roaming\GTek
2009-01-08 22:26 --------- d-----w c:\program files\Yahoo!
2009-01-08 16:09 --------- d-----w c:\programdata\FLEXnet
2009-01-08 16:02 --------- d-----w c:\program files\Adobe Media Player
2009-01-08 16:00 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-08 15:55 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-08 15:40 --------- d-----w c:\users\Felipe Menezes\AppData\Roaming\Download Manager
2009-01-08 15:33 --------- d-----w c:\program files\Electronic Arts
2009-01-08 15:19 --------- d-----w c:\programdata\PassMark
2009-01-08 14:40 --------- d-----w c:\program files\Adobe(0)
2009-01-08 14:39 --------- d-----w c:\program files\Common Files\Adobe(1)
2009-01-08 13:46 --------- d-----w c:\program files\FlyGimp Pro
2009-01-08 13:40 --------- d-----w c:\users\Felipe Menezes\AppData\Roaming\EPSON
2008-12-31 12:38 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-31 08:15 682,280 ----a-w c:\windows\System32\pbsvc.exe
2008-12-31 08:15 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-31 08:15 22,328 ----a-w c:\users\Felipe Menezes\AppData\Roaming\PnkBstrK.sys
2008-12-31 07:36 10,056 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-12-31 07:30 682,280 ----a-w c:\windows\System32\pbsvc[1].exe
2008-12-30 01:17 --------- d-----w c:\program files\EA GAMES
2008-12-12 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 16:11 65,536 ----a-w c:\windows\System32\jdns_sd.dll
2008-12-12 16:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-11-14 19:29 112 ----a-w c:\users\Felipe Menezes\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-02-11_ 4.51.34.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2008-12-05 04:34:22 4,046,848 ----a-w c:\windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
- 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:35:09 1,957,888 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2009-02-12 05:55:10 2,119,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehepg\66f5e0bc60a4fe0436449217fa3bdffa\ehepg.ni.dll
+ 2009-02-12 05:55:48 305,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\ebe207ffeae6f025589c23dfb33c842b\ehepgdat.ni.dll
+ 2009-02-12 05:55:58 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\f98e5b3186c8e48621477a05e264e73e\ehExtCOM.ni.dll
+ 2009-02-12 05:55:59 242,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\cf5d56932dd9deb7f9dca3ae3a222642\ehExtHost.ni.exe
+ 2009-02-12 05:55:45 1,721,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\757c5789e30cbaad7a3c136fb611f354\ehRecObj.ni.dll
+ 2009-02-12 05:55:38 11,575,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\2fbbc44efab8b54702d6d2b9e0b879c6\ehshell.ni.dll
+ 2009-02-12 05:55:01 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\f1c4d243141cc2434b22a6929581c6c9\mcstore.ni.dll
+ 2009-02-12 05:56:06 253,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mcupdate\f09b0cb5443e0651e607083ff33ce998\mcupdate.ni.exe
+ 2009-02-12 05:55:14 659,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\[u]0[/u]41d6147fc2abe031ad4b007a031b428\Microsoft.MediaCenter.Sports.ni.dll
+ 2009-02-12 05:54:54 217,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\2170d1dbbea3ba2b2a2fa2ce7dcff6dd\Microsoft.MediaCenter.Shell.ni.dll
+ 2009-02-12 05:54:52 5,475,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5ce392dfd51b1ab765df143ef5c4845d\Microsoft.MediaCenter.UI.ni.dll
+ 2009-02-12 05:54:56 582,656 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f33fdf014aebbbc113eebaadabf073dd\Microsoft.MediaCenter.ni.dll
- 2008-01-21 02:25:13 180,224 ----a-w c:\windows\ehome\cbva.dll
+ 2008-12-05 04:32:35 180,224 ----a-w c:\windows\ehome\cbva.dll
- 2008-08-05 09:49:54 373,248 ----a-w c:\windows\ehome\ehglid.dll
+ 2008-12-05 04:32:30 373,248 ----a-w c:\windows\ehome\ehglid.dll
- 2008-08-05 09:49:54 105,472 ----a-w c:\windows\ehome\ehPresenter.dll
+ 2008-12-05 04:32:30 105,472 ----a-w c:\windows\ehome\ehPresenter.dll
- 2008-08-05 09:49:54 254,464 ----a-w c:\windows\ehome\ehReplay.dll
+ 2008-12-05 04:32:30 254,464 ----a-w c:\windows\ehome\ehReplay.dll
- 2008-08-05 09:51:30 4,046,848 ----a-w c:\windows\ehome\ehshell.dll
+ 2008-12-05 04:34:22 4,046,848 ----a-w c:\windows\ehome\ehshell.dll
- 2008-08-06 03:27:39 18,944 ----a-w c:\windows\ehome\ehtrace.dll
+ 2008-12-05 04:29:53 18,944 ----a-w c:\windows\ehome\ehtrace.dll
- 2008-08-05 09:49:54 522,240 ----a-w c:\windows\ehome\ehui.dll
+ 2008-12-05 04:32:30 522,240 ----a-w c:\windows\ehome\ehui.dll
- 2006-11-02 12:35:30 254,464 ----a-w c:\windows\ehome\ehvid.exe
+ 2008-12-05 04:31:42 253,952 ----a-w c:\windows\ehome\ehvid.exe
- 2008-08-05 09:49:28 173,056 ----a-w c:\windows\ehome\McrMgr.exe
+ 2008-12-05 04:32:03 173,056 ----a-w c:\windows\ehome\McrMgr.exe
- 2008-01-21 02:25:09 1,384,960 ----a-w c:\windows\ehome\Mcx2Filter.dll
+ 2008-12-05 04:32:31 1,384,960 ----a-w c:\windows\ehome\Mcx2Filter.dll
- 2008-08-05 09:51:56 1,957,888 ----a-w c:\windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:35:09 1,957,888 ----a-w c:\windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2009-02-11 10:29:55 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
- 2009-01-23 11:06:17 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-11 23:50:13 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-23 11:06:18 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-11 23:50:15 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-23 11:06:17 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-11 23:50:14 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-23 11:06:17 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-11 23:50:14 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-23 11:06:18 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-11 23:50:15 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-23 11:06:18 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-11 23:50:15 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-23 11:06:18 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-11 23:50:16 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-23 11:06:18 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-11 23:50:15 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-23 11:06:18 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-11 23:50:15 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-23 11:06:18 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-11 23:50:15 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-23 11:06:18 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-11 23:50:15 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-23 11:06:17 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-11 23:50:14 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-11 09:35:18 1,068,576 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-02-13 11:47:09 1,068,576 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-02-11 09:45:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-13 18:56:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-11 09:45:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-13 18:56:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-07 16:50:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 12:13:06 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-07 16:50:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 12:13:06 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-07 16:50:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 12:13:06 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-11 09:47:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-13 18:59:49 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-11 09:47:55 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-13 19:04:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-13 19:04:35 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-11 09:47:58 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-13 18:59:19 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-11 09:47:58 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 18:59:19 81,920 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-11 09:47:58 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-13 18:59:19 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-10 03:53:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-02-12 02:42:09 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-11 09:34:15 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-13 18:54:50 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-01-23 11:33:04 2,323,744 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-02-13 11:55:55 2,323,768 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\System32\mrt.exe
- 2009-02-11 09:42:45 106,696 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-13 19:02:39 106,696 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-11 09:42:45 603,282 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-13 19:02:39 603,282 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-07 02:05:37 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-13 11:47:23 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-02-11 09:38:39 4,418 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-451198742-2381960711-1833461244-1000_UserData.bin
+ 2009-02-13 19:00:05 5,142 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-451198742-2381960711-1833461244-1000_UserData.bin
- 2009-02-11 09:38:39 76,482 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-13 19:00:05 76,850 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-11 09:08:54 2,950 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-13 12:12:53 2,950 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-11 09:38:35 55,906 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-13 18:41:22 57,932 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-13 19:04:48 53,248 ----a-w c:\windows\Temp\catchme.dll
- 2009-02-07 01:52:12 91,983,412 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-11 23:50:40 93,333,773 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-05 04:30:48 864,256 ----a-w c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16784_none_d96a7db6d1ff1f37\ehepg.dll
+ 2008-12-05 04:30:11 864,256 ----a-w c:\windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20969_none_da0ebdb1eb0802f9\ehepg.dll
+ 2008-12-05 04:30:50 135,168 ----a-w c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16784_none_bcaffa6cc1ee8282\ehexthost.exe
+ 2008-12-05 04:30:14 135,168 ----a-w c:\windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20969_none_bd543a67daf76644\ehexthost.exe
+ 2008-12-05 04:30:53 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16784_none_fb93015109f3e077\ehiExtens.dll
+ 2008-12-05 04:30:16 77,824 ----a-w c:\windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20969_none_fc37414c22fcc439\ehiExtens.dll
+ 2008-12-05 04:30:59 4,374,528 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16784_none_895d98f744b2ad89\ehshell.dll
+ 2008-12-05 04:30:24 4,382,720 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20969_none_8a01d8f25dbb914b\ehshell.dll
+ 2008-12-05 04:34:22 4,046,848 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18177_none_8b51a86741ce6e8e\ehshell.dll
+ 2008-12-05 04:36:00 4,046,848 ----a-w c:\windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22322_none_8c0c55425ac80117\ehshell.dll
+ 2008-12-05 04:31:24 1,196,032 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16784_none_4e5b3cae98f7241f\Microsoft.MediaCenter.Shell.dll
+ 2008-12-05 04:30:50 1,269,760 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20969_none_4eff7ca9b20007e1\Microsoft.MediaCenter.Shell.dll
+ 2008-12-05 04:31:25 2,342,912 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16784_none_30e98b5e5a4b2139\Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:30:52 2,351,104 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20969_none_318dcb59735404fb\Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:35:09 1,957,888 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18177_none_32dd9ace5766e23e\Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:36:44 1,957,888 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22322_none_339847a9706074c7\Microsoft.MediaCenter.UI.dll
+ 2008-12-05 04:31:23 217,088 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16784_none_2344e451cf638d4f\Microsoft.MediaCenter.dll
+ 2008-12-05 04:30:50 217,088 ----a-w c:\windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20969_none_23e9244ce86c7111\Microsoft.MediaCenter.dll
+ 2008-12-05 04:29:53 1,384,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.16784_none_33d62fd51c82c373\Mcx2Filter.dll
+ 2008-12-05 04:26:48 1,384,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6000.20969_none_347a6fd0358ba735\Mcx2Filter.dll
+ 2008-12-05 04:32:31 1,384,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.18177_none_35ca3f45199e8478\Mcx2Filter.dll
+ 2008-12-05 04:34:07 1,384,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.0.6001.22322_none_3684ec2032981701\Mcx2Filter.dll
+ 2008-12-05 04:29:52 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16784_none_cbeae909ccde0eeb\cbva.dll
+ 2008-12-05 04:25:16 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.20969_none_cc8f2904e5e6f2ad\cbva.dll
+ 2008-12-05 04:32:35 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18177_none_cddef879c9f9cff0\cbva.dll
+ 2008-12-05 04:34:10 180,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22322_none_ce99a554e2f36279\cbva.dll
+ 2008-12-05 04:29:53 252,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16784_none_127ebd1ba2c97ee7\ehReplay.dll
+ 2008-12-05 04:25:50 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20969_none_1322fd16bbd262a9\ehReplay.dll
+ 2008-12-05 04:32:30 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18177_none_1472cc8b9fe53fec\ehReplay.dll
+ 2008-12-05 04:34:05 254,464 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22322_none_152d7966b8ded275\ehReplay.dll
+ 2008-12-05 04:29:53 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16784_none_31f12d71dd10e345\McrMgr.dll
+ 2008-12-05 04:29:27 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16784_none_31f12d71dd10e345\McrMgr.exe
+ 2008-12-05 04:26:44 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20969_none_32956d6cf619c707\McrMgr.dll
+ 2008-12-05 03:58:02 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20969_none_32956d6cf619c707\McrMgr.exe
+ 2008-01-21 02:25:14 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18177_none_33e53ce1da2ca44a\McrMgr.dll
+ 2008-12-05 04:32:03 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18177_none_33e53ce1da2ca44a\McrMgr.exe
+ 2008-12-05 04:34:07 6,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22322_none_349fe9bcf32636d3\McrMgr.dll
+ 2008-12-05 04:33:34 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22322_none_349fe9bcf32636d3\McrMgr.exe
+ 2008-12-05 04:29:53 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16784_none_2da4fc298558bab5\ehdebug.dll
+ 2008-12-05 04:25:49 21,504 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20969_none_2e493c249e619e77\ehdebug.dll
+ 2008-12-05 04:29:53 372,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16784_none_2d031f816d38bf90\ehglid.dll
+ 2008-12-05 04:25:50 372,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20969_none_2da75f7c8641a352\ehglid.dll
+ 2008-12-05 04:32:30 373,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18177_none_2ef72ef16a548095\ehglid.dll
+ 2008-12-05 04:34:05 373,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22322_none_2fb1dbcc834e131e\ehglid.dll
+ 2008-12-05 04:29:53 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16784_none_248fdca06510d584\ehPresenter.dll
+ 2008-12-05 04:25:50 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20969_none_25341c9b7e19b946\ehPresenter.dll
+ 2008-12-05 04:32:30 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18177_none_2683ec10622c9689\ehPresenter.dll
+ 2008-12-05 04:34:05 105,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22322_none_273e98eb7b262912\ehPresenter.dll
+ 2008-12-05 04:24:46 10,094,080 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16784_none_4fd348fd538edd36\ehres.dll
+ 2008-12-05 04:25:52 10,103,808 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20969_none_507788f86c97c0f8\ehres.dll
+ 2008-12-05 04:29:53 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16784_none_36840e2916f6a04b\ehtrace.dll
+ 2008-12-05 04:25:53 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20969_none_37284e242fff840d\ehtrace.dll
+ 2008-12-05 04:29:53 517,120 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16784_none_cc8b6153cc7e7350\ehui.dll
+ 2008-12-05 04:25:55 521,728 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20969_none_cd2fa14ee5875712\ehui.dll
+ 2008-12-05 04:32:30 522,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18177_none_ce7f70c3c99a3455\ehui.dll
+ 2008-12-05 04:34:05 522,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22322_none_cf3a1d9ee293c6de\ehui.dll
+ 2008-12-05 04:29:53 1,497,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16784_none_39d2538a2e5427f2\ehuihlp.dll
+ 2008-12-05 04:25:57 1,498,112 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20969_none_3a769385475d0bb4\ehuihlp.dll
+ 2008-12-05 04:29:20 253,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16784_none_4930035357d2652d\ehvid.exe
+ 2008-12-05 02:33:52 253,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.20969_none_49d4434e70db48ef\ehvid.exe
+ 2008-12-05 04:31:42 253,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18177_none_4b2412c354ee2632\ehvid.exe
+ 2008-12-05 04:33:17 253,952 ----a-w c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22322_none_4bdebf9e6de7b8bb\ehvid.exe
+ 2008-12-05 04:29:53 1,244,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16784_none_3cf1ae45629adada\mcmde.dll
+ 2008-12-05 04:26:44 1,244,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20969_none_3d95ee407ba3be9c\mcmde.dll
+ 2009-01-09 23:21:31 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16808_none_f0a9e19a6e4c873c\OESpamFilter.dat
+ 2009-01-08 23:21:51 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20995_none_f0cf2e3b87b5d67a\OESpamFilter.dat
+ 2009-01-08 23:21:09 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18202_none_f28a1e846b788023\OESpamFilter.dat
+ 2009-01-08 23:21:04 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22353_none_f2deabfd84bdc4f9\OESpamFilter.dat
+ 2008-12-05 04:29:53 428,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16784_none_de3f5b78917d51ec\EncDec.dll
+ 2008-12-05 04:25:58 428,032 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20969_none_dee39b73aa8635ae\EncDec.dll
+ 2008-12-05 04:32:35 428,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18177_none_e0336ae88e9912f1\EncDec.dll
+ 2008-12-05 04:34:10 428,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22322_none_e0ee17c3a792a57a\EncDec.dll
+ 2008-12-05 04:29:56 292,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16784_none_d9c47d325a265597\psisdecd.dll
+ 2008-12-05 04:28:37 292,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20969_none_da68bd2d732f3959\psisdecd.dll
+ 2008-12-05 04:32:36 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18177_none_dbb88ca25742169c\psisdecd.dll
+ 2008-12-05 04:34:10 293,376 ----a-w c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22322_none_dc73397d703ba925\psisdecd.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Felipe Menezes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Felipe Menezes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-07-08 12:11 159744 c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2009-01-07 16:10 3321856 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-20 21:25 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 18:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-01 18:10 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2008-06-02 02:55 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 19:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-07-11 20:48 641208 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-08 22:21 8497696 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-08 22:21 81920 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-10-08 22:21 86016 c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 15:54 554320 c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-19 16:31 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-12-19 21:27 468264 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-20 21:23 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-01-04 09:11 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-26 08:29 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-02-09 04:55 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
--------- 2008-06-13 18:11 210216 c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-08 17:53 311296 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-20 21:23 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-20 21:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D698F849-1921-4F8B-9A78-9A436F88BD28}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{31DA7BD7-98B3-4F98-8E3B-8500F1EB3677}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1C71E7B3-0A08-4248-A51F-8F202F1883CA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F2621E13-0D56-4501-88F5-AAB4D816790E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65B4C3C8-C8C7-491A-9E87-D86F17D25829}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{93429F37-1B3B-4F16-99B2-2B4CAE94EC7C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C595FEFC-72D6-4A05-BC3A-ED8965F268C8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DD1D300C-D513-4AF5-84F5-7032A7F0230E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{58AD120A-9ADF-4AD9-A5C8-64EE4E3A9F37}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{737553EE-8435-488B-B25D-D4A64BF71E72}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C9B61B8E-2BF1-457C-9560-53D2D07FC700}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{810A9199-1023-44E6-9204-3BA7519B4936}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{365C756F-7FFB-4EF1-8697-0B46123C15BD}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{4B64104E-236A-4C17-8A28-F46959E4D6C6}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{92C7739D-1C11-42DC-AF9E-DE75D78CAAF3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3A9CC403-F478-47C7-8C33-FD303ACBAEB3}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F5828DCB-B30C-444F-952C-F66B1BD41A6E}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F3854DC0-983C-42D3-A96C-D068047E0793}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{39EB9388-356F-4537-9708-424BED8DB504}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F6A5644A-0AA0-47D4-982B-126A6AA75B90}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{755B8EEE-0C30-48F7-8E93-47AD2C925BCD}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{AD6BB5DE-69A5-4FEB-AEAD-8490FE4A5AA6}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{461D00A0-651F-491B-8197-64BCD921C031}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{BF6F2481-9094-42A1-A5BF-07960F2AB0F2}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{17DBC1A7-34EF-45A8-9885-8684665BB9F2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A428C1C1-F358-404D-BEDF-2441FD378C4F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8B951A8C-2040-41B3-ADCD-AD73DE001287}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{9B039CBA-5AEF-47CC-BBAE-EF69985E2CBE}c:\\program files\\steam\\steamapps\\apse_maluko\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\apse_maluko\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{01D6AC4B-6660-4BBF-B00B-E8813D3C058A}c:\\program files\\steam\\steamapps\\apse_maluko\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\apse_maluko\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{6BBF9CFB-1BF7-4483-9084-E4F605428BE8}c:\\program files\\steam\\steamapps\\apse_maluko\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\apse_maluko\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{B39D4C9D-55D2-479E-96DF-23C831CC01DA}c:\\program files\\steam\\steamapps\\apse_maluko\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\apse_maluko\counter-strike\hl.exe:Half-Life Launcher
"{E54B063F-1E1A-463F-87C7-DE92CC3E5C17}"= UDP:5353:Adobe CSI CS4
"{957B5B6E-8EB6-4D9F-8515-9E533C2B20DA}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{BB87FD01-52C2-463E-B9A3-B389B8F4A95A}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{0E02ECB5-3CFD-479F-BCDE-197BB7154CB0}c:\\program files\\steam\\steamapps\\apse_maluko\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\apse_maluko\counter-strike source\hl2.exe:hl2
"UDP Query User{0F3DB486-24FA-482D-A8BD-1407580A8E43}c:\\program files\\steam\\steamapps\\apse_maluko\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\apse_maluko\counter-strike source\hl2.exe:hl2
"{4D27DF37-C9D5-456F-8005-29AB6601631E}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{31EC3119-B33D-495D-9942-47217F7943A7}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{4ABCD097-9543-45E8-9F3D-4991489A479A}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E6BFA9EE-6403-405F-B15F-13EED8585E98}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{46DB31C2-256C-445A-90DF-2131174EF848}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2965711C-490F-44F6-82D9-CADCA1697B78}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4C9EA3BF-60C6-4058-8469-0F69993B3C44}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6D89483C-66E7-4FBD-B3B4-F3AB1C8489D5}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{67559162-E463-4057-BD0F-A0B9B2E6302D}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{471313F8-B8BC-469F-825C-18D53A0E5098}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{0292ACE7-CCB1-4BC8-B9DE-DF4621538B46}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{2510165A-3B5B-4D8A-AADF-2D765047010C}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{DCF0D33C-2DD1-4539-B079-6FEABEA643D0}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary
"{7884C905-548F-4350-9308-C5F379C53E03}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B8E3044E-3E88-4CD4-B718-811F0F0B81E6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S2 0099121234550496mcinstcleanup;McAfee Application Installer Cleanup (0099121234550496);c:\windows\TEMP\[u]0[/u]09912~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\[u]0[/u]09912~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c98a7367834038;Google Update Service (gupdate1c98a7367834038);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-20 33752]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-07 206096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a12f1c3a-932f-11dd-be31-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20]

2009-02-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 23:59]

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 00:00]

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 20:10]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 20:10]

2009-02-13 c:\windows\Tasks\User_Feed_Synchronization-{8AB9CCA9-DA64-41A2-944B-A9520EE8B8D5}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 05:01]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mferkdk
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.
------- Supplementary Scan -------
.
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Felipe Menezes\AppData\Roaming\Mozilla\Firefox\Profiles\nlxbwq8v.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 14:04:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-13 14:06:47
ComboFix-quarantined-files.txt 2009-02-13 19:06:45

Pre-Run: 177,882,247,168 bytes free
Post-Run: 177,851,138,048 bytes free

537 --- E O F --- 2009-02-13 07:04:50

felipemenezes
New Member

Date Joined Feb 2009
Total Posts : 13

Posted 2/14/2009 12:58 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:35 AM, on 14/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Felipe Menezes\Desktop\FIX\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O23 - Service: McAfee Application Installer Cleanup (0099121234550496) (0099121234550496mcinstcleanup) - Unknown owner - C:\Windows\TEMP\009912~1.EXE (file missing)
O23 - Service: Google Update Service (gupdate1c98a7367834038) (gupdate1c98a7367834038) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6491 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 2/16/2009 4:38 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

Looks clean smile

Got rid of your problems ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

felipemenezes
New Member

Date Joined Feb 2009
Total Posts : 13

Posted 2/16/2009 4:41 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

yes, thank you.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12862

Posted 2/16/2009 4:42 PM (GMT +3)

$Quote: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Alert an admin about: C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

Sounds good smile

Now your computer problems are solved, it is time for the clean-up procedure. Download this file and save it on desktop as FIX_removal.exe

http://www.ctrlaltdel.dk/FIX_removal.exe

Double click FIX_removal.exe and follow the instructions - this will remove the programs that you have used during the cleaning process. Once the program is finished, reboot your computer to finalise the clean-up procedure.

I also suggest you read Tony Klein´s article :

So how did I get infected in the first place.

If you have any comments or questions, feel free to post back

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

$Post reply to : C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$ $Printable version of : C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove$

Forum Information

Currently it is Saturday, May 18, 2013 5:32 PM (GMT +3)
There are a total of 59,515 posts in 13,139 threads.
In the last 3 days there were 4 new threads and 5 reply posts. View Active Threads