Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection


  • This topic is locked This topic is locked
9 replies to this topic

#1 falafelboy

falafelboy

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 09 September 2009 - 07:16 PM

Hello

I reinstalled with a fresh copy of Windows XP and now have, I presume, a nasty virus. I cannot access any security related websites, or Microsoft updates.

The problem is that when I scan with various programs, I am not able to download the latest definitions. So i'm assuming that the results of a malwarebytes scan will be useless as I have received a clean bill of health.

Logs below and attached, as requested. Thanks for your time.

===========
============
=============


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 20:03:30.20 on Wed 09/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.792 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IPInSightLAN 01] "c:\program files\visual networks\visual ip insight\sympatico consumer\IPClient.exe" -l
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\hxovttsn.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-9 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S2 phteskn;Config Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-12 14336]

=============== Created Last 30 ================

2009-09-09 19:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-09-09 19:24 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-09-09 19:24 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-09-09 19:24 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-09-09 19:17 <DIR> --d----- c:\program files\Trend Micro
2009-09-09 18:56 <DIR> --d----- c:\windows\pss
2009-09-09 18:39 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-09-09 18:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 18:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-09 18:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 18:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-09 18:35 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-09 18:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-09 18:29 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-09 18:26 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-09 18:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-09 18:25 <DIR> --d----- c:\program files\Lavasoft
2009-09-09 18:06 <DIR> --ds---- c:\documents and settings\owner\UserData
2009-09-09 17:40 <DIR> --d----- c:\program files\Western Digital Corporation
2009-09-09 17:19 1,902 -------- c:\windows\system32\SetupBD.din
2009-09-09 17:19 154,112 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-09-09 17:19 154,112 a------- c:\windows\system32\drivers\e100b325.sys
2009-09-09 17:19 118,784 a------- c:\windows\system32\Prounstl.exe
2009-09-09 17:19 24,064 a------- c:\windows\system32\IntelNic.dll
2009-09-09 17:19 12,288 a------- c:\windows\system32\e100bmsg.dll
2009-09-09 17:19 5,110 a------- c:\windows\system32\e100b325.din
2009-09-09 17:19 <DIR> --d----- C:\drvrtmp
2009-09-09 17:07 6,345 a----r-- c:\windows\system32\DevMngr.vxd
2009-09-09 17:07 589,824 a------- c:\windows\system32\MCCDNSHLP_1-0-0_DSR.dll
2009-09-09 17:07 69,632 a------- c:\windows\system32\MCCDevice.dll
2009-09-09 17:07 6,048 a------- c:\windows\system32\MCC16.dll
2009-09-09 17:07 <DIR> --d----- c:\program files\common files\Motive
2009-09-09 17:03 135,168 a------- c:\windows\system32\igfxres.dll
2009-09-09 12:25 <DIR> --d----- c:\program files\Visual Networks
2009-09-09 12:25 98,108 -------- c:\windows\system32\drivers\ipvnmon.sys
2009-09-09 11:19 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-09-09 01:40 <DIR> --d----- c:\documents and settings\Owner
2009-09-09 01:40 <DIR> --ds---- c:\windows\system32\Microsoft
2009-09-09 01:38 13,192 ac------ c:\windows\system32\dllcache\tdasync.sys
2009-09-09 01:37 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-09-09 01:36 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-09-09 01:36 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-09-09 01:36 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-09-09 01:36 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-09-09 01:36 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-09-09 01:36 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-09-09 01:36 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-09-09 01:36 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-09-09 01:36 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-09-09 01:36 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-09-09 01:36 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-09-09 01:36 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-09-09 01:35 <DIR> --d----- c:\program files\common files\MSSoap
2009-09-09 01:33 <DIR> --d----- c:\program files\Online Services
2009-09-09 01:33 <DIR> --d----- c:\program files\Messenger
2009-09-09 01:33 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-09-09 01:33 <DIR> --d----- c:\program files\Windows NT
2009-09-08 21:27 <DIR> --d----- c:\program files\common files\ODBC
2009-09-08 21:27 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-09-08 21:27 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-09-09 17:10 155,995 a------- c:\windows\java\packages\BHF7N7PJ.ZIP
2009-09-09 17:10 2,232 a------- c:\windows\java\packages\data\BJ9FL37R.DAT
2009-09-09 17:10 2,678 a------- c:\windows\java\packages\data\FXBDNZB7.DAT
2009-09-09 17:10 2,678 a------- c:\windows\java\packages\data\QL3HZFXV.DAT
2009-09-09 17:10 2,678 a------- c:\windows\java\packages\data\PRZVHV79.DAT
2009-09-09 17:10 2,678 a------- c:\windows\java\packages\data\HV93F1BH.DAT
2009-09-09 17:10 2,678 a------- c:\windows\java\packages\data\ERJ7R7RJ.DAT
2009-09-09 01:47 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-09 01:34 21,640 a------- c:\windows\system32\emptyregdb.dat
2004-08-12 09:58 155,146 a--shr-- c:\windows\system32\zxyru.dll

============= FINISH: 20:03:40.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 September 2009 - 12:50 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 falafelboy

falafelboy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 10 September 2009 - 03:30 PM

Here is the log.

thank you.

=====
======
=======


ComboFix 09-09-09.09 - Owner 09/10/2009 16:23.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.665 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\system32\AVSredirect.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 16:44 . 2009-09-10 16:44 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-09-10 16:44 . 2009-09-10 16:44 -------- d-----w- c:\program files\TrueCrypt
2009-09-10 16:03 . 2009-09-10 16:03 -------- d-----w- c:\program files\RegiStax 5
2009-09-10 14:52 . 2009-09-10 14:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-10 14:52 . 2009-09-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-10 14:52 . 2009-09-10 15:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator
2009-09-10 14:52 . 2009-09-10 15:08 -------- d-----w- c:\program files\Spyware Terminator
2009-09-10 05:14 . 2009-09-10 05:17 -------- d-----w- c:\program files\Password Safe
2009-09-10 03:07 . 2009-09-10 03:07 -------- d-----w- c:\program files\ClipX
2009-09-10 02:25 . 2009-09-10 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-10 02:25 . 2009-09-10 02:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 02:17 . 2009-09-10 02:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\program files\Apple Software Update
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-09-10 02:14 . 2009-09-10 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-10 02:13 . 2009-09-10 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-10 02:13 . 2009-09-10 02:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-10 02:09 . 2007-05-17 21:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-09-10 02:09 . 2004-02-22 14:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-09-10 02:09 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-09-10 02:09 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-09-10 02:09 . 2009-09-10 02:09 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-10 02:09 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-09-10 02:09 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-09-10 02:09 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-09-10 02:09 . 2009-09-10 02:09 -------- d-----w- c:\program files\eRightSoft
2009-09-10 02:08 . 2009-09-10 02:08 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-10 02:08 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2009-09-10 02:01 . 2009-09-10 02:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-10 02:00 . 2009-09-10 02:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-10 01:59 . 2009-09-10 02:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2009-09-10 01:58 . 2009-09-10 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-10 01:54 . 2009-09-10 15:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-09-10 01:54 . 2009-09-10 01:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-09-10 01:43 . 2009-09-10 01:43 -------- d-----w- c:\program files\Intel
2009-09-10 01:01 . 2009-09-10 01:01 -------- d-----w- c:\program files\CCleaner
2009-09-10 00:59 . 2009-09-10 00:59 -------- d-----w- C:\Hotspot Shield
2009-09-10 00:59 . 2009-09-10 00:59 -------- d-----w- c:\program files\Hotspot Shield
2009-09-10 00:32 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-10 00:32 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-10 00:32 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-10 00:32 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 00:32 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-10 00:32 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-10 00:32 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-10 00:32 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-10 00:32 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-09 23:43 . 2009-09-09 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-09 23:26 . 2009-09-09 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-09 23:24 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-09 23:24 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-09-09 23:24 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-09-09 23:24 . 2009-09-09 23:24 -------- d-----w- c:\program files\Alwil Software
2009-09-09 23:17 . 2009-09-09 23:17 -------- d-----w- c:\program files\Trend Micro
2009-09-09 22:51 . 2009-09-09 22:51 -------- d-----w- c:\program files\7-Zip
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-09 22:39 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 22:39 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 22:35 . 2009-09-09 22:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 22:34 . 2009-09-09 22:34 -------- d-----w- c:\windows\Sun
2009-09-09 22:29 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-09 22:26 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-09 22:26 . 2009-09-09 22:26 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-09 22:25 . 2009-09-09 22:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-09 22:25 . 2009-09-09 22:25 -------- d-----w- c:\program files\Lavasoft
2009-09-09 22:25 . 2009-09-09 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-09 22:15 . 2009-09-09 22:15 12328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 22:06 . 2009-09-09 22:06 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-09-09 21:48 . 2009-09-09 21:48 -------- d-----w- c:\program files\Google
2009-09-09 21:40 . 2009-09-09 21:40 -------- d-----w- c:\program files\Western Digital Corporation
2009-09-09 21:27 . 2009-09-09 21:27 0 ----a-w- c:\windows\nsreg.dat
2009-09-09 21:27 . 2009-09-09 21:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-09-09 21:19 . 2009-09-09 21:19 -------- d-----w- C:\drvrtmp
2009-09-09 21:19 . 2004-02-18 21:40 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2009-09-09 21:19 . 2004-02-10 19:49 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-09-09 21:19 . 2004-02-10 19:49 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-09-09 21:19 . 2003-11-21 19:26 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-09-09 21:19 . 2003-07-28 10:55 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-09-09 21:09 . 2009-09-09 21:09 -------- d-----w- c:\windows\system32\CodeBaby
2009-09-09 21:09 . 2009-09-09 22:35 -------- d-----w- c:\program files\Java
2009-09-09 21:09 . 2009-09-09 21:09 -------- d-----w- c:\program files\Common Files\Java
2009-09-09 21:09 . 2009-09-09 21:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
2009-09-09 21:07 . 2009-09-09 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-09-09 21:07 . 2009-09-09 21:09 -------- d-----w- c:\program files\Common Files\Motive
2009-09-09 21:07 . 2004-04-19 17:09 589824 ----a-w- c:\windows\system32\MCCDNSHLP_1-0-0_DSR.dll
2009-09-09 21:07 . 2003-08-14 22:23 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2009-09-09 21:07 . 2003-07-17 21:16 6048 ----a-w- c:\windows\system32\MCC16.dll
2009-09-09 21:03 . 2005-07-19 22:05 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-09-09 16:25 . 2009-09-10 01:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 16:25 . 2009-09-09 16:25 -------- d-----w- c:\program files\Visual Networks
2009-09-09 16:25 . 2002-04-20 12:00 98108 ------w- c:\windows\system32\drivers\ipvnmon.sys
2009-09-09 16:25 . 2009-09-10 01:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-09 16:17 . 2009-09-09 16:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2009-09-09 15:19 . 2004-08-04 03:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:45 . 2009-09-10 18:44 -------- d-----w- c:\program files\QuickTime
2009-09-10 18:44 . 2009-09-10 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-10 18:44 . 2009-09-10 18:44 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 15:56 . 2009-09-10 01:54 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-09-10 01:39 . 2009-09-10 01:39 -------- d-----w- c:\program files\Analog Devices
2009-09-09 05:37 . 2009-09-09 05:37 -------- d-----w- c:\program files\microsoft frontpage
2009-09-09 05:34 . 2009-09-09 05:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2006-05-03 09:06 . 2009-09-10 02:09 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-10 02:09 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-10 02:09 216064 --sh--r- c:\windows\system32\nbDX.dll
2004-08-12 13:58 . 2004-08-12 13:58 155146 --sha-r- c:\windows\system32\zxyru.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-09-10 00:59 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-10 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" [2002-04-20 364544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4589:TCP"= 4589:TCP:cygvu

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/9/2009 6:26 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/9/2009 8:32 PM 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/10/2009 10:52 AM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2009 8:32 PM 20560]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [8/6/2009 2:58 PM 331824]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [7/22/2009 3:13 PM 28592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S2 phteskn;Config Boot;c:\windows\system32\svchost.exe -k netsvcs [8/12/2004 10:06 AM 14336]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [8/10/2009 7:19 PM 57640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SP_RSDRV2
*NewlyCreated* - SP_RSSRV
*NewlyCreated* - TRUECRYPT
*Deregistered* - IPVNMon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
phteskn
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hxovttsn.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=8w2iw6tvuadp&shva=1#inbox|http://ca.yahoo.com/?p=us|https://www.google.com/adsense/report/overview#
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\phteskn]
"ServiceDll"="c:\windows\system32\zxyru.dll"
.
Completion time: 2009-09-10 16:26
ComboFix-quarantined-files.txt 2009-09-10 20:26

Pre-Run: 234,363,412,480 bytes free
Post-Run: 234,376,962,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

210

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 September 2009 - 03:41 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

NetSvc::
phteskn

Driver::
phteskn

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 falafelboy

falafelboy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 10 September 2009 - 03:55 PM

My updates seem to be working now. here are the new logs.

thanks again.

===
====
=====

ComboFix 09-09-10.01 - Owner 09/10/2009 16:45.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.567 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PHTESKN
-------\Service_phteskn


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 16:44 . 2009-09-10 16:44 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-09-10 16:44 . 2009-09-10 16:44 -------- d-----w- c:\program files\TrueCrypt
2009-09-10 16:03 . 2009-09-10 16:03 -------- d-----w- c:\program files\RegiStax 5
2009-09-10 14:52 . 2009-09-10 14:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-10 14:52 . 2009-09-10 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-10 14:52 . 2009-09-10 15:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator
2009-09-10 14:52 . 2009-09-10 15:08 -------- d-----w- c:\program files\Spyware Terminator
2009-09-10 05:14 . 2009-09-10 05:17 -------- d-----w- c:\program files\Password Safe
2009-09-10 03:07 . 2009-09-10 03:07 -------- d-----w- c:\program files\ClipX
2009-09-10 02:25 . 2009-09-10 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-10 02:25 . 2009-09-10 02:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 02:17 . 2009-09-10 02:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\program files\Apple Software Update
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-09-10 02:14 . 2009-09-10 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-10 02:13 . 2009-09-10 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-10 02:13 . 2009-09-10 02:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-10 02:09 . 2007-05-17 21:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-09-10 02:09 . 2004-02-22 14:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-09-10 02:09 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-09-10 02:09 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-09-10 02:09 . 2009-09-10 02:09 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-10 02:09 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-09-10 02:09 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-09-10 02:09 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-09-10 02:09 . 2009-09-10 02:09 -------- d-----w- c:\program files\eRightSoft
2009-09-10 02:08 . 2009-09-10 02:08 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-10 02:08 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2009-09-10 02:01 . 2009-09-10 02:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-10 02:00 . 2009-09-10 02:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-10 01:59 . 2009-09-10 02:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2009-09-10 01:58 . 2009-09-10 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-10 01:54 . 2009-09-10 15:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-09-10 01:54 . 2009-09-10 01:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-09-10 01:43 . 2009-09-10 01:43 -------- d-----w- c:\program files\Intel
2009-09-10 01:01 . 2009-09-10 01:01 -------- d-----w- c:\program files\CCleaner
2009-09-10 00:59 . 2009-09-10 00:59 -------- d-----w- C:\Hotspot Shield
2009-09-10 00:59 . 2009-09-10 00:59 -------- d-----w- c:\program files\Hotspot Shield
2009-09-10 00:32 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-10 00:32 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-10 00:32 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-10 00:32 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 00:32 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-10 00:32 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-10 00:32 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-10 00:32 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-10 00:32 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-09 23:43 . 2009-09-09 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-09 23:26 . 2009-09-09 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-09 23:24 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-09 23:24 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-09-09 23:24 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-09-09 23:24 . 2009-09-09 23:24 -------- d-----w- c:\program files\Alwil Software
2009-09-09 23:17 . 2009-09-09 23:17 -------- d-----w- c:\program files\Trend Micro
2009-09-09 22:51 . 2009-09-09 22:51 -------- d-----w- c:\program files\7-Zip
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-09 22:39 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 22:39 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 22:35 . 2009-09-09 22:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 22:34 . 2009-09-09 22:34 -------- d-----w- c:\windows\Sun
2009-09-09 22:29 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-09 22:26 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-09 22:26 . 2009-09-09 22:26 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-09 22:25 . 2009-09-09 22:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-09 22:25 . 2009-09-09 22:25 -------- d-----w- c:\program files\Lavasoft
2009-09-09 22:25 . 2009-09-09 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-09 22:15 . 2009-09-09 22:15 12328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 22:06 . 2009-09-09 22:06 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-09-09 21:48 . 2009-09-09 21:48 -------- d-----w- c:\program files\Google
2009-09-09 21:40 . 2009-09-09 21:40 -------- d-----w- c:\program files\Western Digital Corporation
2009-09-09 21:27 . 2009-09-09 21:27 0 ----a-w- c:\windows\nsreg.dat
2009-09-09 21:27 . 2009-09-09 21:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-09-09 21:19 . 2009-09-09 21:19 -------- d-----w- C:\drvrtmp
2009-09-09 21:19 . 2004-02-18 21:40 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2009-09-09 21:19 . 2004-02-10 19:49 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-09-09 21:19 . 2004-02-10 19:49 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-09-09 21:19 . 2003-11-21 19:26 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-09-09 21:19 . 2003-07-28 10:55 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-09-09 21:09 . 2009-09-09 21:09 -------- d-----w- c:\windows\system32\CodeBaby
2009-09-09 21:09 . 2009-09-09 22:35 -------- d-----w- c:\program files\Java
2009-09-09 21:09 . 2009-09-09 21:09 -------- d-----w- c:\program files\Common Files\Java
2009-09-09 21:09 . 2009-09-09 21:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
2009-09-09 21:07 . 2009-09-09 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-09-09 21:07 . 2009-09-09 21:09 -------- d-----w- c:\program files\Common Files\Motive
2009-09-09 21:07 . 2004-04-19 17:09 589824 ----a-w- c:\windows\system32\MCCDNSHLP_1-0-0_DSR.dll
2009-09-09 21:07 . 2003-08-14 22:23 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2009-09-09 21:07 . 2003-07-17 21:16 6048 ----a-w- c:\windows\system32\MCC16.dll
2009-09-09 21:03 . 2005-07-19 22:05 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-09-09 16:25 . 2009-09-10 01:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 16:25 . 2009-09-09 16:25 -------- d-----w- c:\program files\Visual Networks
2009-09-09 16:25 . 2002-04-20 12:00 98108 ------w- c:\windows\system32\drivers\ipvnmon.sys
2009-09-09 16:25 . 2009-09-10 01:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-09 16:17 . 2009-09-09 16:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2009-09-09 15:19 . 2004-08-04 03:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:45 . 2009-09-10 18:44 -------- d-----w- c:\program files\QuickTime
2009-09-10 18:44 . 2009-09-10 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-10 18:44 . 2009-09-10 18:44 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 15:56 . 2009-09-10 01:54 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-09-10 01:39 . 2009-09-10 01:39 -------- d-----w- c:\program files\Analog Devices
2009-09-09 05:37 . 2009-09-09 05:37 -------- d-----w- c:\program files\microsoft frontpage
2009-09-09 05:34 . 2009-09-09 05:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2006-05-03 09:06 . 2009-09-10 02:09 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-10 02:09 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-10 02:09 216064 --sh--r- c:\windows\system32\nbDX.dll
2004-08-12 13:58 . 2004-08-12 13:58 155146 --sha-r- c:\windows\system32\zxyru.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_20.25.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 20:49 . 2009-09-10 20:49 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
+ 2009-09-10 20:49 . 2009-09-10 20:49 16384 c:\windows\Temp\Perflib_Perfdata_4e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-09-10 00:59 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-10 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" [2002-04-20 364544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4589:TCP"= 4589:TCP:cygvu

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/9/2009 6:26 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/9/2009 8:32 PM 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/10/2009 10:52 AM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2009 8:32 PM 20560]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [8/6/2009 2:58 PM 331824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [7/22/2009 3:13 PM 28592]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [8/10/2009 7:19 PM 57640]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hxovttsn.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=8w2iw6tvuadp&shva=1#inbox|http://ca.yahoo.com/?p=us|https://www.google.com/adsense/report/overview#
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 16:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-09-10 16:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 20:51
ComboFix2.txt 2009-09-10 20:26

Pre-Run: 234,378,645,504 bytes free
Post-Run: 234,300,243,968 bytes free

219

===
=======
==============


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:34 PM, on 9/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5581 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 10 September 2009 - 11:30 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4589:TCP"=-

SkipFix::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.



Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 falafelboy

falafelboy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 13 September 2009 - 01:34 PM

here are the lgos as requested. Smooth sailing, my friend!!!

======


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=67814cf007213e418583f5ea8ebf00a2
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-13 04:53:15
# local_time=2009-09-13 12:53:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 21 100 100 105285625000
# compatibility_mode=7937 61 100 100 2664682812500
# scanned=53714
# found=0
# cleaned=0
# scan_time=1074
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=6
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=67814cf007213e418583f5ea8ebf00a2
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-13 06:00:34
# local_time=2009-09-13 02:00:34 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=769 21 100 100 36745000000
# compatibility_mode=7937 61 100 100 2705067968750
# scanned=69931
# found=0
# cleaned=0
# scan_time=1307


======

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:33 PM, on 9/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5541 bytes


=======

Malwarebytes' Anti-Malware 1.41
Database version: 2791
Windows 5.1.2600 Service Pack 2

9/13/2009 1:24:11 PM
mbam-log-2009-09-13 (13-24-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159322
Time elapsed: 21 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


============

ComboFix 09-09-12.A0 - Owner 09/13/2009 12:55.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.628 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 16:32 . 2009-09-13 16:32 -------- d-----w- c:\program files\ESET
2009-09-12 20:00 . 2009-09-12 20:24 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-12 14:50 . 2009-09-12 18:02 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-09-12 14:43 . 2009-09-12 14:43 -------- d-----w- c:\program files\VideoLAN
2009-09-12 03:24 . 2009-09-12 03:24 -------- d-----w- C:\CWDS2Temp
2009-09-12 02:35 . 2009-09-12 02:37 -------- d-----w- c:\program files\Canon
2009-09-12 02:30 . 2009-09-12 02:35 -------- d-----w- c:\program files\Common Files\Canon
2009-09-12 01:53 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-09-12 01:53 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-09-12 01:53 . 2004-08-04 02:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-09-12 01:53 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-11 16:30 . 2009-09-11 16:30 -------- d-----w- c:\program files\MagicISO
2009-09-11 16:25 . 2009-09-11 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-11 15:56 . 2009-09-11 15:56 -------- d-----w- c:\program files\Bonjour
2009-09-11 15:49 . 2009-09-11 15:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-11 15:33 . 2009-09-11 15:33 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 15:32 . 2009-09-11 15:32 -------- d-----w- c:\program files\Microsoft.NET
2009-09-11 15:30 . 2009-09-11 15:31 -------- d-----w- c:\windows\SHELLNEW
2009-09-11 15:30 . 2009-09-11 15:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2009-09-11 15:30 . 2009-09-11 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-11 15:29 . 2009-09-11 15:29 -------- d-----r- C:\MSOCache
2009-09-11 15:27 . 2009-09-11 15:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2009-09-11 15:27 . 2009-09-11 15:27 -------- d-----w- c:\program files\PhotomatixPro3
2009-09-11 15:26 . 2009-09-11 15:26 -------- d-----w- c:\windows\system32\URTTemp
2009-09-11 15:20 . 2009-09-11 15:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Easy CD-DA Extractor
2009-09-11 15:20 . 2009-09-11 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-09-11 15:20 . 2009-09-11 15:21 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2009-09-11 15:20 . 2009-09-11 15:20 -------- d-----w- c:\windows\Easy CD-DA Extractor 12
2009-09-11 15:19 . 2009-09-11 15:19 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-09-11 15:17 . 2009-09-13 16:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-11 15:15 . 2009-09-11 15:15 -------- d-----w- c:\program files\RamBooster 2.0
2009-09-11 13:14 . 2009-09-13 16:31 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-09-11 01:46 . 2009-09-11 02:46 -------- d-----w- c:\documents and settings\Owner\.housecall6.6
2009-09-10 23:03 . 2004-08-12 14:10 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-10 23:01 . 2009-09-10 23:01 -------- d-----w- c:\windows\ServicePackFiles
2009-09-10 21:05 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-10 21:05 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-10 21:05 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-10 21:04 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-09-10 21:02 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-10 21:01 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-10 21:01 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-10 20:56 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-09-10 20:56 . 2009-09-10 23:05 -------- d--h--w- c:\windows\$hf_mig$
2009-09-10 16:44 . 2009-09-10 16:44 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-09-10 16:44 . 2009-09-10 16:44 -------- d-----w- c:\program files\TrueCrypt
2009-09-10 16:03 . 2009-09-10 16:03 -------- d-----w- c:\program files\RegiStax 5
2009-09-10 14:52 . 2009-09-10 14:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-10 14:52 . 2009-09-11 02:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator
2009-09-10 14:52 . 2009-09-10 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-09-10 14:52 . 2009-09-10 21:06 -------- d-----w- c:\program files\Spyware Terminator
2009-09-10 05:14 . 2009-09-11 14:44 -------- d-----w- c:\program files\Password Safe
2009-09-10 03:07 . 2009-09-10 03:07 -------- d-----w- c:\program files\ClipX
2009-09-10 02:25 . 2009-09-10 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-10 02:25 . 2009-09-10 02:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 02:17 . 2009-09-10 02:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\program files\Apple Software Update
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-09-10 02:14 . 2009-09-10 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-10 02:13 . 2009-09-10 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-10 02:13 . 2009-09-10 02:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-10 02:09 . 2007-05-17 21:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-09-10 02:09 . 2004-02-22 14:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-09-10 02:09 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-09-10 02:09 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-09-10 02:09 . 2009-09-10 02:09 -------- d-----w- c:\program files\AviSynth 2.5
2009-09-10 02:09 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-09-10 02:09 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-09-10 02:09 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-09-10 02:09 . 2009-09-10 02:09 -------- d-----w- c:\program files\eRightSoft
2009-09-10 02:08 . 2009-09-10 02:08 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-10 02:08 . 2009-09-10 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2009-09-10 02:01 . 2009-09-11 15:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-10 02:00 . 2009-09-10 02:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-10 01:59 . 2009-09-11 16:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2009-09-10 01:58 . 2009-09-10 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-10 01:54 . 2009-09-10 15:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-09-10 01:54 . 2009-09-10 01:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-09-10 01:43 . 2009-09-10 01:43 -------- d-----w- c:\program files\Intel
2009-09-10 01:01 . 2009-09-10 01:01 -------- d-----w- c:\program files\CCleaner
2009-09-10 00:59 . 2009-09-10 00:59 -------- d-----w- C:\Hotspot Shield
2009-09-10 00:59 . 2009-09-10 00:59 -------- d-----w- c:\program files\Hotspot Shield
2009-09-10 00:32 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-10 00:32 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-10 00:32 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-10 00:32 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 00:32 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-10 00:32 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-10 00:32 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-10 00:32 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-10 00:32 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-09 23:43 . 2009-09-09 23:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-09 23:26 . 2009-09-09 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-09 23:24 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-09 23:24 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-09-09 23:24 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-09-09 23:24 . 2009-09-09 23:24 -------- d-----w- c:\program files\Alwil Software
2009-09-09 23:17 . 2009-09-09 23:17 -------- d-----w- c:\program files\Trend Micro
2009-09-09 22:51 . 2009-09-09 22:51 -------- d-----w- c:\program files\7-Zip
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-09 22:39 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 22:39 . 2009-09-10 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 22:39 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 22:39 . 2009-09-09 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 22:35 . 2009-09-09 22:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 22:34 . 2009-09-09 22:34 -------- d-----w- c:\windows\Sun
2009-09-09 22:29 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-09 22:26 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-09 22:26 . 2009-09-09 22:26 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-09 22:25 . 2009-09-09 22:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-09 22:25 . 2009-09-09 22:25 -------- d-----w- c:\program files\Lavasoft
2009-09-09 22:25 . 2009-09-09 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-09 22:15 . 2009-09-11 16:24 43752 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-09 22:06 . 2009-09-09 22:06 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-09-09 21:48 . 2009-09-09 21:48 -------- d-----w- c:\program files\Google
2009-09-09 21:40 . 2009-09-09 21:40 -------- d-----w- c:\program files\Western Digital Corporation
2009-09-09 21:27 . 2009-09-09 21:27 0 ----a-w- c:\windows\nsreg.dat
2009-09-09 21:27 . 2009-09-09 21:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-09-09 21:19 . 2009-09-09 21:19 -------- d-----w- C:\drvrtmp
2009-09-09 21:19 . 2004-02-18 21:40 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2009-09-09 21:19 . 2004-02-10 19:49 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-09-09 21:19 . 2004-02-10 19:49 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-09-09 21:19 . 2003-11-21 19:26 118784 ----a-w- c:\windows\system32\Prounstl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 03:42 . 2009-09-10 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-11 13:18 . 2009-09-11 13:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2009-09-11 13:17 . 2009-09-11 13:15 -------- d-----w- c:\program files\Winamp
2009-09-11 13:15 . 2009-09-11 13:15 -------- d-----w- c:\program files\uTorrent
2009-09-10 18:45 . 2009-09-10 18:44 -------- d-----w- c:\program files\QuickTime
2009-09-10 18:44 . 2009-09-10 18:44 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 15:56 . 2009-09-10 01:54 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2009-09-10 01:39 . 2009-09-10 01:39 -------- d-----w- c:\program files\Analog Devices
2009-09-09 05:37 . 2009-09-09 05:37 -------- d-----w- c:\program files\microsoft frontpage
2009-09-09 05:34 . 2009-09-09 05:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:11 . 2004-08-12 14:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-12 14:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2004-08-12 13:57 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 18:55 . 2004-08-12 13:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 06:18 . 2004-08-12 14:10 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-26 16:18 . 2004-08-12 14:09 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2006-05-03 09:06 . 2009-09-10 02:09 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-10 02:09 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-10 02:09 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_20.25.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 17:40 . 2006-10-26 17:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80KOR.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80JPN.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ITA.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80FRA.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ESP.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ENU.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80DEU.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHT.dll
+ 2006-06-05 19:28 . 2006-06-05 19:28 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHS.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-06-05 19:47 . 2006-06-05 19:47 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
+ 2006-06-05 19:47 . 2006-06-05 19:47 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2009-09-13 16:57 . 2009-09-13 16:57 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
+ 2009-09-13 13:57 . 2009-09-13 13:57 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
+ 2009-09-13 16:57 . 2009-09-13 16:57 16384 c:\windows\Temp\Perflib_Perfdata_1c0.dat
+ 2008-10-16 18:09 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
+ 2009-09-09 05:35 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
+ 2009-09-09 05:35 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2005-01-28 17:44 . 2005-01-28 17:44 10752 c:\windows\system32\wpdtrace.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 66560 c:\windows\system32\wpdmtpus.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 61952 c:\windows\system32\wpdconns.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 38912 c:\windows\system32\wpd_ci.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 33792 c:\windows\system32\WMDMPS.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 28160 c:\windows\system32\WMDMLOG.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 38912 c:\windows\system32\wdfmgr.exe
+ 2005-01-28 17:44 . 2005-01-28 17:44 15872 c:\windows\system32\wdfapi.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 96752 c:\windows\system32\vxblock.dll
+ 2006-07-24 14:50 . 2006-07-24 14:50 47920 c:\windows\system32\VBAME.DLL
+ 2005-01-28 17:44 . 2005-01-28 17:44 47104 c:\windows\system32\uwdf.exe
+ 2003-02-21 09:16 . 2003-02-21 09:16 49152 c:\windows\system32\URTTemp\regtlib.exe
+ 2009-09-11 15:26 . 2003-02-20 23:09 77824 c:\windows\system32\URTTemp\mscorsn.dll
+ 2009-09-10 20:59 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-03-22 00:54 . 2007-03-22 00:54 69632 c:\windows\system32\TWUNK_32.EXE
+ 2007-03-22 00:54 . 2007-03-22 00:54 48560 c:\windows\system32\TWUNK_16.EXE
+ 2007-03-22 00:54 . 2007-03-22 00:54 77312 c:\windows\system32\TWAIN_32.DLL
+ 2004-08-12 14:07 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2009-09-11 15:17 . 1996-01-12 21:00 24576 c:\windows\system32\STKIT432.DLL
+ 2009-09-10 20:56 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-09-10 20:51 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2004-08-12 14:04 . 2004-08-12 14:04 55808 c:\windows\system32\secur32.dll
+ 2004-08-12 14:04 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2006-07-24 14:50 . 2006-07-24 14:50 39728 c:\windows\system32\SCP32.DLL
+ 2004-08-12 14:04 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2009-09-10 23:00 . 2005-07-19 22:09 94208 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe
+ 2009-09-10 23:00 . 2005-07-19 22:06 57344 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxsrvc.dll
+ 2009-09-10 23:00 . 2005-07-19 22:09 98304 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxext.exe
+ 2009-09-10 23:00 . 2005-07-19 22:10 36864 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxexps.dll
+ 2009-09-10 23:00 . 2005-07-19 22:06 86016 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxdo.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuTRK.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuTHA.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuSVE.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuRUS.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuPTG.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuPTB.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuPLK.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuNOR.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuNLD.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuKOR.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuJPN.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuITA.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuHUN.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuHEB.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuFRC.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuFRA.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuFIN.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuESP.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuENG.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuELL.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuDEU.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuDAN.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuCSY.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuCHT.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuCHS.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuARB.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 40960 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmuARA.dll
+ 2009-09-10 23:00 . 2005-07-19 22:26 38014 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmrnt5.dll
+ 2009-09-10 23:00 . 2005-07-19 22:26 49152 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmrem.dll
+ 2009-09-10 23:00 . 2005-07-19 22:26 61440 c:\windows\system32\ReinstallBackups\0008\DriverFiles\iAlmCoIn.dll
+ 2009-09-10 23:00 . 2005-07-19 22:06 77824 c:\windows\system32\ReinstallBackups\0008\DriverFiles\hkcmd.exe
+ 2009-09-10 23:00 . 2005-07-19 22:05 73728 c:\windows\system32\ReinstallBackups\0008\DriverFiles\hccutils.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 66032 c:\windows\system32\pxinsa64.exe
+ 2009-09-11 13:15 . 2009-04-28 20:20 72176 c:\windows\system32\pxhpinst.exe
+ 2009-09-11 13:15 . 2009-04-28 20:20 66544 c:\windows\system32\pxcpya64.exe
+ 2004-08-12 14:03 . 2009-06-26 16:18 39424 c:\windows\system32\pngfilt.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-12 14:03 . 2009-09-11 15:27 52764 c:\windows\system32\perfc009.dat
+ 2003-02-20 23:16 . 2003-02-20 23:16 32768 c:\windows\system32\netfxperf.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-12 14:01 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 25088 c:\windows\system32\MsPMSNSv.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 15360 c:\windows\system32\msisip.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 78848 c:\windows\system32\msiexec.exe
- 2009-09-09 05:32 . 2004-08-12 14:00 58880 c:\windows\system32\msdtclog.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2003-02-20 22:43 . 2003-02-20 22:43 16896 c:\windows\system32\mscorier.dll
+ 2004-08-12 14:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2006-01-03 23:14 . 2006-01-03 23:14 20480 c:\windows\system32\Macromed\Flash\UninstFl.exe
+ 2006-01-21 20:01 . 2006-01-21 20:01 25088 c:\windows\system32\Macromed\Flash\genuinst.exe
+ 2004-08-12 13:59 . 2005-01-28 17:44 96768 c:\windows\system32\logagent.exe
+ 2004-08-12 13:58 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-12 13:58 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 96256 c:\windows\system32\inseng.dll
- 2009-09-09 21:02 . 2005-07-19 22:09 94208 c:\windows\system32\igfxtray.exe
+ 2009-09-09 21:02 . 2005-09-20 13:35 94208 c:\windows\system32\igfxtray.exe
+ 2009-09-09 21:02 . 2005-09-20 13:32 57344 c:\windows\system32\igfxsrvc.dll
- 2009-09-09 21:02 . 2005-07-19 22:06 57344 c:\windows\system32\igfxsrvc.dll
+ 2009-09-09 21:02 . 2005-09-20 13:36 94208 c:\windows\system32\igfxext.exe
+ 2009-09-09 21:02 . 2005-09-20 13:36 40960 c:\windows\system32\igfxexps.dll
- 2009-09-09 21:02 . 2005-07-19 22:06 86016 c:\windows\system32\igfxdo.dll
+ 2009-09-09 21:02 . 2005-09-20 13:32 86016 c:\windows\system32\igfxdo.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuTRK.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuTRK.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuTHA.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuTHA.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuSVE.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuSVE.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuRUS.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuRUS.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuPTG.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuPTG.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuPTB.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuPTB.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuPLK.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuPLK.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuNOR.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuNOR.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuNLD.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuNLD.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuKOR.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuKOR.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuJPN.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuJPN.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuITA.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuITA.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuHUN.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuHUN.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuHEB.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuHEB.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuFRC.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuFRC.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuFRA.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuFRA.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuFIN.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuFIN.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuESP.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuESP.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuENG.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuENG.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuELL.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuELL.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuDEU.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuDEU.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuDAN.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuDAN.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuCSY.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuCSY.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuCHT.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuCHT.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuCHS.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuCHS.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuARB.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuARB.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 40960 c:\windows\system32\ialmuARA.dll
+ 2009-09-09 21:02 . 2005-09-20 13:37 40960 c:\windows\system32\ialmuARA.dll
+ 2009-09-09 21:02 . 2005-09-20 13:52 36990 c:\windows\system32\ialmrnt5.dll
+ 2009-09-09 21:02 . 2005-09-20 13:52 49152 c:\windows\system32\ialmrem.dll
- 2009-09-09 21:02 . 2005-07-19 22:26 49152 c:\windows\system32\ialmrem.dll
+ 2005-09-20 13:52 . 2005-09-20 13:52 61440 c:\windows\system32\iAlmCoIn_v4396.dll
- 2009-09-09 21:02 . 2005-07-19 22:06 77824 c:\windows\system32\hkcmd.exe
+ 2009-09-09 21:02 . 2005-09-20 13:32 77824 c:\windows\system32\hkcmd.exe
+ 2009-09-09 21:02 . 2005-09-20 13:31 73728 c:\windows\system32\hccutils.dll
- 2009-09-09 21:02 . 2005-07-19 22:05 73728 c:\windows\system32\hccutils.dll
+ 2006-10-26 18:10 . 2006-10-26 18:10 33088 c:\windows\system32\FM20ENU.DLL
- 2004-08-12 13:57 . 2004-08-12 13:57 55808 c:\windows\system32\extmgr.dll
+ 2004-08-12 13:57 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll
+ 2004-08-12 13:57 . 2005-01-28 17:44 96768 c:\windows\system32\drmstor.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 18944 c:\windows\system32\drivers\wpdusb.sys
+ 2009-09-11 13:15 . 2009-04-28 20:20 44944 c:\windows\system32\drivers\PxHelp20.sys
+ 2006-02-28 16:41 . 2006-02-28 16:41 53248 c:\windows\system32\dnssd.dll
+ 2006-02-28 16:41 . 2006-02-28 16:41 61440 c:\windows\system32\dns-sd.exe
+ 2009-09-09 05:35 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2009-09-09 05:35 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-12 14:09 . 2005-01-28 17:44 33792 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 28160 c:\windows\system32\dllcache\wmdmlog.dll
+ 2004-08-12 14:07 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
- 2004-08-12 14:04 . 2004-08-12 14:04 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-12 14:04 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-12 14:04 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-12 14:03 . 2004-08-12 14:03 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-12 14:03 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-12 14:01 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 25088 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2009-09-09 05:32 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2009-09-09 05:32 . 2004-08-12 14:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-12 14:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-12 13:59 . 2005-01-28 17:44 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-12 13:58 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-12 13:58 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-12 13:58 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-09-09 05:34 . 2004-08-12 13:58 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-09-09 05:34 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-12 13:57 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
- 2004-08-12 13:57 . 2004-08-12 13:57 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-12 13:57 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-12 13:57 . 2005-01-28 17:44 96768 c:\windows\system32\dllcache\drmstor.dll
+ 2009-09-09 05:32 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-12 13:56 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-12 13:55 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-12 13:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-09-09 05:32 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-12 13:56 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
+ 2004-08-12 13:55 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 84992 c:\windows\system32\avifil32.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 96768 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2009-09-11 13:16 . 2004-08-12 13:57 87040 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 96768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2009-09-11 13:16 . 2005-01-28 17:44 18944 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2009-09-11 13:16 . 2005-01-28 17:44 10752 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 66560 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 61952 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2009-09-11 13:16 . 2005-01-28 17:44 15872 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 47104 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2009-09-11 13:16 . 2005-01-28 17:44 33792 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 28160 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2009-09-11 13:16 . 2004-08-12 14:09 23552 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2009-09-11 13:16 . 2004-08-12 14:09 27136 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2009-09-11 13:16 . 2004-08-12 14:01 52224 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2003-02-21 00:10 . 2003-02-21 00:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 11:26 . 2003-02-21 11:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 23:09 . 2003-02-20 23:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 22:43 . 2003-02-20 22:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 23:18 . 2003-02-20 23:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 23:06 . 2003-02-20 23:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 11:25 . 2003-02-21 11:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 11:25 . 2003-02-21 11:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 23:22 . 2003-02-20 23:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 08:12 . 2003-02-21 08:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 14:20 . 2003-02-21 14:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 23:09 . 2003-02-20 23:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 23:19 . 2003-02-20 23:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 09:00 . 2003-02-21 09:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 07:55 . 2003-02-21 07:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 06:59 . 2003-02-21 06:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 57344 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-09-11 15:31 . 2009-09-11 15:31 48128 c:\windows\Installer\35db51.msi
+ 2009-09-12 02:36 . 2009-09-12 02:36 40960 c:\windows\Installer\{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}\ARPPRODUCTICON.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-09-12 02:37 . 2009-09-12 02:37 40960 c:\windows\Installer\{35260E0B-A8C2-4D25-97E2-448DE7275C85}\ARPPRODUCTICON.exe
+ 2009-09-12 02:36 . 2009-09-12 02:36 40960 c:\windows\Installer\{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}\ARPPRODUCTICON.exe
+ 2009-09-11 15:26 . 2009-09-11 15:26 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4583a073\System.Drawing.Design.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_780cf574\CustomMarshalers.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 11544 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 12080 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 12112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2009-09-11 15:32 . 2009-09-11 15:32 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 64288 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 20280 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-09-11 15:32 . 2009-09-11 15:32 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2003-02-20 22:43 . 2003-02-20 22:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\laprxy.dll
+ 2004-08-12 13:58 . 2005-01-28 17:44 6656 c:\windows\system32\laprxy.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2009-09-11 13:15 . 2009-04-28 20:20 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2004-08-12 13:58 . 2005-01-28 17:44 6656 c:\windows\system32\dllcache\laprxy.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 6656 c:\windows\system32\dllcache\laprxy.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2009-09-11 13:16 . 2004-08-12 13:58 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 5120 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2002-06-27 16:45 . 2002-06-27 16:45 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-07-19 15:52 . 2002-07-19 15:52 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 13:42 . 2002-05-14 13:42 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2009-09-10 21:01 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
+ 2009-09-09 05:35 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2009-09-09 05:35 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2009-09-09 05:35 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 331264 c:\windows\system32\wpdsp.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 331776 c:\windows\system32\wpdmtpdr.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 114176 c:\windows\system32\wpdmtp.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 895736 c:\windows\system32\wmvdmod.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 940544 c:\windows\system32\wmspdmoe.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 413944 c:\windows\system32\wmspdmod.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 774904 c:\windows\system32\wmsdmod.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 150016 c:\windows\system32\wmidx.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 290816 c:\windows\system32\WMDRMNet.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 335872 c:\windows\system32\WMDRMdev.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 224768 c:\windows\system32\wmasf.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 716288 c:\windows\system32\wmadmoe.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 396528 c:\windows\system32\wmadmod.dll
+ 2004-08-12 14:09 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2004-08-12 14:09 . 2004-08-12 14:09 132096 c:\windows\system32\wkssvc.dll
+ 2006-10-26 17:45 . 2006-10-26 17:45 293376 c:\windows\system32\WISPTIS.EXE
- 2004-08-12 14:09 . 2004-08-12 14:09 351232 c:\windows\system32\winhttp.dll
+ 2004-08-12 14:09 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2009-09-09 05:32 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-09-09 05:32 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-09-09 05:32 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-08-12 14:08 . 2004-08-12 14:08 417792 c:\windows\system32\vbscript.dll
+ 2004-08-12 14:08 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
+ 2009-09-11 15:26 . 2003-02-21 08:42 348160 c:\windows\system32\URTTemp\msvcr71.dll
+ 2009-09-11 15:26 . 2003-02-20 23:06 155648 c:\windows\system32\URTTemp\mscoree.dll
+ 2009-09-11 15:26 . 2003-02-20 23:06 282624 c:\windows\system32\URTTemp\fusion.dll
+ 2004-08-12 14:08 . 2009-06-26 16:18 616448 c:\windows\system32\urlmon.dll
+ 2004-08-12 14:06 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-12 14:05 . 2009-06-26 16:18 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-12 14:05 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2004-08-12 14:04 . 2004-08-12 14:04 144896 c:\windows\system32\schannel.dll
+ 2004-08-12 14:04 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2004-08-12 14:04 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-12 14:04 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
+ 2009-09-10 23:00 . 2005-07-19 22:18 524288 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igldev32.dll
+ 2009-09-10 23:00 . 2005-07-19 22:09 114688 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxzoom.exe
+ 2009-09-10 23:00 . 2005-07-19 22:06 159744 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxsrvc.exe
+ 2009-09-10 23:00 . 2005-07-19 22:09 147456 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxpph.dll
+ 2009-09-10 23:00 . 2005-07-19 22:10 114688 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxpers.exe
+ 2009-09-10 23:00 . 2005-07-19 22:05 135168 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxdev.dll
+ 2009-09-10 23:00 . 2005-07-19 22:08 438272 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxcfg.exe
+ 2009-09-10 23:00 . 2005-07-19 22:10 114688 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmudlg.exe
+ 2009-09-10 23:00 . 2005-07-19 22:26 116859 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmdnt5.dll
+ 2009-09-10 23:00 . 2005-07-19 22:26 212090 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmdev5.dll
+ 2009-09-10 23:00 . 2005-07-19 22:33 899706 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmdd5.dll
+ 2004-08-12 14:03 . 2005-01-28 17:44 221184 c:\windows\system32\qasf.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 436720 c:\windows\system32\pxwave.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 219632 c:\windows\system32\pxmas.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 551408 c:\windows\system32\pxdrv.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 129520 c:\windows\system32\pxafs.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 670192 c:\windows\system32\px.dll
+ 2004-08-12 14:03 . 2009-09-11 15:27 380350 c:\windows\system32\perfh009.dat
- 2004-08-12 14:03 . 2004-08-12 14:03 283648 c:\windows\system32\pdh.dll
+ 2004-08-12 14:03 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
+ 2004-08-12 14:02 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-12 14:01 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2004-08-12 14:01 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 245248 c:\windows\system32\mswsock.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 315904 c:\windows\system32\MSWMDM.dll
+ 2009-09-09 05:32 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2004-08-12 14:01 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll
+ 2006-07-24 14:50 . 2006-07-24 14:50 125744 c:\windows\system32\MSSTDFMT.DLL
+ 2004-08-12 14:01 . 2005-01-28 17:44 364784 c:\windows\system32\MSSCP.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 146432 c:\windows\system32\msrating.dll
+ 2004-08-12 14:01 . 2009-06-26 16:18 146432 c:\windows\system32\msrating.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 173568 c:\windows\system32\MsPMSP.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 142336 c:\windows\system32\msnetobj.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 884736 c:\windows\system32\msimsg.dll
- 2004-08-12 14:00 . 2004-08-12 14:00 884736 c:\windows\system32\msimsg.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 271360 c:\windows\system32\msihnd.dll
+ 2004-08-12 14:00 . 2009-06-26 16:18 449024 c:\windows\system32\mshtmled.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 106496 c:\windows\system32\mscories.dll
+ 2003-02-20 23:06 . 2003-02-20 23:06 155648 c:\windows\system32\mscoree.dll
+ 2004-08-12 13:59 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-12 13:59 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-12 13:58 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-12 13:58 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 450560 c:\windows\system32\jscript.dll
+ 2006-10-26 17:45 . 2006-10-26 17:45 207360 c:\windows\system32\INKED.DLL
+ 2009-09-09 05:34 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2009-09-09 21:02 . 2005-09-20 13:44 524288 c:\windows\system32\igldev32.dll
- 2009-09-09 21:02 . 2005-07-19 22:18 524288 c:\windows\system32\igldev32.dll
- 2009-09-09 21:02 . 2005-07-19 22:09 114688 c:\windows\system32\igfxzoom.exe
+ 2009-09-09 21:02 . 2005-09-20 13:36 114688 c:\windows\system32\igfxzoom.exe
+ 2009-09-09 21:02 . 2005-09-20 13:32 159744 c:\windows\system32\igfxsrvc.exe
- 2009-09-09 21:02 . 2005-07-19 22:06 159744 c:\windows\system32\igfxsrvc.exe
+ 2009-09-09 21:03 . 2005-09-20 13:31 135168 c:\windows\system32\igfxres.dll
- 2009-09-09 21:03 . 2005-07-19 22:05 135168 c:\windows\system32\igfxres.dll
- 2009-09-09 21:02 . 2005-07-19 22:09 147456 c:\windows\system32\igfxpph.dll
+ 2009-09-09 21:02 . 2005-09-20 13:35 147456 c:\windows\system32\igfxpph.dll
+ 2009-09-09 21:02 . 2005-09-20 13:36 114688 c:\windows\system32\igfxpers.exe
- 2009-09-09 21:02 . 2005-07-19 22:10 114688 c:\windows\system32\igfxpers.exe
+ 2009-09-09 21:02 . 2005-09-20 13:31 135168 c:\windows\system32\igfxdev.dll
- 2009-09-09 21:02 . 2005-07-19 22:05 135168 c:\windows\system32\igfxdev.dll
+ 2009-09-09 21:02 . 2005-09-20 13:35 446464 c:\windows\system32\igfxcfg.exe
+ 2004-08-12 13:58 . 2009-06-26 16:18 251392 c:\windows\system32\iepeers.dll
- 2009-09-09 21:02 . 2005-07-19 22:10 114688 c:\windows\system32\ialmudlg.exe
+ 2009-09-09 21:02 . 2005-09-20 13:37 114688 c:\windows\system32\ialmudlg.exe
+ 2009-09-09 21:02 . 2005-09-20 13:52 118395 c:\windows\system32\ialmdnt5.dll
+ 2009-09-09 21:02 . 2005-09-20 13:52 213274 c:\windows\system32\ialmdev5.dll
+ 2009-09-09 21:02 . 2005-09-20 13:59 900218 c:\windows\system32\ialmdd5.dll
+ 2004-08-12 13:57 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2004-08-12 13:57 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2004-08-12 13:57 . 2009-06-26 16:18 205312 c:\windows\system32\dxtrans.dll
- 2004-08-12 13:57 . 2004-08-12 13:57 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-12 13:57 . 2009-06-26 16:18 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-12 13:57 . 2005-01-28 17:44 502272 c:\windows\system32\drmv2clt.dll
+ 2004-08-12 13:57 . 2005-01-28 17:44 258296 c:\windows\system32\drmclien.dll
+ 2004-08-12 14:07 . 2004-09-01 22:27 209280 c:\windows\system32\drivers\update.sys
+ 2004-08-12 14:07 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-12 14:07 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-12 14:06 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2004-08-12 14:04 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-12 14:00 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-12 13:55 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-12 13:56 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2009-09-09 05:35 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2009-09-09 05:35 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2009-09-09 05:35 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2009-09-09 05:33 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-12 14:10 . 2005-01-28 17:44 895736 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 940544 c:\windows\system32\dllcache\wmspdmoe.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 413944 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 774904 c:\windows\system32\dllcache\wmsdmod.dll
- 2004-08-12 14:10 . 2004-08-12 14:10 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-12 14:10 . 2009-07-13 06:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-09-09 05:32 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-09-09 05:32 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 150016 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 224768 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 716288 c:\windows\system32\dllcache\wmadmoe.dll
+ 2004-08-12 14:09 . 2005-01-28 17:44 396528 c:\windows\system32\dllcache\wmadmod.dll
+ 2004-08-12 14:09 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-12 14:09 . 2004-08-12 14:09 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-12 14:09 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-12 14:09 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-12 14:09 . 2004-08-12 14:09 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-12 14:08 . 2004-08-12 14:08 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-12 14:08 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-12 14:08 . 2009-06-26 16:18 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-12 14:07 . 2004-09-01 22:27 209280 c:\windows\system32\dllcache\update.sys
+ 2009-09-09 05:34 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-09-09 05:34 . 2004-08-12 14:07 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-12 14:07 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-12 14:07 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-12 14:07 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-12 14:06 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-12 14:06 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2004-08-12 14:05 . 2009-06-26 16:18 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-12 14:05 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2004-08-12 14:04 . 2004-08-12 14:04 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-12 14:04 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-12 14:04 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-12 14:04 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-12 14:04 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-12 14:03 . 2005-01-28 17:44 221184 c:\windows\system32\dllcache\qasf.dll
- 2004-08-12 14:03 . 2004-08-12 14:03 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-12 14:03 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-12 14:02 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-12 14:01 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-12 14:01 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 315904 c:\windows\system32\dllcache\mswmdm.dll
+ 2004-08-12 14:01 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-09-09 05:32 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-12 14:01 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 364784 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-12 14:01 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-12 14:01 . 2004-08-12 14:01 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 173568 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-12 14:01 . 2005-01-28 17:44 142336 c:\windows\system32\dllcache\msnetobj.dll
- 2004-08-12 14:00 . 2004-08-12 14:00 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 884736 c:\windows\system32\dllcache\msimsg.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 271360 c:\windows\system32\dllcache\msihnd.dll
+ 2004-08-12 14:00 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-09-09 05:32 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-09-09 05:34 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
- 2009-09-09 05:34 . 2004-08-12 14:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-12 13:59 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-12 13:59 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-12 13:58 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-12 13:58 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
- 2004-08-12 13:58 . 2004-08-12 13:58 450560 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-09 05:34 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2004-08-12 13:58 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-12 13:57 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2009-09-09 05:32 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-12 13:57 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2004-08-12 13:57 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-12 13:57 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-12 13:57 . 2004-08-12 13:57 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-12 13:57 . 2005-01-28 17:44 502272 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-12 13:57 . 2005-01-28 17:44 258296 c:\windows\system32\dllcache\drmclien.dll
+ 2004-08-12 13:56 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-12 13:56 . 2005-01-28 17:44 164864 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-12 13:56 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-12 13:55 . 2005-01-28 17:44 294912 c:\windows\system32\dllcache\blackbox.dll
+ 2004-08-12 13:55 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2004-08-12 13:55 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-12 13:55 . 2006-08-16 11:58 100352 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-12 13:56 . 2005-01-28 17:44 164864 c:\windows\system32\cewmdm.dll
+ 2004-08-12 13:56 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll
+ 2004-08-12 13:55 . 2005-01-28 17:44 294912 c:\windows\system32\blackbox.dll
+ 2004-08-12 13:55 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 616960 c:\windows\system32\advapi32.dll
- 2004-08-12 13:55 . 2004-08-12 13:55 100352 c:\windows\system32\6to4svc.dll
+ 2004-08-12 13:55 . 2006-08-16 11:58 100352 c:\windows\system32\6to4svc.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 142336 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 502272 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 258296 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 294912 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2009-09-11 13:16 . 2004-08-12 14:01 259072 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2009-09-11 13:16 . 2004-08-12 13:57 695296 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2009-09-11 13:16 . 2004-08-12 13:57 299520 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2009-09-11 13:16 . 2004-08-12 13:55 286208 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 940544 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 150016 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 290816 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 335872 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 224768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 716288 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 221184 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2009-09-11 13:16 . 2004-08-12 14:10 896512 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2009-09-11 13:16 . 2004-08-12 14:09 151552 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2009-09-11 13:16 . 2004-08-12 14:09 230400 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2009-09-11 13:16 . 2004-08-12 14:09 670720 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2009-09-11 13:16 . 2004-08-12 14:03 237568 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2009-09-11 13:16 . 2008-06-10 05:31 103936 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2009-09-11 13:16 . 2005-01-28 17:44 895736 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 413944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 774904 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 396528 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2009-09-11 13:16 . 2004-08-12 14:10 809984 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2009-09-11 13:16 . 2004-08-12 14:10 484864 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2009-09-11 13:16 . 2004-08-12 14:10 759296 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2009-09-11 13:16 . 2004-08-12 14:09 408064 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 331264 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 331776 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 114176 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 315904 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 364784 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 173568 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 164864 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2009-09-11 13:16 . 2004-08-12 14:01 245760 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2009-09-11 13:16 . 2004-08-12 14:01 356352 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2009-09-11 13:16 . 2004-08-12 14:01 201728 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2009-09-11 13:16 . 2004-08-12 13:56 159232 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2003-02-21 14:20 . 2003-02-21 14:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 11:27 . 2003-02-21 11:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 08:42 . 2003-02-21 08:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 22:43 . 2003-02-20 22:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 23:06 . 2003-02-20 23:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 23:06 . 2003-02-20 23:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 23:16 . 2003-02-20 23:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 14:21 . 2003-02-21 14:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 14:21 . 2003-02-21 14:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 15:11 . 2002-07-29 15:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 23:19 . 2003-02-20 23:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 09:04 . 2003-02-21 09:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 07:02 . 2003-02-21 07:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-20 22:43 . 2003-02-20 22:43 131072 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2009-09-11 15:32 . 2009-09-11 15:32 501248 c:\windows\Installer\35db95.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 501248 c:\windows\Installer\35db7d.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 506880 c:\windows\Installer\35db77.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 516608 c:\windows\Installer\35db70.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 513024 c:\windows\Installer\35db69.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 501248 c:\windows\Installer\35db5d.msi
+ 2009-09-11 15:30 . 2009-09-11 15:30 501248 c:\windows\Installer\35db36.msi
+ 2009-09-11 15:30 . 2009-09-11 15:30 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-09-11 15:20 . 2009-09-11 15:20 574464 c:\windows\Easy CD-DA Extractor 12\uninstall.exe
+ 2009-09-10 21:02 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-09-10 21:01 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-09-11 15:26 . 2009-09-11 15:26 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_a7e250d6\System.Drawing.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 416544 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-09-11 15:33 . 2009-09-11 15:33 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2009-09-11 15:26 . 2009-09-11 15:26 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 781104 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 248632 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 150320 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-09-10 21:00 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 17:40 . 2006-10-26 17:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-06-05 19:47 . 2006-06-05 19:47 1080320 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 19:47 . 2006-06-05 19:47 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2009-09-09 05:35 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 1003008 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 2370296 c:\windows\system32\wmvcore.dll
+ 2005-01-28 17:44 . 2005-01-28 17:44 1512448 c:\windows\system32\WMVADVE.DLL
+ 2005-01-28 17:44 . 2005-01-28 17:44 1218808 c:\windows\system32\wmvadvd.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 1119744 c:\windows\system32\wmsdmoe2.dll
- 2004-08-12 14:10 . 2004-08-12 14:10 1119744 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-12 14:10 . 2009-07-13 06:18 4960256 c:\windows\system32\wmp.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 1027072 c:\windows\system32\wmnetmgr.dll
+ 2004-08-12 14:09 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2009-09-11 15:26 . 2003-02-20 23:08 2482176 c:\windows\system32\URTTemp\mscorwks.dll
+ 2004-08-12 14:05 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2004-08-12 14:05 . 2009-07-18 16:20 1506304 c:\windows\system32\shdocvw.dll
+ 2009-09-10 23:00 . 2005-07-19 22:16 2310144 c:\windows\system32\ReinstallBackups\0008\DriverFiles\iglicd32.dll
+ 2009-09-10 23:00 . 2005-07-19 22:09 1503232 c:\windows\system32\ReinstallBackups\0008\DriverFiles\igfxress.dll
+ 2009-09-10 23:00 . 2005-07-19 22:34 1049180 c:\windows\system32\ReinstallBackups\0008\DriverFiles\ialmnt5.sys
+ 2004-08-12 14:03 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll
+ 2009-09-11 13:15 . 2009-04-28 20:20 1858032 c:\windows\system32\pxsfs.dll
+ 2004-08-12 14:02 . 2009-02-06 17:24 2180480 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-12 14:01 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2004-08-12 14:01 . 2004-02-24 00:42 1386496 c:\windows\system32\msvbvm60.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 2890240 c:\windows\system32\msi.dll
+ 2004-08-12 14:00 . 2009-07-18 16:20 3062272 c:\windows\system32\mshtml.dll
+ 2009-09-09 21:02 . 2005-09-20 13:43 2310144 c:\windows\system32\iglicd32.dll
- 2009-09-09 21:02 . 2005-07-19 22:16 2310144 c:\windows\system32\iglicd32.dll
- 2009-09-09 21:02 . 2005-07-19 22:09 1503232 c:\windows\system32\igfxress.dll
+ 2009-09-09 21:02 . 2005-09-20 13:35 1503232 c:\windows\system32\igfxress.dll
+ 2009-09-09 01:26 . 2009-09-11 16:07 1484808 c:\windows\system32\FNTCACHE.DAT
+ 2006-10-26 18:10 . 2006-10-26 18:10 1190688 c:\windows\system32\FM20.DLL
+ 2009-09-09 21:02 . 2005-09-20 14:00 1302332 c:\windows\system32\drivers\ialmnt5.sys
+ 2009-09-09 05:35 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 1003008 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 2370296 c:\windows\system32\dllcache\wmvcore.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 1119744 c:\windows\system32\dllcache\wmsdmoe2.dll
- 2004-08-12 14:10 . 2004-08-12 14:10 1119744 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-12 14:10 . 2009-07-13 06:18 4960256 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-12 14:10 . 2005-01-28 17:44 1027072 c:\windows\system32\dllcache\wmnetmgr.dll
+ 2004-08-12 14:09 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-12 14:05 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-12 14:05 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-12 14:03 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-12 14:01 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2009-09-09 05:34 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-12 14:00 . 2005-05-04 18:45 2890240 c:\windows\system32\dllcache\msi.dll
+ 2004-08-12 14:00 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-12 13:56 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-12 13:55 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-12 13:56 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll
+ 2004-08-12 13:55 . 2009-06-26 16:18 1023488 c:\windows\system32\browseui.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 1003008 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 2370296 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 1512448 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2009-09-11 13:16 . 2005-01-28 17:44 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 1027072 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2009-09-11 13:16 . 2004-08-12 14:10 1001472 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2009-09-11 13:16 . 2009-05-26 20:51 2174976 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2009-09-11 13:16 . 2004-08-12 14:10 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2009-09-11 13:16 . 2008-06-10 22:18 1053696 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2009-09-11 13:16 . 2005-01-28 17:44 1218808 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2003-02-21 09:04 . 2003-02-21 09:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27 1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27 2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27 1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-20 23:08 . 2003-02-20 23:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 23:07 . 2003-02-20 23:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2009-09-11 15:58 . 2009-09-11 15:58 2428416 c:\windows\Installer\468737.msi
+ 2009-09-11 15:57 . 2009-09-11 15:57 1780224 c:\windows\Installer\468730.msi
+ 2009-09-11 15:57 . 2009-09-11 15:57 1718272 c:\windows\Installer\46872a.msi
+ 2009-09-11 15:57 . 2009-09-11 15:57 1725952 c:\windows\Installer\468724.msi
+ 2009-09-11 15:56 . 2009-09-11 15:56 1954304 c:\windows\Installer\46871e.msi
+ 2009-09-11 15:56 . 2009-09-11 15:56 1826816 c:\windows\Installer\468718.msi
+ 2009-09-11 15:56 . 2009-09-11 15:56 1726976 c:\windows\Installer\468712.msi
+ 2009-09-11 15:55 . 2009-09-11 15:55 1879040 c:\windows\Installer\46870c.msi
+ 2009-09-11 15:55 . 2009-09-11 15:55 1730048 c:\windows\Installer\468706.msi
+ 2009-09-11 15:55 . 2009-09-11 15:55 1761792 c:\windows\Installer\468700.msi
+ 2009-09-11 15:55 . 2009-09-11 15:55 1735680 c:\windows\Installer\4686fa.msi
+ 2009-09-11 15:54 . 2009-09-11 15:54 1744384 c:\windows\Installer\4686f4.msi
+ 2009-09-11 15:54 . 2009-09-11 15:54 1842688 c:\windows\Installer\4686ee.msi
+ 2009-09-11 15:54 . 2009-09-11 15:54 2159104 c:\windows\Installer\4686e7.msi
+ 2009-09-11 15:53 . 2009-09-11 15:53 1715712 c:\windows\Installer\4686e1.msi
+ 2009-09-11 15:53 . 2009-09-11 15:53 1715712 c:\windows\Installer\4686da.msi
+ 2009-09-11 15:52 . 2009-09-11 15:52 1716736 c:\windows\Installer\4686d3.msi
+ 2009-09-11 15:52 . 2009-09-11 15:52 1715712 c:\windows\Installer\4686cc.msi
+ 2009-09-11 15:52 . 2009-09-11 15:52 1728000 c:\windows\Installer\4686c5.msi
+ 2009-09-11 15:52 . 2009-09-11 15:52 1718272 c:\windows\Installer\4686bf.msi
+ 2009-09-11 15:52 . 2009-09-11 15:52 1761792 c:\windows\Installer\4686b9.msi
+ 2009-09-11 15:51 . 2009-09-11 15:51 1753088 c:\windows\Installer\4686b3.msi
+ 2009-09-11 15:51 . 2009-09-11 15:51 1720832 c:\windows\Installer\4686ad.msi
+ 2009-09-11 15:51 . 2009-09-11 15:51 2595840 c:\windows\Installer\4686a7.msi
+ 2009-09-11 15:49 . 2009-09-11 15:49 1826304 c:\windows\Installer\4686a1.msi
+ 2009-09-11 15:49 . 2009-09-11 15:49 1716736 c:\windows\Installer\46869b.msi
+ 2009-09-11 15:48 . 2009-09-11 15:48 1767424 c:\windows\Installer\468695.msi
+ 2009-09-11 15:32 . 2009-09-11 15:32 1640960 c:\windows\Installer\35db9b.msi
+ 2009-09-11 15:32 . 2009-09-11 15:32 1652736 c:\windows\Installer\35db8f.msi
+ 2009-09-11 15:32 . 2009-09-11 15:32 1652736 c:\windows\Installer\35db89.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 1652736 c:\windows\Installer\35db83.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 2319872 c:\windows\Installer\35db63.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 1647616 c:\windows\Installer\35db57.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 1640960 c:\windows\Installer\35db48.msi
+ 2009-09-11 15:31 . 2009-09-11 15:31 2022912 c:\windows\Installer\35db42.msi
+ 2009-09-11 15:30 . 2009-09-11 15:30 1713152 c:\windows\Installer\35db3c.msi
+ 2009-09-11 15:30 . 2009-09-11 15:30 2397184 c:\windows\Installer\35db30.msi
+ 2009-09-11 15:26 . 2009-09-11 15:26 3443712 c:\windows\Installer\31fd8e.msi
+ 2009-09-11 15:15 . 2009-09-11 15:15 3441664 c:\windows\Installer\28ac6d.msi
+ 2009-09-12 02:37 . 2009-09-12 02:37 3820544 c:\windows\Installer\23f52df.msi
+ 2009-09-12 02:36 . 2009-09-12 02:36 3816960 c:\windows\Installer\23f52d4.msi
+ 2009-09-12 02:36 . 2009-09-12 02:36 3814400 c:\windows\Installer\23f52c9.msi
+ 2009-09-12 02:35 . 2009-09-12 02:35 1217024 c:\windows\Installer\23f52bf.msi
+ 2009-09-11 16:38 . 2009-09-11 16:38 2346496 c:\windows\Installer\1a3e8e.msi
+ 2009-09-11 16:37 . 2009-09-11 16:37 1758720 c:\windows\Installer\1a3e80.msi
+ 2009-09-11 16:37 . 2009-09-11 16:37 1716736 c:\windows\Installer\1a3e7a.msi
+ 2009-09-11 16:37 . 2009-09-11 16:37 1720832 c:\windows\Installer\1a3e74.msi
+ 2009-09-11 16:36 . 2009-09-11 16:36 1886208 c:\windows\Installer\1a3e6e.msi
+ 2009-09-11 16:36 . 2009-09-11 16:36 1774592 c:\windows\Installer\1a3e67.msi
+ 2009-09-11 15:34 . 2009-09-11 15:34 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-09-11 15:34 . 2009-09-11 15:34 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-09-10 21:05 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-09-10 21:05 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-09-10 21:04 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-09-10 21:05 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-09-11 15:26 . 2009-09-11 15:26 1929216 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b3f4e774\System.dll
+ 2009-09-11 15:27 . 2009-09-11 15:27 2076672 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_cb5ef7b9\System.Xml.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 2994176 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_37adc8ba\System.Windows.Forms.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 1462272 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ea234222\System.Design.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 3289088 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ae757f02\mscorlib.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 1216512 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 1335296 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 2039808 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 1245184 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 1699840 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 1290240 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-09-11 15:26 . 2009-09-11 15:26 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 1276720 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-09-11 15:33 . 2009-09-11 15:33 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-09-11 15:34 . 2009-09-11 15:34 18181632 c:\windows\Installer\35dba3.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-09-10 00:59 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" [2002-04-20 364544]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"HssTrayService"=3 (0x3)
"HotspotShieldService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/9/2009 6:26 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/9/2009 8:32 PM 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9/10/2009 10:52 AM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2009 8:32 PM 20560]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [8/6/2009 2:58 PM 331824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [7/22/2009 3:13 PM 28592]
S4 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [8/10/2009 7:19 PM 57640]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hxovttsn.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=8w2iw6tvuadp&shva=1#inbox|http://ca.yahoo.com/?p=us|https://www.google.com/adsense/report/overview#
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 12:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-09-13 13:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-13 17:00
ComboFix2.txt 2009-09-10 20:51
ComboFix3.txt 2009-09-10 20:26

Pre-Run: 200,720,982,016 bytes free
Post-Run: 200,724,451,328 bytes free

1099 --- E O F --- 2009-09-10 23:05

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 13 September 2009 - 01:37 PM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :(



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 falafelboy

falafelboy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 14 September 2009 - 10:22 AM

Excellent links. I still would have liked to find more info about how to install windows on a pc without getting infected. I have a feeling I got infected when i re-installed windows.

Other than that, my PC is running smoothly.

Thanks again for the help.

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 14 September 2009 - 12:05 PM

I have a feeling I got infected when i re-installed windows.


If you mean re-format, the pc should be totally clean, unless if you have file infector virus such as Virut on the computer, then you have to wipe all partitions at one go.. Do Google for "Virut" to know more :(


Since the issue seems to be resolved, I will closing this topic.. Thank you for your patience and performing all steps given.. If you need this topic to be reopen, please pm me or one of the moderator with this topic link..

Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users