Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was infected with UACFake and SKY


  • This topic is locked This topic is locked
22 replies to this topic

#1 Jellofiend

Jellofiend

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 12 September 2009 - 08:49 AM

Hello

I'm running Windows Vista Ultimate, and I recently got UACFake and SKYNET rootkits. After reading through several similar topics, I was able to remove the major irritants of the problems.

One of the virus items was stopping me from being able to search google, wouldn't let me install any cleaning software and kept opening up two internet explorer instances in the background (I kept ending them each time they popped up. Such a pain in the butt) among other things.

After sifting through other issues on this site (VERY useful!) I was able to run Malware Bytes (after changing both the installer name and the .exe name) as well as SuperAntiSpyware and Spybot. Both Malware Bytes and Super cleared out some stuff, but neither could delete the registry items for UAC and SKY. Nothing seemed to work until finally I was able to successfully install spybot after cleaning a bunch of stuff with the other programs. I can now search on google, and random processes don't seem to be popping up.

I'm also running AVG.

When I try to run a full MalwareBytes or Dr. Web scan it runs for an hour then crashes. I'm not sure if this is related, but when I play spore now it crashes if I play too long because it starts using way too much memory (I have a semi-decent computer, so this shouldn't be a problem.

As soon as I can afford it I'll be getting a portable hard drive to back up my stuff and do a factory reset, but that will be a while, so I'm hoping to clean up as much as I can.

Below are logs from Root Repeal and DDS

Thanks a bunch!

Alex




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/10 20:03
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: ahhjqo1y.SYS
Image Path: C:\Windows\System32\Drivers\ahhjqo1y.SYS
Address: 0x8EA04000 Size: 221184 File Visible: No Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x8F34E000 Size: 69632 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8F296000 Size: 753664 File Visible: No Signed: -
Status: -

Name: qW07x367.sys
Image Path: C:\Users\Ichabod\AppData\Local\Temp\qW07x367.sys
Address: 0x8F37F000 Size: 196736 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8F3B0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sprx.sys
Image Path: C:\Windows\System32\Drivers\sprx.sys
Address: 0x80697000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\ProgramData\Favorites
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{81758~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{81758~2
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8A458~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8a458d86-9d60-11de-92e0-0019d129c8d2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\Ichabod\Templates
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d
d7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c
at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d
131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea
1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850
4d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_8a15b
53c6beb8591.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e5070
87.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_765
8964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d
f268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab
ac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd
a6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5
6e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a
620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_588
43c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc
0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3c
e6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf
c6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a898
0e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053
e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e2
0e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003
bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa692
0e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949
b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c
2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a
.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.
cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c
0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\18860672a5c66d86c814094edcbe638747283dd1b644f8e960f40ca51d409ff2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\821b5699c772c1952968a54dadc77cc29ec0b1dd2fa6ce6df6977a8a00498e13.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18000_none_2bad9989db66dd67\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16551_none_9a28f27507e7382c\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.20670_none_9a9bef1e2115f681\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6000.16720_none_6d811f76e797ee4e\ADONET~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6000.20883_none_56b9361b013a3341\ADONET~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6001.18000_none_6d5b1acee7eac7a6\ADONET~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6001.18111_none_6d5c042ce7e9faef\ADONET~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6001.22230_none_569074c9018f7402\ADONET~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_6d8c18ba50aebc1f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_56c42f5e6a510112\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_6d66fd705100c8c0\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b
\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b
\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b
\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b
\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b
\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b
\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe
\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe
\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe
\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe
\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe
\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe
\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac
\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac
\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac
\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac
\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac
\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac
\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6000.16720_none_75ed8ff3a0e5994f\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6000.20883_none_5f25a697ba87de42\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_noProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x85356050 Size: 2727

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x87066538 Size: 2760

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x87056c38 Size: 971

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8705d840 Size: 92

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8705d7e8 Size: 180

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85356148 Size: 2479

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x853560f0 Size: 2567

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x851871f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_CREATE]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_CLOSE]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_READ]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_WRITE]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_CLEANUP]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: udfsЌ摕癦, IRP_MJ_PNP]
Process: System Address: 0x8693f1f8 Size: 121

Object: Hidden Code [Driver: usbuhcieЃ䵆牲疀蚟畸蚟@, IRP_MJ_CREATE]
Process: System Address: 0x8693d500 Size: 121

Object: Hidden Code [Driver: usbuhcieЃ䵆牲疀蚟畸蚟@, IRP_MJ_CLOSE]
Process: System Address: 0x8693d500 Size: 121

Object: Hidden Code [Driver: usbuhcieЃ䵆牲疀蚟畸蚟@, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8693d500 Size: 121

Object: Hidden Code [Driver: usbuhcieЃ䵆牲疀蚟畸蚟@, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8693d500 Size: 121

Object: Hidden Code [Driver: usbuhcieЃ䵆牲疀蚟畸蚟@, IRP_MJ_POWER]
Process: System Address: 0x8693d500 Size: 121

Object: Hidden Code [Driver: usbuhcieЃ䵆牲疀蚟畸蚟@, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8693d500 Size: 121

Object: Hidden Code [Driver: usbuhcieЃ䵆牲疀蚟畸蚟@, IRP_MJ_PNP]
Process: System Address: 0x8693d500 Size: 121

Object: Hidden Code [Driver: ahhjqo1yП牄᳠譇ぐ贐, IRP_MJ_CREATE]
Process: System Address: 0x869f01f8 Size: 121

Object: Hidden Code [Driver: ahhjqo1yП牄᳠譇ぐ贐, IRP_MJ_CLOSE]
Process: System Address: 0x869f01f8 Size: 121

Object: Hidden Code [Driver: ahhjqo1yП牄᳠譇ぐ贐, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869f01f8 Size: 121

Object: Hidden Code [Driver: ahhjqo1yП牄᳠譇ぐ贐, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869f01f8 Size: 121

Object: Hidden Code [Driver: ahhjqo1yП牄᳠譇ぐ贐, IRP_MJ_POWER]
Process: System Address: 0x869f01f8 Size: 121

Object: Hidden Code [Driver: ahhjqo1yП牄᳠譇ぐ贐, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869f01f8 Size: 121

Object: Hidden Code [Driver: ahhjqo1yП牄᳠譇ぐ贐, IRP_MJ_PNP]
Process: System Address: 0x869f01f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_CREATE]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_CLOSE]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_READ]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_WRITE]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_SHUTDOWN]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_POWER]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: cdrom藿糀㥣П牄᳠譇

◘譒, IRP_MJ_PNP]
Process: System Address: 0x869b81f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЕ楆, IRP_MJ_CREATE]
Process: System Address: 0x869f41f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЕ楆, IRP_MJ_CLOSE]
Process: System Address: 0x869f41f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЕ楆, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869f41f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЕ楆, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869f41f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЕ楆, IRP_MJ_POWER]
Process: System Address: 0x869f41f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЕ楆, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869f41f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЕ楆, IRP_MJ_PNP]
Process: System Address: 0x869f41f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x851841f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x869811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x869811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x869811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869811f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x869811f8 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_CREATE]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_CLOSE]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_READ]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_WRITE]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_CLEANUP]
Process: System Address: 0x8694a500 Size: 121

Object: Hidden Code [Driver: cdfsЎ浍慃䠠髙, IRP_MJ_PNP]
Process: System Address: 0x8694a500 Size: 121

==EOF==

*************************************************************************************************



DDS (Ver_09-07-30.01) - NTFSx86
Run by Ichabod at 9:31:24.45 on 12/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.2.1033.18.3069.2112 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ichabod\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105w.bay105.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ichabod\appdata\roaming\mozilla\firefox\profiles\diqinmap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-9 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-9 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-9 297752]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-24 5120]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-9 38160]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
S4 0304311174691783mcinstcleanup;McAfee Application Installer Cleanup (0304311174691783);c:\windows\temp\030431~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\030431~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-09-09 07:42 <DIR> --d----- c:\windows\system32\xlive
2009-09-09 07:41 <DIR> -cd----- c:\program files\Microsoft Games for Windows - LIVE
2009-09-09 07:34 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-09 07:34 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-09 05:40 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-07 21:16 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-30 18:23 33,069 a------- c:\programdata\nvModes.dat
2009-08-30 18:23 33,069 a------- c:\progra~2\nvModes.dat
2009-08-30 18:20 <DIR> -cd----- c:\program files\NVIDIA Corporation
2009-08-29 15:19 <DIR> --d----- c:\users\ichabod\appdata\roaming\SPORE
2009-08-28 17:46 <DIR> -cd----- C:\dsbuff
2009-08-28 17:34 131,479 a------- c:\windows\Untitled.jpg
2009-08-25 23:22 2,048 a------- c:\windows\system32\tzres.dll
2009-08-19 07:20 <DIR> -cd----- c:\program files\SquareEnix
2009-08-18 16:44 <DIR> --d----- c:\users\ichabod\DoctorWeb
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 02:41 215,584 a------- c:\windows\system32\nvvsvc.exe
2009-08-17 02:41 143,360 a------- c:\windows\system32\nvshext.dll
2009-08-17 02:41 86,016 a------- c:\windows\system32\nvsvc.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-13 18:53 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-13 18:53 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-13 18:53 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 18:53 270,848 a------- c:\windows\system32\schannel.dll
2009-08-13 18:53 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-13 18:53 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-13 18:53 72,704 a------- c:\windows\system32\secur32.dll
2009-08-13 18:53 9,728 a------- c:\windows\system32\lsass.exe

==================== Find3M ====================

2009-09-09 07:38 51,200 a------- c:\windows\inf\infpub.dat
2009-09-09 07:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-30 18:18 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-09 22:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-09 22:53 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-09 22:53 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-27 09:42 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 15:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-06-15 11:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 11:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 11:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-09-25 18:33 174 a--sh--- c:\program files\desktop.ini
2008-09-25 18:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-03 20:55 32 a------- c:\programdata\ezsid.dat
2008-07-03 20:55 32 a------- c:\progra~2\ezsid.dat
2007-08-17 22:18 45 a------- c:\users\ichabod\aa.bat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:32:17.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 27 September 2009 - 11:08 PM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 Jellofiend

Jellofiend
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 September 2009 - 08:53 PM

Hello

The situation is about the same as before as shown below. There's one thing I noticed in the Device Manager. Under "Other Devices" It lists two unknown devices. One of the mentions SKYNETfhxqtuxo and the other mentions UACd.sys. They're both "disabled" but I know they're very ungood.

I'm still unable to run a full scan of Malware Bytes all the way to the end.

Also you can ignore the mention of "spore".

Thanks a bunch for taking the time to help with this. Just let me know what I should do.







DDS (Ver_09-07-30.01) - NTFSx86
Run by Ichabod at 21:42:58.52 on 28/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.2.1033.18.3069.660 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\DivX\DivX Codec\divxsm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ichabod\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Ichabod\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105w.bay105.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ichabod\appdata\roaming\mozilla\firefox\profiles\diqinmap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-9 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-9 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-9 297752]
R2 MSSQL$ACCPAC53CGAR2;SQL Server (ACCPAC53CGAR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-24 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
S3 MEMSWEEP2;MEMSWEEP2;c:\program files\sophos\sophos anti-rootkit\MEMSWEEP.sys [2009-8-10 6144]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S4 0304311174691783mcinstcleanup;McAfee Application Installer Cleanup (0304311174691783);c:\windows\temp\030431~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\030431~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-09-23 20:05 <DIR> --d-h--- c:\programdata\CanonBJ
2009-09-22 10:27 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 17:51 <DIR> --d----- c:\users\ichabod\appdata\roaming\DAEMON Tools Pro
2009-09-19 17:51 <DIR> --d----- c:\users\ichabod\appdata\roaming\DAEMON Tools Lite
2009-09-18 07:56 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-18 07:56 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 07:55 <DIR> -cd----- c:\program files\iPod
2009-09-18 07:55 <DIR> -cd----- c:\program files\iTunes
2009-09-18 07:55 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 07:55 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 07:54 <DIR> -cd----- c:\program files\Bonjour
2009-09-17 21:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 21:11 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-17 21:11 <DIR> -cd----- c:\program files\MWareBytes
2009-09-17 17:48 <DIR> --dsh--- C:\found.000
2009-09-12 10:59 <DIR> --d----- c:\windows\system32\directx
2009-09-09 07:42 <DIR> --d----- c:\windows\system32\xlive
2009-09-09 07:41 <DIR> -cd----- c:\program files\Microsoft Games for Windows - LIVE
2009-09-09 07:34 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-09 07:34 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-09 05:40 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-07 21:16 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-08-30 18:23 33,069 a------- c:\programdata\nvModes.dat
2009-08-30 18:23 33,069 a------- c:\progra~2\nvModes.dat
2009-08-30 18:20 <DIR> -cd----- c:\program files\NVIDIA Corporation

==================== Find3M ====================

2009-09-18 07:51 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-18 07:51 86,016 a------- c:\windows\inf\infstor.dat
2009-09-18 07:51 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 02:41 215,584 a------- c:\windows\system32\nvvsvc.exe
2009-08-17 02:41 143,360 a------- c:\windows\system32\nvshext.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 9,545,152 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 795,104 a------- c:\windows\system32\dpinst.exe
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-11 12:35 485,920 a------- c:\windows\system32\nvuninst.exe
2009-08-09 22:53 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-09 22:53 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-09 22:53 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-07-27 09:42 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 15:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2008-09-25 18:33 174 a--sh--- c:\program files\desktop.ini
2008-09-25 18:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-03 20:55 32 a------- c:\programdata\ezsid.dat
2008-07-03 20:55 32 a------- c:\progra~2\ezsid.dat
2007-08-17 22:18 45 a------- c:\users\ichabod\aa.bat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:43:37.70 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:34 PM

Posted 05 October 2009 - 12:11 PM

There appears to be p2p file sharing programs (uTorrent at least) installed there. P2P downloads are nowadays one of the biggest infection sources. I strongly recommend you uninstall such software. If you don't uninstall you still have to make sure none of them is running in any stage of this cleaning process.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Jellofiend

Jellofiend
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 06 October 2009 - 06:39 PM

I ran Combofix. Unfortunately it disabled my internet connection. I tried restarting, repairing it, rolling back the drivers etc. Neither worked, so I had to do a system restore... I dunno if that undid some of the stuff combofix did, but I needed an internet connection.

Here's the combofix report, as well as a new DDS report.

ComboFix 09-10-04.01 - Ichabod 05/10/2009 18:20.2.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.2.1033.18.3069.1726 [GMT -4:00]
Running from: c:\users\Ichabod\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\17ae9.msi
c:\windows\Installer\484b5e4.msi
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\snetcfg.exe
c:\windows\system32\ndisapi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ndisrd
-------\Service_NdisrdMP


((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-10-05 22:30 . 2009-10-05 22:32 -------- d-----w- c:\users\Ichabod\AppData\Local\temp
2009-10-05 22:30 . 2009-10-05 22:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-05 22:30 . 2009-10-05 22:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-10-05 22:30 . 2009-10-05 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-05 01:34 . 2009-10-05 01:34 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-02 11:47 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 11:43 . 2009-10-02 11:44 -------- dc----w- c:\program files\Microsoft Security Essentials
2009-10-01 00:08 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-01 00:08 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-01 00:08 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-01 00:08 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-01 00:07 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-01 00:07 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-01 00:07 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-01 00:07 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-01 00:07 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-24 00:05 . 2009-09-24 00:05 -------- d--h--w- c:\programdata\CanonBJ
2009-09-19 21:51 . 2009-09-19 21:51 -------- d-----w- c:\users\Ichabod\AppData\Roaming\DAEMON Tools Lite
2009-09-19 21:51 . 2009-09-19 21:51 -------- d-----w- c:\users\Ichabod\AppData\Roaming\DAEMON Tools Pro
2009-09-19 21:51 . 2009-09-19 21:51 -------- d-----w- c:\users\Ichabod\AppData\Roaming\DAEMON Tools
2009-09-18 11:56 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-18 11:56 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 11:55 . 2009-09-18 11:55 -------- dc----w- c:\program files\iPod
2009-09-18 11:55 . 2009-09-18 11:56 -------- dc----w- c:\program files\iTunes
2009-09-18 11:55 . 2009-09-18 11:56 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 11:54 . 2009-09-18 11:54 -------- dc----w- c:\program files\Bonjour
2009-09-18 11:53 . 2009-09-18 11:54 -------- dc----w- c:\program files\QuickTime
2009-09-18 01:11 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 01:11 . 2009-09-18 01:12 -------- dc----w- c:\program files\MWareBytes
2009-09-18 01:11 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-17 21:48 . 2009-09-17 21:48 -------- d-----w- C:\found.000
2009-09-09 11:42 . 2009-09-09 11:42 -------- d-----w- c:\windows\system32\xlive
2009-09-09 11:41 . 2009-09-09 11:42 -------- dc----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-09 11:40 . 2009-09-09 11:40 -------- d-----w- c:\users\Ichabod\AppData\Local\Microsoft Help
2009-09-09 11:34 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-09 11:34 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-09 09:40 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-08 01:16 . 2009-09-08 01:16 411368 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 22:32 . 2008-04-26 15:47 -------- d-----w- c:\programdata\NVIDIA
2009-10-05 01:48 . 2009-08-11 19:27 -------- d-----w- c:\users\Ichabod\AppData\Roaming\uTorrent
2009-09-29 20:24 . 2009-08-13 01:45 -------- d-----w- c:\users\Ichabod\AppData\Roaming\DivX
2009-09-29 19:53 . 2007-06-25 03:21 -------- d-----w- c:\program files\Zoom Player
2009-09-24 07:44 . 2007-11-21 03:33 -------- dc----w- c:\program files\Diablo II
2009-09-22 14:27 . 2009-09-22 14:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 21:52 . 2009-08-12 20:49 -------- dc----w- c:\program files\Paradox Interactive
2009-09-18 21:45 . 2007-03-07 04:23 -------- d-----w- c:\users\Ichabod\AppData\Roaming\Apple Computer
2009-09-18 11:55 . 2007-12-24 02:16 -------- dc----w- c:\program files\Common Files\Apple
2009-09-18 00:05 . 2009-08-10 00:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 03:22 . 2009-02-28 20:59 -------- d-----w- c:\programdata\NOS
2009-09-12 15:11 . 2009-08-29 19:19 -------- d-----w- c:\users\Ichabod\AppData\Roaming\SPORE
2009-09-11 00:34 . 2009-08-10 22:52 -------- dc----w- c:\program files\Spybot
2009-09-09 16:48 . 2008-07-20 18:13 -------- dc----w- c:\program files\Microsoft Silverlight
2009-09-09 16:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 11:45 . 2008-09-10 02:24 -------- d-----w- c:\programdata\Microsoft Help
2009-09-09 02:07 . 2009-08-30 22:23 33069 ----a-w- c:\programdata\nvModes.dat
2009-09-08 01:16 . 2007-02-13 20:21 -------- dc----w- c:\program files\Java
2009-09-01 01:54 . 2009-08-10 03:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-30 22:20 . 2009-08-30 22:20 -------- dc----w- c:\program files\NVIDIA Corporation
2009-08-30 21:31 . 2009-08-29 18:54 -------- dc----w- c:\program files\Electronic Arts
2009-08-30 21:30 . 2007-02-13 20:21 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-08-29 19:34 . 2008-10-05 01:13 -------- d-----w- c:\programdata\Electronic Arts
2009-08-29 19:19 . 2009-08-29 19:19 -------- d--h--r- c:\users\Ichabod\AppData\Roaming\SecuROM
2009-08-29 19:13 . 2008-10-05 01:12 1448 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-08-28 23:42 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-23 12:43 . 2007-02-25 17:35 -------- dc----w- c:\program files\DivX
2009-08-23 12:42 . 2009-05-11 00:19 -------- dc----w- c:\program files\Common Files\DivX Shared
2009-08-19 11:20 . 2009-08-19 11:20 -------- dc----w- c:\program files\SquareEnix
2009-08-17 06:42 . 2009-08-17 06:42 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 06:42 . 2009-08-17 06:42 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-08-17 06:41 . 2009-08-17 06:41 215584 ----a-w- c:\windows\system32\nvvsvc.exe
2009-08-17 06:41 . 2009-08-17 06:41 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-08-17 04:57 . 2009-08-17 04:57 9545152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 04:57 . 2009-08-17 04:57 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-08-17 04:57 . 2009-08-17 04:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-17 04:57 . 2009-08-17 04:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-17 04:57 . 2009-08-17 04:57 2169376 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-17 04:57 . 2009-08-17 04:57 1985536 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-17 04:57 . 2009-08-17 04:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod162.dll
2009-08-17 04:57 . 2009-08-17 04:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-17 04:57 . 2009-08-17 04:57 10858496 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-17 04:57 . 2007-02-14 04:04 7569920 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-17 04:57 . 2007-02-14 04:04 1044992 ----a-w- c:\windows\system32\nvapi.dll
2009-08-14 17:07 . 2009-09-09 09:41 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 09:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 09:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 09:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 09:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 09:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 09:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 09:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 09:41 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16 . 2009-09-09 09:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-12 20:56 . 2008-06-26 02:05 -------- d-----w- c:\programdata\Media Center Programs
2009-08-11 21:43 . 2009-08-11 21:43 -------- dc----w- c:\program files\Common Files\Adobe Systems Shared
2009-08-11 21:07 . 2009-08-11 21:07 -------- dc----w- c:\program files\uTorrent
2009-08-11 16:35 . 2007-09-17 12:07 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-08-10 23:17 . 2009-03-13 15:52 -------- dc----w- c:\program files\DAEMON Tools Toolbar
2009-08-10 23:09 . 2007-12-08 16:23 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-10 22:58 . 2009-08-10 22:58 -------- d-----w- c:\users\Ichabod\AppData\Roaming\Logitech
2009-08-10 22:58 . 2009-08-10 22:58 104704 ----a-w- c:\users\Ichabod\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 22:50 . 2007-02-24 01:46 -------- dc----w- c:\program files\Creative
2009-08-10 22:48 . 2008-08-28 14:59 -------- dc----w- c:\program files\AccpacCGA
2009-08-10 22:34 . 2008-09-16 02:54 -------- d-----w- c:\programdata\FLEXnet
2009-08-10 21:19 . 2009-08-10 21:19 -------- dc----w- c:\program files\Sophos
2009-08-10 13:58 . 2009-08-10 00:01 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-08-10 02:42 . 2009-08-10 02:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-10 02:42 . 2009-08-10 01:11 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-08-10 01:11 . 2009-08-10 01:11 -------- d-----w- c:\users\Ichabod\AppData\Roaming\SUPERAntiSpyware.com
2009-08-10 01:09 . 2009-08-10 00:40 -------- dc----w- c:\program files\Common Files\Uninstall
2009-08-10 01:03 . 2009-08-10 01:03 -------- d-----w- c:\users\Ichabod\AppData\Roaming\Malwarebytes
2009-08-09 22:54 . 2009-08-09 22:54 -------- d-----w- c:\programdata\Malwarebytes
2009-08-09 22:50 . 2008-08-16 16:41 -------- d-----w- c:\programdata\Google Updater
2009-08-07 23:51 . 2009-08-07 23:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 23:51 . 2009-08-07 23:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-27 13:42 . 2007-11-21 04:10 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-21 21:52 . 2009-07-29 13:11 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 12:06 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 12:06 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 12:06 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 12:06 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 12:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 19:32 . 2009-09-09 09:41 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 09:41 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-09 09:41 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-09 09:41 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-02-14 04:11 . 2007-02-14 04:10 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-11_01.11.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-09 09:41 . 2009-07-11 19:10 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanhlp.dll
+ 2009-09-09 09:41 . 2009-07-11 19:10 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanapi.dll
+ 2008-09-24 03:36 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\gatherWirelessInfo.vbs
+ 2009-09-09 09:41 . 2009-04-11 06:28 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanhlp.dll
+ 2009-09-09 09:41 . 2009-07-11 19:01 65024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanapi.dll
+ 2008-09-24 03:36 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\gatherWirelessInfo.vbs
+ 2009-09-09 09:41 . 2009-07-11 19:17 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanhlp.dll
+ 2009-09-09 09:41 . 2009-07-11 19:17 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanapi.dll
+ 2008-09-24 03:36 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\gatherWirelessInfo.vbs
+ 2008-09-24 03:38 . 2008-01-19 07:36 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanhlp.dll
+ 2008-09-24 03:38 . 2008-01-19 07:36 64512 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanapi.dll
+ 2008-09-24 03:36 . 2008-01-05 11:34 15181 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\gatherWirelessInfo.vbs
+ 2009-09-09 09:41 . 2009-07-11 19:24 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanhlp.dll
+ 2009-09-09 09:41 . 2009-07-11 19:24 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanapi.dll
+ 2006-11-02 12:32 . 2006-11-02 12:32 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\gatherWirelessInfo.vbs
+ 2009-09-09 09:41 . 2009-07-11 19:32 67584 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanhlp.dll
+ 2009-09-09 09:41 . 2009-07-11 19:32 47104 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanapi.dll
+ 2006-11-02 12:32 . 2006-11-02 12:32 14827 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\gatherWirelessInfo.vbs
+ 2009-10-01 00:08 . 2009-08-07 02:24 44768 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wups2.dll
+ 2009-10-01 00:08 . 2009-08-07 02:24 53472 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
+ 2009-10-01 00:07 . 2009-08-06 22:44 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe
+ 2009-10-01 00:07 . 2009-08-07 02:24 35552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wups.dll
+ 2009-10-01 00:07 . 2009-08-07 01:44 87552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wudriver.dll
+ 2009-08-12 12:06 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll
+ 2008-09-24 03:37 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll
+ 2008-09-24 03:37 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll
+ 2009-09-09 09:41 . 2009-08-15 21:30 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\netiougc.exe
+ 2009-09-09 09:41 . 2009-08-15 23:56 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\netiomig.dll
+ 2009-09-09 09:41 . 2009-08-14 14:23 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\netiougc.exe
+ 2009-09-09 09:41 . 2009-08-14 16:40 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\netiomig.dll
+ 2009-09-09 09:41 . 2009-08-14 13:52 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\ROUTE.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:52 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\NETSTAT.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:52 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\MRINFO.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:52 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\finger.exe
+ 2009-09-09 09:41 . 2009-08-14 13:52 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\ARP.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:49 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\ROUTE.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:49 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\NETSTAT.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:49 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\MRINFO.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:49 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\finger.exe
+ 2009-09-09 09:41 . 2009-08-14 13:49 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\ARP.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:11 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\ROUTE.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:11 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\NETSTAT.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:11 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\MRINFO.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:11 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\finger.exe
+ 2009-09-09 09:41 . 2009-08-14 14:11 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\ARP.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:16 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\ROUTE.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:16 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\NETSTAT.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:16 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\MRINFO.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:16 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\finger.exe
+ 2009-09-09 09:41 . 2009-08-14 14:16 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\ARP.EXE
+ 2009-09-09 09:41 . 2009-08-15 21:31 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\ROUTE.EXE
+ 2009-09-09 09:41 . 2009-08-15 21:31 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\NETSTAT.EXE
+ 2009-09-09 09:41 . 2009-08-15 21:31 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\MRINFO.EXE
+ 2009-09-09 09:41 . 2009-08-15 21:31 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\finger.exe
+ 2009-09-09 09:41 . 2009-08-15 21:31 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\ARP.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:25 17920 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\ROUTE.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:25 27136 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\NETSTAT.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:25 11264 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\MRINFO.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:25 10240 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\finger.exe
+ 2009-09-09 09:41 . 2009-08-14 14:25 19968 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\ARP.EXE
+ 2009-08-12 12:06 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll
+ 2009-08-12 12:06 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll
+ 2009-08-12 12:06 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll
+ 2008-09-24 03:38 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll
+ 2009-08-12 12:06 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll
+ 2009-08-12 12:06 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll
+ 2009-09-09 09:41 . 2009-08-14 17:01 98376 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\FWPKCLNT.SYS
+ 2009-09-09 09:41 . 2009-08-15 21:29 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\FWPKCLNT.SYS
+ 2009-09-09 09:41 . 2009-08-14 16:00 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\netevent.dll
+ 2009-09-09 09:41 . 2009-08-14 15:53 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\netevent.dll
+ 2009-09-09 09:41 . 2009-08-14 16:24 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\netevent.dll
+ 2009-09-09 09:41 . 2009-08-14 16:29 17920 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\netevent.dll
+ 2009-09-09 09:41 . 2009-08-15 23:56 15360 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\netevent.dll
+ 2009-09-09 09:41 . 2009-08-14 16:40 15360 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\netevent.dll
+ 2009-09-09 09:40 . 2009-06-10 09:53 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\rrinstaller.exe
+ 2009-09-09 09:40 . 2009-06-10 09:54 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mfps.dll
+ 2009-09-09 09:40 . 2009-06-10 09:53 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mfpmp.exe
+ 2009-09-09 09:40 . 2009-04-11 06:27 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\rrinstaller.exe
+ 2009-09-09 09:40 . 2009-04-11 06:28 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfps.dll
+ 2009-09-09 09:40 . 2009-04-11 06:27 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mfpmp.exe
+ 2009-09-09 09:40 . 2009-06-10 10:10 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\rrinstaller.exe
+ 2009-09-09 09:40 . 2009-06-10 11:56 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mfps.dll
+ 2009-09-09 09:40 . 2009-06-10 10:10 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mfpmp.exe
+ 2008-09-24 03:37 . 2008-01-19 07:33 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\rrinstaller.exe
+ 2008-09-24 03:37 . 2008-01-19 07:34 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfps.dll
+ 2008-09-24 03:37 . 2008-01-19 07:33 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mfpmp.exe
+ 2009-09-09 09:40 . 2009-06-10 10:01 52736 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\rrinstaller.exe
+ 2009-09-09 09:40 . 2009-06-10 12:00 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mfps.dll
+ 2009-09-09 09:40 . 2009-06-10 10:01 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mfpmp.exe
+ 2009-09-09 09:40 . 2009-06-10 10:14 52736 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\rrinstaller.exe
+ 2009-09-09 09:40 . 2009-06-10 12:07 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mfps.dll
+ 2009-09-09 09:40 . 2009-06-10 10:15 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mfpmp.exe
+ 2009-08-13 22:53 . 2009-06-15 15:00 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\secur32.dll
+ 2009-08-13 22:53 . 2009-06-15 14:53 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\secur32.dll
+ 2009-08-13 22:53 . 2009-06-15 15:25 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\secur32.dll
+ 2009-08-13 22:53 . 2009-06-15 15:24 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\secur32.dll
+ 2009-08-13 22:53 . 2009-06-15 15:08 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\secur32.dll
+ 2009-08-13 22:53 . 2009-06-15 15:28 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\secur32.dll
+ 2009-09-09 09:41 . 2009-08-14 13:51 30720 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\tcpipreg.sys
+ 2009-09-09 09:41 . 2009-08-14 13:48 30720 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\tcpipreg.sys
+ 2009-08-26 03:22 . 2009-06-22 10:13 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22155_none_17865cb11ffa07ae\tzupd.exe
+ 2008-08-14 11:45 . 2008-01-19 07:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18054_none_16fbbf9c06dd4e8d\tzupd.exe
+ 2009-08-26 03:22 . 2009-06-22 10:26 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22454_none_159eea7f22d49933\tzupd.exe
+ 2008-08-14 11:45 . 2008-01-19 07:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18275_none_1500ac4009c64d7b\tzupd.exe
+ 2009-08-26 03:22 . 2009-06-22 10:21 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21070_none_139ee11525c210e3\tzupd.exe
+ 2009-08-26 03:22 . 2009-06-22 10:30 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16873_none_13186d060ca189dc\tzupd.exe
+ 2009-08-12 12:06 . 2009-07-17 14:15 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\atl.dll
+ 2009-08-12 12:06 . 2009-07-17 13:54 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\atl.dll
+ 2009-08-12 12:06 . 2009-07-17 14:24 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\atl.dll
+ 2009-08-12 12:06 . 2009-07-17 14:35 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\atl.dll
+ 2009-08-12 12:06 . 2009-07-17 14:39 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\atl.dll
+ 2009-08-12 12:06 . 2009-07-17 14:52 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\atl.dll
+ 2009-09-09 11:34 . 2009-08-29 00:19 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\Apphlpdm.dll
+ 2009-09-09 11:34 . 2009-08-29 00:14 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\Apphlpdm.dll
+ 2009-09-09 11:34 . 2009-08-28 12:24 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\Apphlpdm.dll
+ 2009-09-09 11:34 . 2009-08-28 12:39 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\Apphlpdm.dll
+ 2009-09-09 11:34 . 2009-08-29 03:32 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\Apphlpdm.dll
+ 2009-09-09 11:34 . 2009-08-29 03:40 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\Apphlpdm.dll
+ 2009-09-12 15:00 . 2009-03-16 18:18 69448 c:\windows\System32\XAPOFX1_3.dll
+ 2009-09-12 15:00 . 2008-10-27 14:04 70992 c:\windows\System32\XAPOFX1_2.dll
+ 2009-09-12 15:00 . 2008-07-30 10:20 68616 c:\windows\System32\XAPOFX1_1.dll
+ 2009-09-12 15:00 . 2009-03-16 18:18 22360 c:\windows\System32\X3DAudio1_6.dll
+ 2009-09-12 15:00 . 2008-10-27 14:04 23376 c:\windows\System32\X3DAudio1_5.dll
+ 2007-02-13 20:37 . 2009-10-05 01:35 72414 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-02-22 02:13 . 2009-10-05 01:35 16842 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2025719069-4072549690-2336237830-1001_UserData.bin
- 2009-04-15 17:14 . 2009-02-13 08:49 72704 c:\windows\System32\secur32.dll
+ 2009-08-13 22:53 . 2009-06-15 15:24 72704 c:\windows\System32\secur32.dll
- 2007-02-14 04:04 . 2007-09-17 12:07 86016 c:\windows\System32\nvsvc.dll
+ 2009-08-17 06:41 . 2007-09-17 12:07 86016 c:\windows\System32\nvsvc.dll
- 2008-10-05 13:06 . 2009-03-15 22:53 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-05 13:06 . 2009-09-12 16:48 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-29 19:34 . 2009-08-29 19:34 74137 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2009-09-18 11:56 . 2009-05-18 18:17 26600 c:\windows\System32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2009-08-28 23:42 . 2009-08-28 23:42 40448 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_5f8e430d\usbaapl.sys
+ 2009-06-18 22:48 . 2009-06-18 22:48 42480 c:\windows\System32\drivers\MpNWMon.sys
+ 2009-05-01 21:02 . 2009-05-01 21:02 90112 c:\windows\System32\dpl100.dll
+ 2008-12-12 15:11 . 2008-12-12 15:11 61440 c:\windows\System32\dnssd.dll
+ 2008-12-12 15:18 . 2008-12-12 15:18 87336 c:\windows\System32\dns-sd.exe
+ 2007-02-21 13:02 . 2009-10-05 03:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-02-21 13:02 . 2009-08-10 22:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-02-21 13:02 . 2009-08-10 22:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-21 13:02 . 2009-10-05 03:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-21 13:02 . 2009-10-05 03:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-21 13:02 . 2009-08-10 22:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-12 12:06 . 2009-06-10 12:07 91136 c:\windows\System32\avifil32.dll
- 2008-09-24 03:38 . 2008-01-19 07:33 91136 c:\windows\System32\avifil32.dll
+ 2009-08-13 02:19 . 2009-08-13 02:19 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-08-06 23:23 . 2009-08-06 23:23 73288 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-09-18 11:54 . 2009-09-18 11:54 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2006-11-02 10:25 . 2009-09-18 11:51 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-08-10 22:50 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-08-10 22:50 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-09-18 11:51 51200 c:\windows\inf\infpub.dat
- 2009-07-05 13:47 . 2009-07-05 13:47 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-09 09:41 . 2009-08-14 13:52 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\TCPSVCS.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:52 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\HOSTNAME.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:49 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\TCPSVCS.EXE
+ 2009-09-09 09:41 . 2009-08-14 13:49 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\HOSTNAME.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:11 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\TCPSVCS.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:11 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\HOSTNAME.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:16 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\TCPSVCS.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:16 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\HOSTNAME.EXE
+ 2009-09-09 09:41 . 2009-08-15 21:31 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\TCPSVCS.EXE
+ 2009-09-09 09:41 . 2009-08-15 21:31 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\HOSTNAME.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:25 9728 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\TCPSVCS.EXE
+ 2009-09-09 09:41 . 2009-08-14 14:25 8704 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\HOSTNAME.EXE
+ 2009-08-12 12:06 . 2009-07-15 12:46 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll
+ 2009-08-12 12:06 . 2009-07-15 12:46 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll
+ 2009-08-12 12:06 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll
+ 2009-08-12 12:06 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll
+ 2009-08-12 12:06 . 2009-07-15 14:51 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll
+ 2009-08-12 12:06 . 2009-07-15 14:51 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll
+ 2009-08-12 12:06 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll
+ 2009-08-12 12:06 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll
+ 2009-08-12 12:06 . 2009-07-15 14:42 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll
+ 2009-08-12 12:06 . 2009-07-15 14:43 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll
+ 2009-08-12 12:06 . 2009-07-14 13:00 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll
+ 2009-08-12 12:06 . 2009-07-14 13:01 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll
+ 2009-09-09 09:40 . 2009-06-10 09:53 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mferror.dll
+ 2009-09-09 09:40 . 2009-04-11 04:54 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mferror.dll
+ 2009-09-09 09:40 . 2009-06-10 10:10 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mferror.dll
+ 2006-11-02 12:33 . 2006-11-02 12:33 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mferror.dll
+ 2009-09-09 09:40 . 2009-06-10 08:43 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mferror.dll
+ 2009-09-09 09:40 . 2009-06-10 08:50 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mferror.dll
+ 2009-08-13 22:53 . 2009-06-15 12:51 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
+ 2009-08-13 22:53 . 2009-06-15 12:48 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
+ 2009-08-13 22:53 . 2009-06-15 13:03 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
+ 2009-08-13 22:53 . 2009-06-15 12:57 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
+ 2009-08-13 22:53 . 2009-06-15 12:59 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
+ 2009-08-13 22:53 . 2009-06-15 13:10 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
+ 2009-08-26 03:22 . 2009-06-22 10:13 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22155_none_17865cb11ffa07ae\tzres.dll
+ 2009-08-26 03:22 . 2009-06-22 10:09 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18054_none_16fbbf9c06dd4e8d\tzres.dll
+ 2009-08-26 03:22 . 2009-06-22 10:26 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22454_none_159eea7f22d49933\tzres.dll
+ 2009-08-26 03:22 . 2009-06-22 10:22 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18275_none_1500ac4009c64d7b\tzres.dll
+ 2009-08-26 03:22 . 2009-06-22 08:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21070_none_139ee11525c210e3\tzres.dll
+ 2009-08-26 03:22 . 2009-06-22 08:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16873_none_13186d060ca189dc\tzres.dll
+ 2009-09-09 11:34 . 2009-08-29 00:24 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\AcRes.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\AcRes.dll
+ 2009-09-09 11:34 . 2009-08-28 10:09 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\AcRes.dll
+ 2008-07-20 18:10 . 2008-03-08 01:58 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\AcRes.dll
+ 2009-09-09 11:34 . 2009-08-28 23:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\AcRes.dll
+ 2009-09-09 11:34 . 2009-08-28 23:15 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\AcRes.dll
+ 2007-02-24 01:48 . 2009-09-27 18:44 2804 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-08-26 03:22 . 2009-06-22 10:22 2048 c:\windows\System32\tzres.dll
- 2008-12-22 22:39 . 2008-10-22 01:22 2048 c:\windows\System32\tzres.dll
+ 2009-08-13 22:53 . 2009-06-15 12:57 9728 c:\windows\System32\lsass.exe
- 2008-09-24 03:37 . 2008-01-19 07:33 9728 c:\windows\System32\lsass.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-12 12:06 . 2009-06-10 11:46 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\wkssvc.dll
+ 2009-08-12 12:06 . 2009-06-10 11:42 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\wkssvc.dll
+ 2009-08-12 12:06 . 2009-06-10 12:00 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\wkssvc.dll
+ 2009-08-12 12:06 . 2009-06-10 12:12 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\wkssvc.dll
+ 2009-08-12 12:06 . 2009-06-10 12:06 158208 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\wkssvc.dll
+ 2009-08-12 12:06 . 2009-06-10 12:16 156160 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\wkssvc.dll
+ 2009-09-09 09:41 . 2009-07-11 19:10 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlansvc.dll
+ 2009-09-09 09:41 . 2009-07-11 19:10 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlansec.dll
+ 2009-09-09 09:41 . 2009-07-11 19:10 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\wlanmsm.dll
+ 2009-09-09 09:41 . 2009-07-11 19:01 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlansvc.dll
+ 2009-09-09 09:41 . 2009-07-11 19:01 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlansec.dll
+ 2009-09-09 09:41 . 2009-07-11 19:01 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\wlanmsm.dll
+ 2009-09-09 09:41 . 2009-07-11 19:17 513536 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlansvc.dll
+ 2009-09-09 09:41 . 2009-07-11 19:17 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlansec.dll
+ 2009-09-09 09:41 . 2009-07-11 19:17 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\wlanmsm.dll
+ 2009-09-09 09:41 . 2009-07-11 19:32 513024 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlansvc.dll
+ 2009-09-09 09:41 . 2009-07-11 19:32 302592 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlansec.dll
+ 2009-09-09 09:41 . 2009-07-11 19:32 293376 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\wlanmsm.dll
+ 2009-09-09 09:41 . 2009-07-11 19:24 502784 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlansvc.dll
+ 2009-09-09 09:41 . 2009-07-11 19:24 299520 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlansec.dll
+ 2009-09-09 09:41 . 2009-07-11 19:24 289280 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\wlanmsm.dll
+ 2009-09-09 09:41 . 2009-07-11 19:32 502272 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlansvc.dll
+ 2009-09-09 09:41 . 2009-07-11 19:32 297984 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlansec.dll
+ 2009-09-09 09:41 . 2009-07-11 19:32 290816 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\wlanmsm.dll
+ 2009-10-01 00:07 . 2009-08-06 23:23 171608 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuwebv.dll
+ 2009-10-01 00:07 . 2009-08-07 02:23 575704 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wuapi.dll
+ 2009-08-12 12:06 . 2009-06-10 11:44 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvfw32.dll
+ 2008-09-24 03:37 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll
+ 2009-08-12 12:06 . 2009-06-10 11:58 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvfw32.dll
+ 2008-09-24 03:37 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:03 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvfw32.dll
+ 2009-08-12 12:06 . 2009-06-10 12:10 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvfw32.dll
+ 2009-09-09 09:41 . 2009-08-15 23:58 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpipcfg.dll
+ 2009-09-09 09:41 . 2009-08-15 21:30 816640 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
+ 2009-09-09 09:41 . 2009-08-14 16:42 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpipcfg.dll
+ 2009-09-09 09:41 . 2009-08-14 14:24 813568 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
+ 2009-09-09 09:41 . 2009-08-14 13:51 106496 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\netiohlp.dll
+ 2009-09-09 09:41 . 2009-08-14 13:48 105984 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\netiohlp.dll
+ 2009-09-09 09:41 . 2009-08-14 16:24 105472 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\netiohlp.dll
+ 2009-09-09 09:41 . 2009-08-14 16:29 104960 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\netiohlp.dll
+ 2009-09-09 09:41 . 2009-08-15 23:56 103936 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\netiohlp.dll
+ 2009-09-09 09:41 . 2009-08-14 16:40 103936 c:\windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\netiohlp.dll
+ 2009-09-09 09:41 . 2009-08-14 16:33 905784 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
+ 2009-09-09 09:41 . 2009-08-14 16:27 904776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
+ 2009-09-09 09:41 . 2009-08-14 17:01 900168 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
+ 2009-09-09 09:41 . 2009-08-14 17:07 897608 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
+ 2009-08-12 12:06 . 2009-06-04 12:54 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\aaclient.dll
+ 2009-08-12 12:06 . 2009-04-11 06:28 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\aaclient.dll
+ 2009-08-12 12:06 . 2009-06-04 12:29 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\aaclient.dll
+ 2008-09-24 03:38 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll
+ 2009-08-12 12:06 . 2009-06-04 12:25 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\aaclient.dll
+ 2009-08-12 12:06 . 2009-06-04 12:36 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\aaclient.dll
+ 2009-08-13 22:53 . 2009-06-15 15:00 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187\schannel.dll
+ 2009-08-13 22:53 . 2009-06-15 14:53 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866\schannel.dll
+ 2009-08-13 22:53 . 2009-06-15 15:25 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5\schannel.dll
+ 2009-08-13 22:53 . 2009-06-15 15:24 270848 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754\schannel.dll
+ 2009-08-13 22:53 . 2009-06-15 15:08 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31\schannel.dll
+ 2009-08-13 22:53 . 2009-06-15 15:28 272384 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5\schannel.dll
+ 2009-08-13 22:53 . 2009-06-15 14:59 217600 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\msv1_0.dll
+ 2009-08-13 22:53 . 2009-06-15 14:53 218624 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\msv1_0.dll
+ 2009-08-13 22:53 . 2009-06-15 15:24 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\msv1_0.dll
+ 2009-08-13 22:53 . 2009-06-15 15:22 213504 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\msv1_0.dll
+ 2009-08-13 22:53 . 2009-06-15 15:06 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\msv1_0.dll
+ 2009-08-13 22:53 . 2009-06-15 15:25 216576 c:\windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\msv1_0.dll
+ 2009-08-13 22:53 . 2009-06-15 14:58 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe\kerberos.dll
+ 2009-08-13 22:53 . 2009-06-15 14:52 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d\kerberos.dll
+ 2009-08-13 22:53 . 2009-06-15 15:22 500736 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec\kerberos.dll
+ 2009-08-13 22:53 . 2009-06-15 15:21 499712 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b\kerberos.dll
+ 2009-08-13 22:53 . 2009-06-15 15:04 496640 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568\kerberos.dll
+ 2009-08-13 22:53 . 2009-06-15 15:23 494592 c:\windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec\kerberos.dll
+ 2009-08-13 22:53 . 2009-06-15 15:00 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\wdigest.dll
+ 2009-08-13 22:53 . 2009-06-15 14:54 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e\wdigest.dll
+ 2009-08-13 22:53 . 2009-06-15 15:26 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\wdigest.dll
+ 2009-08-13 22:53 . 2009-06-15 15:24 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\wdigest.dll
+ 2009-08-13 22:53 . 2009-06-15 15:09 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\wdigest.dll
+ 2009-08-13 22:53 . 2009-06-15 15:29 175104 c:\windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd\wdigest.dll
+ 2009-09-09 09:41 . 2009-06-06 12:55 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18\jscript.dll
+ 2009-09-09 09:41 . 2009-06-06 05:01 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8\jscript.dll
+ 2009-09-09 09:41 . 2009-08-14 16:23 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\IKEEXT.DLL
+ 2009-09-09 09:41 . 2009-08-14 16:22 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\FWPUCLNT.DLL
+ 2009-09-09 09:41 . 2009-08-14 16:21 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\BFE.DLL
+ 2009-09-09 09:41 . 2009-08-15 23:54 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\IKEEXT.DLL
+ 2009-09-09 09:41 . 2009-08-15 23:54 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\FWPUCLNT.DLL
+ 2009-09-09 09:41 . 2009-08-15 23:53 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\BFE.DLL
+ 2009-09-09 09:41 . 2009-08-14 17:01 220232 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\netio.sys
+ 2009-09-09 09:41 . 2009-08-16 00:32 214104 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\netio.sys
+ 2009-09-09 09:41 . 2009-08-14 17:16 213592 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\netio.sys
+ 2009-08-12 12:06 . 2009-07-15 12:46 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll
+ 2009-08-12 12:06 . 2009-07-15 12:39 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll
+ 2009-08-12 12:06 . 2009-07-15 14:52 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll
+ 2009-08-12 12:06 . 2009-07-14 13:00 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll
+ 2009-08-12 12:06 . 2009-07-15 14:44 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll
+ 2009-08-12 12:06 . 2009-07-14 13:02 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll
+ 2009-08-12 12:06 . 2009-07-15 12:45 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe
+ 2009-08-12 12:06 . 2009-07-15 12:46 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe
+ 2009-08-12 12:06 . 2009-07-15 12:46 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe
+ 2009-08-12 12:06 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe
+ 2009-08-12 12:06 . 2009-07-15 12:39 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe
+ 2009-08-12 12:06 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe
+ 2009-08-12 12:06 . 2009-07-15 13:05 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe
+ 2009-08-12 12:06 . 2009-07-15 13:06 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe
+ 2009-08-12 12:06 . 2009-07-15 13:06 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe
+ 2009-08-12 12:06 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe
+ 2009-08-12 12:06 . 2009-07-14 10:59 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe
+ 2009-08-12 12:06 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe
+ 2009-08-12 12:06 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe
+ 2009-08-12 12:06 . 2009-07-15 12:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe
+ 2009-08-12 12:06 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe
+ 2009-08-12 12:06 . 2009-07-14 11:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe
+ 2009-08-12 12:06 . 2009-07-14 11:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe
+ 2009-08-12 12:06 . 2009-07-14 11:11 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe
+ 2009-08-13 22:53 . 2009-06-15 21:17 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\ksecdd.sys
+ 2009-08-13 22:53 . 2009-06-15 23:15 439864 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\ksecdd.sys
+ 2009-08-13 22:53 . 2009-06-15 18:40 439880 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\ksecdd.sys
+ 2009-08-13 22:53 . 2009-06-15 18:20 439896 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\ksecdd.sys
+ 2009-08-13 22:53 . 2009-06-15 23:20 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\ksecdd.sys
+ 2009-08-13 22:53 . 2009-06-15 18:12 408136 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\ksecdd.sys
+ 2009-09-09 09:41 . 2009-07-11 17:07 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\L2SecHC.dll
+ 2009-09-09 09:41 . 2009-07-11 17:03 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\L2SecHC.dll
+ 2009-09-09 09:41 . 2009-07-11 19:14 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\L2SecHC.dll
+ 2009-09-09 09:41 . 2009-07-11 19:29 127488 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\L2SecHC.dll
+ 2009-09-09 09:41 . 2009-07-11 19:18 124928 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\L2SecHC.dll
+ 2009-09-09 09:41 . 2009-07-11 19:26 123904 c:\windows\winsxs\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\L2SecHC.dll
+ 2009-09-09 11:34 . 2009-08-06 13:45 100352 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22909_none_846b4b875fcce288\iecompat.dll
+ 2009-09-09 11:34 . 2009-08-06 03:44 100352 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18819_none_83d6ded046b75eaf\iecompat.dll
+ 2009-09-09 09:40 . 2009-07-21 12:27 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\ehkeyctl.dll
+ 2009-09-09 09:40 . 2009-07-21 12:26 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\ehkeyctl.dll
+ 2009-09-09 09:40 . 2009-07-22 00:24 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\ehkeyctl.dll
+ 2009-09-09 09:40 . 2009-07-21 14:45 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\ehkeyctl.dll
+ 2009-09-09 09:40 . 2009-07-21 14:39 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\ehkeyctl.dll
+ 2009-09-09 09:40 . 2009-07-21 14:56 171008 c:\windows\winsxs\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\ehkeyctl.dll
+ 2009-09-09 11:34 . 2009-08-29 02:46 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\AcXtrnal.dll
+ 2009-09-09 11:34 . 2009-08-29 02:46 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\AcLayers.dll
+ 2009-09-09 11:34 . 2009-08-29 02:30 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\AcXtrnal.dll
+ 2009-09-09 11:34 . 2009-08-29 02:30 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\AcLayers.dll
+ 2009-09-09 11:34 . 2009-08-28 12:24 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\AcXtrnal.dll
+ 2009-09-09 11:34 . 2009-08-28 12:24 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\AcLayers.dll
+ 2009-09-09 11:34 . 2009-08-28 12:39 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\AcXtrnal.dll
+ 2009-09-09 11:34 . 2009-08-28 12:38 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\AcLayers.dll
+ 2009-09-09 11:34 . 2009-08-29 03:31 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\AcXtrnal.dll
+ 2009-09-09 11:34 . 2009-08-29 03:31 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\AcLayers.dll
+ 2009-09-09 11:34 . 2009-08-29 03:40 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\AcXtrnal.dll
+ 2009-09-09 11:34 . 2009-08-29 03:40 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\AcLayers.dll
+ 2009-09-09 11:34 . 2009-08-29 02:46 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\AcSpecfc.dll
+ 2009-09-09 11:34 . 2009-08-29 02:30 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\AcSpecfc.dll
+ 2009-09-09 11:34 . 2009-08-28 12:24 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\AcSpecfc.dll
+ 2009-09-09 11:34 . 2009-08-28 12:38 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\AcSpecfc.dll
+ 2009-09-09 11:34 . 2009-08-29 03:31 450560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\AcSpecfc.dll
+ 2009-09-09 11:34 . 2009-08-29 03:40 449024 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\AcSpecfc.dll
+ 2009-08-07 23:35 . 2009-08-07 23:35 134144 c:\windows\System32\xlive\sqmapi.dll
+ 2009-09-12 15:00 . 2009-03-16 18:18 517448 c:\windows\System32\XAudio2_4.dll
+ 2009-09-12 15:00 . 2008-10-27 14:04 514384 c:\windows\System32\XAudio2_3.dll
+ 2009-09-12 15:00 . 2008-07-30 10:20 509448 c:\windows\System32\XAudio2_2.dll
+ 2009-09-12 15:00 . 2009-03-16 18:18 235352 c:\windows\System32\xactengine3_4.dll
+ 2009-09-12 15:00 . 2008-10-27 14:04 235856 c:\windows\System32\xactengine3_3.dll
+ 2009-09-12 15:00 . 2008-07-30 10:20 238088 c:\windows\System32\xactengine3_2.dll
- 2008-09-24 03:38 . 2008-01-19 07:36 160256 c:\windows\System32\wkssvc.dll
+ 2009-08-12 12:06 . 2009-06-10 12:12 160256 c:\windows\System32\wkssvc.dll
+ 2009-08-13 22:53 . 2009-06-15 15:24 175104 c:\windows\System32\wdigest.dll
+ 2008-09-26 20:23 . 2009-10-05 12:33 403694 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:03 . 2009-10-05 01:35 100096 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-13 22:53 . 2009-06-15 15:24 270848 c:\windows\System32\schannel.dll
- 2006-11-02 10:33 . 2009-08-10 14:04 657882 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-02 20:25 657882 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-02 20:25 127804 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-10 14:04 127804 c:\windows\System32\perfc009.dat
+ 2009-08-13 22:53 . 2009-06-15 15:22 213504 c:\windows\System32\msv1_0.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 02:32 . 2008-03-25 02:32 218496 c:\windows\System32\Macromed\Flash\FlashUtil9f.exe
+ 2009-08-13 22:53 . 2009-06-15 15:21 499712 c:\windows\System32\kerberos.dll
+ 2009-09-09 09:41 . 2009-06-06 05:01 726528 c:\windows\System32\jscript.dll
- 2009-05-13 22:37 . 2009-03-08 11:33 726528 c:\windows\System32\jscript.dll
+ 2009-09-08 01:16 . 2009-09-08 01:16 149280 c:\windows\System32\javaws.exe
+ 2009-09-08 01:16 . 2009-09-08 01:16 145184 c:\windows\System32\javaw.exe
+ 2009-09-08 01:16 . 2009-09-08 01:16 145184 c:\windows\System32\java.exe
+ 2009-09-18 11:56 . 2008-04-17 17:12 107368 c:\windows\System32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 485920 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvudisp.exe
+ 2009-08-17 04:57 . 2009-08-17 04:57 252448 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvdecodemft.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 155648 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvcod.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 795104 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\dpinst.exe
+ 2009-08-17 04:57 . 2009-08-17 04:57 485920 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvudisp.exe
+ 2009-08-17 04:57 . 2009-08-17 04:57 252448 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvdecodemft.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 155648 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvcod.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 795104 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\dpinst.exe
+ 2009-06-18 22:48 . 2009-06-18 22:48 142832 c:\windows\System32\drivers\MpFilter.sys
+ 2009-08-13 22:53 . 2009-06-15 18:20 439896 c:\windows\System32\drivers\ksecdd.sys
+ 2009-05-01 21:02 . 2009-05-01 21:02 811008 c:\windows\System32\divx_xx16.dll
- 2008-07-25 08:34 . 2008-07-25 08:34 802816 c:\windows\System32\divx_xx11.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 802816 c:\windows\System32\divx_xx11.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 823296 c:\windows\System32\divx_xx0c.dll
- 2008-07-25 08:34 . 2008-07-25 08:34 823296 c:\windows\System32\divx_xx0c.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 815104 c:\windows\System32\divx_xx0a.dll
- 2008-07-25 08:34 . 2008-07-25 08:34 815104 c:\windows\System32\divx_xx0a.dll
- 2008-07-25 08:34 . 2008-07-25 08:34 823296 c:\windows\System32\divx_xx07.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 823296 c:\windows\System32\divx_xx07.dll
+ 2009-05-01 21:02 . 2009-05-01 21:02 685056 c:\windows\System32\DivX.dll
+ 2009-09-12 15:00 . 2009-03-09 19:27 453456 c:\windows\System32\d3dx10_41.dll
+ 2009-09-12 15:00 . 2008-10-10 08:52 452440 c:\windows\System32\d3dx10_40.dll
+ 2009-09-12 15:00 . 2008-07-10 15:01 467984 c:\windows\System32\d3dx10_39.dll
+ 2009-05-14 01:52 . 2009-09-25 21:14 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-14 01:52 . 2009-08-10 22:58 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2007-04-01 06:17 . 2009-09-01 21:01 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-04-01 06:17 . 2009-08-11 00:24 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2009-09-08 01:16 . 2009-09-08 01:16 537600 c:\windows\Installer\a5aa207.msi
+ 2009-10-02 11:44 . 2009-10-02 11:44 259072 c:\windows\Installer\5498903.msi
+ 2009-10-02 11:43 . 2009-10-02 11:43 211968 c:\windows\Installer\54988fd.msi
+ 2009-09-09 11:42 . 2009-09-09 11:42 847360 c:\windows\Installer\50b68ba.msi
+ 2009-09-09 11:41 . 2009-09-09 11:41 750080 c:\windows\Installer\50b68b0.msi
+ 2009-09-18 11:51 . 2009-09-18 11:51 694272 c:\windows\Installer\283a6d6.msi
+ 2009-10-01 11:38 . 2009-10-01 11:38 119296 c:\windows\Installer\1e5526.msi
+ 2009-09-18 11:57 . 2009-09-18 11:57 102400 c:\windows\Installer\{EC2A8F27-4FBF-4E41-B27B-FE822511B761}\iTunesIco.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-03-08 02:34 . 2009-09-09 11:43 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-03-08 02:34 . 2009-07-16 01:28 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-09-09 11:43 . 2009-09-09 11:43 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-06-17 01:23 . 2009-06-17 01:23 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-10-23 19:36 . 2007-10-23 19:36 464272 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2006-11-02 10:25 . 2009-09-18 11:51 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-08-10 22:50 143360 c:\windows\inf\infstrng.dat
+ 2009-09-09 09:40 . 2009-07-21 14:45 171008 c:\windows\ehome\ehkeyctl.dll
- 2008-09-24 03:38 . 2008-01-19 07:34 171008 c:\windows\ehome\ehkeyctl.dll
+ 2009-08-13 02:20 . 2009-08-13 02:20 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-15 00:15 . 2009-03-15 00:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-03-15 00:15 . 2009-03-15 00:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-07-05 13:47 . 2009-07-05 13:47 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-09-09 11:34 . 2009-08-28 12:39 173056 c:\windows\AppPatch\AcXtrnal.dll
- 2008-12-22 21:51 . 2008-11-01 03:44 173056 c:\windows\AppPatch\AcXtrnal.dll
+ 2009-09-09 11:34 . 2009-08-28 12:38 459776 c:\windows\AppPatch\AcSpecfc.dll
+ 2009-09-09 11:34 . 2009-08-28 12:38 541696 c:\windows\AppPatch\AcLayers.dll
- 2008-12-22 21:51 . 2008-11-01 03:44 541696 c:\windows\AppPatch\AcLayers.dll
+ 2009-10-01 00:08 . 2009-08-07 01:45 2421760 c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.4.7600.226_none_672645e7fba0c4cc\wucltux.dll
+ 2009-10-01 00:08 . 2009-08-07 02:23 1929952 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuaueng.dll
+ 2009-08-12 12:06 . 2009-06-04 12:56 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\mstscax.dll
+ 2009-08-12 12:06 . 2009-06-04 12:07 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\mstscax.dll
+ 2009-08-12 12:06 . 2009-06-04 12:33 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\mstscax.dll
+ 2009-08-12 12:06 . 2009-06-04 12:34 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\mstscax.dll
+ 2009-08-12 12:06 . 2009-06-04 12:31 1874432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\mstscax.dll
+ 2009-08-12 12:06 . 2009-06-04 12:43 1871872 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\mstscax.dll
+ 2009-09-09 11:34 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\OESpamFilter.dat
+ 2009-09-09 11:34 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\OESpamFilter.dat
+ 2009-09-09 11:34 . 2009-08-10 07:22 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\OESpamFilter.dat
+ 2009-09-09 11:34 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\OESpamFilter.dat
+ 2009-09-09 11:34 . 2009-08-10 07:22 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\OESpamFilter.dat
+ 2009-09-09 11:34 . 2009-08-10 07:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\OESpamFilter.dat
+ 2009-09-09 09:40 . 2009-06-10 11:45 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957\WMVCORE.DLL
+ 2009-09-09 09:40 . 2009-06-10 11:41 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab\WMVCORE.DLL
+ 2009-09-09 09:40 . 2009-06-10 11:59 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3\WMVCORE.DLL
+ 2009-09-09 09:40 . 2009-06-10 12:11 2386944 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\WMVCORE.DLL
+ 2009-09-09 09:40 . 2009-06-10 12:06 2436096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401\WMVCORE.DLL
+ 2009-09-09 09:40 . 2009-06-10 12:16 2433536 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\WMVCORE.DLL
+ 2009-08-12 12:06 . 2009-07-15 12:47 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL
+ 2009-08-12 12:06 . 2009-07-15 12:40 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL
+ 2009-08-12 12:06 . 2009-07-15 13:07 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL
+ 2009-08-12 12:05 . 2009-07-14 10:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL
+ 2009-08-12 12:06 . 2009-07-15 12:53 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL
+ 2009-08-12 12:06 . 2009-07-14 11:11 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL
+ 2009-09-09 09:40 . 2009-06-10 11:45 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\mf.dll
+ 2009-09-09 09:40 . 2009-06-10 11:41 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\mf.dll
+ 2009-09-09 09:40 . 2009-06-10 11:59 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\mf.dll
+ 2009-09-09 09:40 . 2009-06-10 12:11 2868224 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\mf.dll
+ 2009-09-09 09:40 . 2009-06-10 12:00 2855424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\mf.dll
+ 2009-09-09 09:40 . 2009-06-10 12:07 2855424 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\mf.dll
+ 2009-08-13 22:53 . 2009-06-15 14:58 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsasrv.dll
+ 2009-08-13 22:53 . 2009-06-15 14:52 1259008 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsasrv.dll
+ 2009-08-13 22:53 . 2009-06-15 15:25 1257984 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsasrv.dll
+ 2009-08-13 22:53 . 2009-06-15 15:23 1256448 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsasrv.dll
+ 2009-08-13 22:53 . 2009-06-15 15:04 1235456 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsasrv.dll
+ 2009-08-13 22:53 . 2009-06-15 15:23 1233920 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsasrv.dll
+ 2009-09-09 11:34 . 2009-08-29 00:34 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\GameUXLegacyGDFs.dll
+ 2009-09-09 11:34 . 2009-08-29 02:47 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\gameux.dll
+ 2009-09-09 11:34 . 2009-08-29 00:27 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\GameUXLegacyGDFs.dll
+ 2009-09-09 11:34 . 2009-04-11 06:28 1696768 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\gameux.dll
+ 2009-09-09 11:34 . 2009-08-28 10:19 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\GameUXLegacyGDFs.dll
+ 2009-09-09 11:34 . 2009-08-28 12:25 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\gameux.dll
+ 2009-09-09 11:34 . 2009-08-28 10:15 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\GameUXLegacyGDFs.dll
+ 2008-07-20 18:10 . 2008-03-08 04:21 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\gameux.dll
+ 2009-09-09 11:34 . 2009-08-28 23:26 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\GameUXLegacyGDFs.dll
+ 2009-09-09 11:34 . 2009-08-29 03:33 1686528 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\gameux.dll
+ 2009-09-09 11:34 . 2009-08-28 23:31 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\GameUXLegacyGDFs.dll
+ 2009-09-09 11:34 . 2009-08-29 03:41 1686528 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\gameux.dll
+ 2009-09-09 11:34 . 2009-08-29 02:46 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\AcGenral.dll
+ 2009-09-09 11:34 . 2009-08-29 02:30 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\AcGenral.dll
+ 2009-09-09 11:34 . 2009-08-28 12:24 2157056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\AcGenral.dll
+ 2009-09-09 11:34 . 2009-08-28 12:38 2153984 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\AcGenral.dll
+ 2009-09-09 11:34 . 2009-08-29 03:31 2144768 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\AcGenral.dll
+ 2009-09-09 11:34 . 2009-08-29 03:40 2143744 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\AcGenral.dll
+ 2009-09-09 09:40 . 2009-06-10 12:11 2386944 c:\windows\System32\WMVCORE.DLL
- 2008-12-22 21:51 . 2008-06-23 01:59 2386944 c:\windows\System32\WMVCORE.DLL
- 2006-11-02 10:22 . 2009-08-08 16:10 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-10-01 11:06 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-08-12 12:06 . 2009-06-04 12:34 2066432 c:\windows\System32\mstscax.dll
+ 2007-08-27 19:41 . 2007-08-27 19:41 1089440 c:\windows\System32\msidcrl40.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2009-08-13 22:53 . 2009-06-15 15:23 1256448 c:\windows\System32\lsasrv.dll
+ 2009-08-28 23:42 . 2009-08-28 23:42 2065696 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_5f8e430d\usbaaplrc.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 3298304 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvwgf2um.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 9545152 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvlddmkm.sys
+ 2009-08-17 04:57 . 2009-08-17 04:57 1919520 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvencodemft.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 7569920 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvd3dum.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 2169376 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvcuvid.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 1706528 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvcuvenc.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 1985536 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvcuda.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 1044992 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvapi.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 3298304 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvwgf2um.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 9545152 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvlddmkm.sys
+ 2009-08-17 04:57 . 2009-08-17 04:57 1919520 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvencodemft.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 7569920 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvd3dum.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 2169376 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvcuvid.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 1706528 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvcuvenc.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 1985536 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvcuda.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 1044992 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvapi.dll
+ 2009-09-12 15:00 . 2009-03-09 19:27 4178264 c:\windows\System32\D3DX9_41.dll
+ 2009-09-12 15:00 . 2008-10-10 08:52 4379984 c:\windows\System32\D3DX9_40.dll
+ 2009-09-12 15:00 . 2009-03-09 19:27 1846632 c:\windows\System32\D3DCompiler_41.dll
+ 2009-09-12 15:00 . 2008-10-10 08:52 2036576 c:\windows\System32\D3DCompiler_40.dll
+ 2009-09-12 15:00 . 2008-07-10 15:00 1493528 c:\windows\System32\D3DCompiler_39.dll
- 2006-11-02 12:46 . 2009-03-11 16:28 2661953 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:46 . 2009-08-13 02:42 2661953 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-08-05 06:11 . 2009-08-05 06:11 5518848 c:\windows\Installer\6472d92.msp
+ 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\6472d7f.msp
+ 2009-07-27 08:32 . 2009-07-27 08:32 5028352 c:\windows\Installer\6472d6a.msp
+ 2009-04-14 08:18 . 2009-04-14 08:18 9684480 c:\windows\Installer\50b690e.msp
+ 2009-08-25 18:57 . 2009-08-25 18:57 5518336 c:\windows\Installer\50b6905.msp
+ 2009-04-14 08:51 . 2009-04-14 08:51 1303040 c:\windows\Installer\50b68ea.msp
+ 2009-04-14 07:20 . 2009-04-14 07:20 9573376 c:\windows\Installer\50b68c6.msp
+ 2009-08-18 16:56 . 2009-08-18 16:56 5020672 c:\windows\Installer\50b6898.msp
+ 2009-04-14 08:50 . 2009-04-14 08:50 5191680 c:\windows\Installer\50b6883.msp
+ 2009-09-18 11:57 . 2009-09-18 11:57 4597248 c:\windows\Installer\283acb0.msi
+ 2009-09-18 11:54 . 2009-09-18 11:54 1659392 c:\windows\Installer\283a969.msi
+ 2009-09-18 11:53 . 2009-09-18 11:53 9013760 c:\windows\Installer\283a963.msi
+ 2009-09-18 11:51 . 2009-09-18 11:51 3310592 c:\windows\Installer\283a6cc.msi
- 2009-02-15 21:37 . 2009-07-16 01:29 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-15 21:37 . 2009-07-16 01:29 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-15 21:37 . 2009-09-09 11:41 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
- 2009-07-05 13:47 . 2009-07-05 13:47 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-19 22:11 . 2009-09-19 22:11 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-05 13:46 . 2009-07-05 13:46 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-09 11:34 . 2009-08-28 12:38 2153984 c:\windows\AppPatch\AcGenral.dll
+ 2009-08-12 12:06 . 2009-07-15 14:36 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll
+ 2009-08-12 12:06 . 2009-07-15 14:30 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll
+ 2009-08-12 12:06 . 2009-07-15 14:52 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll
+ 2009-08-12 12:06 . 2009-07-14 13:00 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll
+ 2009-08-12 12:06 . 2009-07-15 14:44 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll
+ 2009-08-12 12:06 . 2009-07-14 13:02 10621952 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll
+ 2009-06-13 04:20 . 2009-10-01 00:08 94739668 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2009-08-12 12:06 . 2009-07-14 13:00 10626048 c:\windows\System32\wmp.dll
+ 2006-11-02 10:24 . 2009-08-28 21:38 24689600 c:\windows\System32\mrt.exe
+ 2009-08-17 04:57 . 2009-08-17 04:57 10858496 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\nvoglv32.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 17646733 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_7fba301a\NvCplSetupEng.exe
+ 2009-08-17 04:57 . 2009-08-17 04:57 10858496 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\nvoglv32.dll
+ 2009-08-17 04:57 . 2009-08-17 04:57 17646733 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_43d6a94f\NvCplSetupEng.exe
+ 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\6472d80.msp
+ 2009-04-14 08:21 . 2009-04-14 08:21 15303168 c:\windows\Installer\50b68f3.msp
+ 2009-04-14 07:46 . 2009-04-14 07:46 15438848 c:\windows\Installer\50b68e1.msp
+ 2009-05-07 13:04 . 2009-05-07 13:04 18341376 c:\windows\Installer\50b68d8.msp
+ 2009-04-14 08:56 . 2009-04-14 08:56 20498944 c:\windows\Installer\50b68cf.msp
+ 2009-09-09 11:41 . 2009-09-09 11:41 15709696 c:\windows\Installer\50b68aa.msp
+ 2009-04-14 07:22 . 2009-04-14 07:22 19840000 c:\windows\Installer\50b68a1.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACCPAC 5.3 CGA Version SQL Server Instance.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ACCPAC 5.3 CGA Version SQL Server Instance.lnk
backup=c:\windows\pss\ACCPAC 5.3 CGA Version SQL Server Instance.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Ichabod^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Ichabod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2025719069-4072549690-2336237830-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3C8AADDB-7F08-4045-A5AD-9225454D577A}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{DAE161CD-8835-44C3-9C43-69DCCC9C4B7D}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{98E1015F-D564-4F07-A753-3AEC6E172F7E}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{BFCC3B43-4034-46BF-B3A4-45D5E02463D5}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{E1D3E68B-453D-4395-9C3F-0699B519B181}"= UDP:6112:Wow
"{3E5183A9-2026-4735-B3F4-7A06FA875FA8}"= UDP:3724:WoW
"{F4E96C09-F410-4A0D-BE58-5ED4D88C50F3}"= TCP:3724:wow
"{EC936354-078D-4BA6-B978-ACC8610C87DF}"= TCP:6112:wow
"TCP Query User{B6FCF0E6-C36C-434E-8B18-C0D834E04DF3}c:\\program files\\world of warcraft\\wow-2.0.8.6403-to-2.0.10.6448-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.8.6403-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"UDP Query User{3D225DCC-2671-4A3F-A3BC-3D58B69D8E77}c:\\program files\\world of warcraft\\wow-2.0.8.6403-to-2.0.10.6448-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.8.6403-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"{8B512EA4-2879-44BF-91BA-114ECB56E471}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{218CAAF1-4EA7-4820-A40E-979181F0BC27}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{659626F9-D854-4EF1-B7DB-613263EB9729}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{BD56AE87-24BF-4E06-996C-8EC3F427DDA3}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{D11A09EF-8079-4F87-90ED-51D6A1537D5F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C420F916-14AB-494F-96D0-40042F2532D8}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{83C97BBE-A27A-414C-980C-FE3AEBE71424}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{1FB69503-65BE-4214-8BE7-1A6174144D04}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1AB01AF0-78E5-4D6E-AD83-D42C8389B4B6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{34465391-A6CC-4CA8-B018-7121F4FE7409}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{D874FF0D-DC2D-4C88-8EEC-DC2CCC277FEB}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"{FAA5EBA4-A8D7-47DC-A338-25C49D9F0A42}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{91DC848E-1E34-4B47-AA4B-4FDF1A819141}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{AC441F55-E74B-42F1-BF57-E6241B4A53F1}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{D733FAEE-DA77-437B-BD53-FAA0F660291D}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{006B0D28-4AB2-4257-9155-8A83AC01C6C8}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{8299508C-BBA3-4349-8D40-04802A9FD402}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{A4E38D2A-BA6D-4B9C-9132-DB73118EEC66}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{19D58263-95E5-41CC-BAD8-4F70F193FC4F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{2569E879-088A-4FDE-87D6-113F3D27A0A8}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{70EA7AC3-CEB7-4261-B775-5B71CA9546A6}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{F514B779-C71F-4874-ABAE-5638C29A8F0F}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{6EA54A9F-42B4-49A6-89C8-E90B22A7814C}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{A87609E1-5670-4C4F-995F-3E746A96F902}c:\\program files\\ultravnc\\vncviewer.exe"= UDP:c:\program files\ultravnc\vncviewer.exe:VNCViewer
"UDP Query User{14FF67BE-2567-497A-9F8B-720099C39D83}c:\\program files\\ultravnc\\vncviewer.exe"= TCP:c:\program files\ultravnc\vncviewer.exe:VNCViewer
"TCP Query User{50313580-3899-4902-AE02-D9280D4BAB7D}c:\\downloads\\magicg\\magic\\manalink.exe"= UDP:c:\downloads\magicg\magic\manalink.exe:manalink
"UDP Query User{FB7AFC67-ABC8-45B0-AD4D-1FFA0AA6CD58}c:\\downloads\\magicg\\magic\\manalink.exe"= TCP:c:\downloads\magicg\magic\manalink.exe:manalink
"{D941BB9A-30F3-4704-9B42-1EFFDEE658FC}"= UDP:c:\program files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:PlayOnline
"{D549DBEA-23A7-4CB9-8EF3-B4B5BF4ECA41}"= TCP:c:\program files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:PlayOnline
"TCP Query User{6EB6E0C7-0A48-41C7-8F93-B1BAF3C69C07}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{877A36A3-F71C-4BF5-8DE7-7B7FAF6F8090}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{6DE46349-2B83-4983-B494-A082F29E2006}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{3E9BF166-0BDF-4C0D-A5D2-7776956A67DC}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"{700730BD-AD56-4B65-8CFF-3D4A43A97249}"= UDP:4000:Diablo
"TCP Query User{8052BA05-E1E3-4F8D-9C75-F47D9AF31284}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{9843D067-1E2A-44C3-A52F-79F22C385978}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{64F33CD4-BC67-4347-89BE-D724A4E9A027}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{03EA4F5F-7873-48CE-BA71-B9AF4DA50BA8}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{2758E05F-92E0-43DE-B1E2-A87F29D14708}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{984D361D-C2F3-48BF-B557-F990FAC8A234}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{576BFD4A-0419-4CA9-AB1B-9AB8B552D0DF}c:\\games\\summoner\\sum.exe"= UDP:c:\games\summoner\sum.exe:Sum
"UDP Query User{4F8B10CB-9B02-4360-AA62-41E9ABA69E87}c:\\games\\summoner\\sum.exe"= TCP:c:\games\summoner\sum.exe:Sum
"TCP Query User{8128F33F-7AE2-422D-AA15-54D9268B2950}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{5C1BDC73-B279-4904-A1E5-914015F61125}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{BA38395B-8156-4B90-B7CC-0594A98ABA55}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{908ABEA8-B57C-48DD-958F-D51EB2EC2375}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{7277A6FD-DB28-467A-95DD-DFECCC0DC4D4}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= UDP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"UDP Query User{F4E830FA-4FCC-4610-B2C8-46AC193A1296}c:\\program files\\turbine\\dungeons & dragons online - stormreach\\dndclient.exe"= TCP:c:\program files\turbine\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"{6F19DE52-7624-477F-A535-E0F4278D4FC3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A7FB14BF-3D9F-44CA-9A28-A3C3E37200D2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DF82CA17-CA40-4F9E-AD92-F69ED40F6744}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{24AAFE54-9C33-4A4E-8B0D-D51054AFFFBF}"= UDP:5353:Adobe CSI CS4
"{AA0882DB-6478-4DBF-8EF7-FCEFA365CFE0}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9434519C-933E-4553-A49A-984FA9DB7F05}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{7CB3396E-8883-4260-AE15-2C91FC644C00}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{5386EA6B-8477-4B49-8762-0F00B6699C6C}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{EBCCE7B2-B766-4A3C-9E42-F2323D27D41D}"= UDP:57756:Pando Media Booster
"{3B2FA6A0-3902-4EE8-B31E-75DDD1E75D2B}"= TCP:57756:Pando Media Booster
"TCP Query User{A882432F-1193-428A-9B96-E95BE4E87C05}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient.exe
"UDP Query User{C5D9811C-BA7E-4560-9027-65C671885F7A}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient.exe
"{95347618-C302-4B3E-949F-72D2A8ECE440}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{AF1DA09C-3A7F-4446-B787-6A0623B17782}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{C89352C0-321E-490C-A20F-B2B47114E0EA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BE975CCE-45EC-4212-9012-70910FF0B9C2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DC28ED40-74EC-4A7E-ABE3-9E61F5555A8E}"= Disabled:UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{5C1F6B8F-94B1-4223-984C-59DAC9148193}"= Disabled:TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{67C57D1B-4F2E-4363-8952-AE6CE9F0537B}"= UDP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{6F323EE3-5502-47F9-9225-AD79C2E9D615}"= TCP:c:\program files\Paradox Interactive\Elven Legacy\ElvenLegacy.exe:Elven Legacy
"{726A04A9-DA0B-4C8E-BBD0-A8BB7B2E0DE4}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{EE7C4B7E-A19A-4A6D-A624-4BF75F26F641}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"{27C08B3E-6499-421D-91F6-2D7B13E8B47E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EF9794FA-406F-4FA0-90C3-7566B54C8697}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4740512F-A101-4108-BB93-FE2273815D9F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1852A2EC-2595-4ED6-A42A-ADFD924F7F65}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F806B2BB-C5ED-414E-B93E-B035CDD5171F}"= UDP:c:\program files\Paradox Interactive\Majesty 2\Majesty2.exe:Majesty 2
"{33D34040-9B1F-4ECB-89BD-CEE449AA22A9}"= TCP:c:\program files\Paradox Interactive\Majesty 2\Majesty2.exe:Majesty 2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 4:06 PM 74480]
R2 MSSQL$ACCPAC53CGAR2;SQL Server (ACCPAC53CGAR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 11:31 PM 29263712]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [24/02/2009 6:31 PM 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/08/2009 1:32 AM 239648]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18/06/2009 6:48 PM 42480]
S3 MEMSWEEP2;MEMSWEEP2;c:\program files\Sophos\Sophos Anti-Rootkit\MEMSWEEP.sys [10/08/2009 5:19 PM 6144]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 4:06 PM 7408]
S4 0304311174691783mcinstcleanup;McAfee Application Installer Cleanup (0304311174691783);c:\windows\TEMP\030431~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\030431~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-10-05 c:\windows\Tasks\User_Feed_Synchronization-{78FCFC94-8AB0-41ED-B3FD-5D5737E7A8FA}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ichabod\AppData\Roaming\Mozilla\Firefox\Profiles\diqinmap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 18:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025719069-4072549690-2336237830-1001\Software\SecuROM\License information*]
"datasecu"=hex:f8,00,64,01,7c,10,1d,b2,c3,28,24,85,10,ca,e9,2c,15,93,77,71,a8,
da,11,4f,10,84,2b,03,d1,55,46,ac,f2,9d,e2,ca,bc,49,df,08,c5,43,a2,e1,c6,7e,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3024)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscape.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Security Essentials\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2009-10-05 18:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-05 22:39
ComboFix2.txt 2009-08-11 01:22

Pre-Run: 17,295,478,784 bytes free
Post-Run: 17,595,867,136 bytes free

1042 --- E O F --- 2009-10-01 11:38



******************************************************************************************************************


uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105w.bay105.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ichabod\appdata\roaming\mozilla\firefox\profiles\diqinmap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 MSSQL$ACCPAC53CGAR2;SQL Server (ACCPAC53CGAR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-24 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
S3 MEMSWEEP2;MEMSWEEP2;c:\program files\sophos\sophos anti-rootkit\MEMSWEEP.sys [2009-8-10 6144]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S4 0304311174691783mcinstcleanup;McAfee Application Installer Cleanup (0304311174691783);c:\windows\temp\030431~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\030431~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-10-05 18:19 <DIR> -cd----- C:\ComboFix
2009-10-04 21:34 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-10-02 07:47 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-02 07:43 <DIR> -cd----- c:\program files\Microsoft Security Essentials
2009-09-30 20:08 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-09-30 20:07 87,552 a------- c:\windows\system32\wudriver.dll
2009-09-30 20:07 171,608 a------- c:\windows\system32\wuwebv.dll
2009-09-30 20:07 33,792 a------- c:\windows\system32\wuapp.exe
2009-09-23 20:05 <DIR> --d-h--- c:\programdata\CanonBJ
2009-09-22 10:27 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 17:51 <DIR> --d----- c:\users\ichabod\appdata\roaming\DAEMON Tools Pro
2009-09-19 17:51 <DIR> --d----- c:\users\ichabod\appdata\roaming\DAEMON Tools Lite
2009-09-18 07:56 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-18 07:56 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 07:55 <DIR> -cd----- c:\program files\iPod
2009-09-18 07:55 <DIR> -cd----- c:\program files\iTunes
2009-09-18 07:55 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 07:55 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 07:54 <DIR> -cd----- c:\program files\Bonjour
2009-09-17 21:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 21:11 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-17 21:11 <DIR> -cd----- c:\program files\MWareBytes
2009-09-17 17:48 <DIR> --d----- C:\found.000
2009-09-12 10:59 <DIR> --d----- c:\windows\system32\directx
2009-09-09 07:42 <DIR> --d----- c:\windows\system32\xlive
2009-09-09 07:41 <DIR> -cd----- c:\program files\Microsoft Games for Windows - LIVE
2009-09-09 07:34 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-09 07:34 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-09 05:40 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-07 21:16 411,368 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-09-18 07:51 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-18 07:51 86,016 a------- c:\windows\inf\infstor.dat
2009-09-18 07:51 51,200 a------- c:\windows\inf\infpub.dat
2009-09-08 22:07 33,069 a------- c:\programdata\nvModes.dat
2009-09-08 22:07 33,069 a------- c:\progra~2\nvModes.dat
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 02:41 215,584 a------- c:\windows\system32\nvvsvc.exe
2009-08-17 02:41 143,360 a------- c:\windows\system32\nvshext.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 9,545,152 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 795,104 a------- c:\windows\system32\dpinst.exe
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-11 12:35 485,920 a------- c:\windows\system32\nvuninst.exe
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-27 09:42 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-11 15:32 513,024 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:32 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:32 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:29 127,488 a------- c:\windows\system32\L2SecHC.dll
2008-09-25 18:33 174 a--sh--- c:\program files\desktop.ini
2008-09-25 18:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-03 20:55 32 a------- c:\programdata\ezsid.dat
2008-07-03 20:55 32 a------- c:\progra~2\ezsid.dat
2007-08-17 22:18 45 a------- c:\users\ichabod\aa.bat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:35:14.62 ===============

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:34 PM

Posted 07 October 2009 - 04:03 AM

Hi,

Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Delete c:\users\ichabod\aa.bat file unless you're familiar with it.


Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read the requirements and privacy statement then click on the Accept button.
  • The program will launch and start to download the latest definition files.
  • You will be prompted to install an application from Kaspersky. Click Run
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • Click on Save Report As....
  • Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Save this report to a convenient place.
  • Copy and paste that information into your topic. How's the system running?
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Jellofiend

Jellofiend
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 08 October 2009 - 06:19 AM

My computer is relatively symptom-free. I've run the kaspersky scan, and the only threat has been deleted.

Even though I don't have any "active" threats at the moment, I'm very concerned about the devices named after the original infections (as mentioned above)

I uninstalled the flash and shockwave programs, and deleted aa.bat

Here's the log from Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 8, 2009
Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 08, 2009 01:21:59
Records in database: 2932326
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 161555
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:50:15


File name / Threat / Threats count
C:\Users\Ichabod\Music\iTunes\iTunes Music\Mobile Applications\Jailbreaker Lite.ipa Infected: Trojan-Clicker.HTML.IFrame.akw 1

Selected area has been scanned.

Edited by Jellofiend, 08 October 2009 - 06:20 AM.


#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:34 PM

Posted 08 October 2009 - 09:20 AM

Hi,

Update MBAM definitions and see if you are able to run a quick scan with it (let it remove all findings). Post back the report when ready.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Jellofiend

Jellofiend
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 08 October 2009 - 03:16 PM

MBam still won't allow me to do a full scan. It crashes, and the last file it shows scanning is MSVCR80.dll.... I'm not sure if that matters.

The quick scan doesn't come up with anything.

Malwarebytes' Anti-Malware 1.41
Database version: 2924
Windows 6.0.6001 Service Pack 1

08/10/2009 4:14:10 PM
mbam-log-2009-10-08 (16-14-10).txt

Scan type: Quick Scan
Objects scanned: 99779
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:34 PM

Posted 09 October 2009 - 09:53 AM

Hi,


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Jellofiend

Jellofiend
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 12 October 2009 - 08:44 AM

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-12 09:42:43
Windows 6.0.6001 Service Pack 1
Running: zozp9cgm.exe; Driver: C:\Users\Ichabod\AppData\Local\Temp\pxldypod.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 8756DF00
INT 0x61 ? 85B28BF8
INT 0x71 ? 8756DF00
INT 0x71 ? 8756DF00
INT 0x92 ? 8756DF00
INT 0xA2 ? 8756DF00
INT 0xB2 ? 8756DF00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spnf.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8ABDB46F 5 Bytes JMP 8756D4E0
.text aj0r8sl9.SYS 900B1000 22 Bytes [26, 12, 9D, 82, 10, 11, 9D, ...]
.text aj0r8sl9.SYS 900B1017 145 Bytes [00, 32, 27, 7A, 80, 3D, 25, ...]
.text aj0r8sl9.SYS 900B10A9 35 Bytes [40, 66, 82, A0, 37, 66, 82, ...]
.text aj0r8sl9.SYS 900B10CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text aj0r8sl9.SYS 900B10DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B291F8
Device \FileSystem\fastfat \FatCdrom 882B1500
Device \Driver\sptd \Device\2007687852 spnf.sys
Device \Driver\volmgr \Device\VolMgrControl 85B261F8
Device \Driver\usbuhci \Device\USBPDO-0 875D4408
Device \Driver\usbuhci \Device\USBPDO-1 875D4408
Device \Driver\usbehci \Device\USBPDO-2 875821F8
Device \Driver\usbuhci \Device\USBPDO-3 875D4408
Device \Driver\usbuhci \Device\USBPDO-4 875D4408
Device \Driver\usbuhci \Device\USBPDO-5 875D4408
Device \Driver\usbehci \Device\USBPDO-6 875821F8
Device \Driver\volmgr \Device\HarddiskVolume1 85B261F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 85B261F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8757E1F8
Device \Driver\PCI_PNP5835 \Device\00000059 spnf.sys
Device \Driver\volmgr \Device\HarddiskVolume3 85B261F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\iaStor \Device\Ide\iaStor0 [8A8A6F90] \SystemRoot\system32\drivers\iastor.sys[unknown section]
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A8A6F90] \SystemRoot\system32\drivers\iastor.sys[unknown section]
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A8A6F90] \SystemRoot\system32\drivers\iastor.sys[unknown section]
Device \Driver\cdrom \Device\CdRom1 8757E1F8
Device \Driver\cdrom \Device\CdRom2 8757E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{EC42C46E-184D-4D85-A2B4-6E5D0CEE7F12} 87F141F8
Device \Driver\cdrom \Device\CdRom3 8757E1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87F141F8
Device \Driver\Smb \Device\NetbiosSmb 87E9A1F8
Device \Driver\iScsiPrt \Device\RaidPort0 877941F8
Device \Driver\netbt \Device\NetBT_Tcpip_{24C6B9EE-9497-4223-88C6-0F8D419AEC11} 87F141F8
Device \Driver\usbuhci \Device\USBFDO-0 875D4408
Device \Driver\usbuhci \Device\USBFDO-1 875D4408
Device \Driver\usbehci \Device\USBFDO-2 875821F8
Device \Driver\usbuhci \Device\USBFDO-3 875D4408
Device \Driver\usbuhci \Device\USBFDO-4 875D4408
Device \Driver\usbuhci \Device\USBFDO-5 875D4408
Device \Driver\usbehci \Device\USBFDO-6 875821F8
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91Port2Path0Target2Lun0 87647500
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91Port2Path0Target0Lun0 87647500
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91 87647500
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91Port2Path0Target1Lun0 87647500
Device \FileSystem\fastfat \Fat 882B1500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 8884D1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@imagepath \systemroot\system32\drivers\SKYNETiwepeviv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@sid 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETiwepeviv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETcmd.dll \systemroot\system32\SKYNETqynkjnly.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETlog.dat \systemroot\system32\SKYNETieftpktr.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbiuippav.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNET.dat \systemroot\system32\SKYNETximmwjup.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x5F 0x30 0x3C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x90 0xD4 0x90 0xB6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF4 0xC6 0x9E 0x69 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvvitsvnbfm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x5F 0x9B 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8A 0xC0 0x36 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0xF8 0x20 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x5F 0x9B 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8A 0xC0 0x36 0x24 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0xF8 0x20 0x72 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG001a.000 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG001a.001 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG001a.002 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid 0 bytes

---- EOF - GMER 1.0.15 ----

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:34 PM

Posted 12 October 2009 - 11:39 AM

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
FOR %%i IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys"
) DO (
SWReg ACL %%i /OM
SWReg ACL %%i /GE:F /I ENABLE
SWReg DELETE %%i
)
DEL %0

Double-click on fixes.bat file to execute it.

Post fresh GMER & dds.txt logs.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Jellofiend

Jellofiend
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 12 October 2009 - 03:15 PM

I created the .bat file. It disappeared when I ran it, so I have no idea if it did anything.




GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-12 16:12:37
Windows 6.0.6001 Service Pack 1
Running: zozp9cgm.exe; Driver: C:\Users\Ichabod\AppData\Local\Temp\pxldypod.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 8756DF00
INT 0x61 ? 85B28BF8
INT 0x71 ? 8756DF00
INT 0x71 ? 8756DF00
INT 0x92 ? 8756DF00
INT 0xA2 ? 8756DF00
INT 0xB2 ? 8756DF00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spnf.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8ABDB46F 5 Bytes JMP 8756D4E0
.text aj0r8sl9.SYS 900B1000 22 Bytes [26, 12, 9D, 82, 10, 11, 9D, ...]
.text aj0r8sl9.SYS 900B1017 145 Bytes [00, 32, 27, 7A, 80, 3D, 25, ...]
.text aj0r8sl9.SYS 900B10A9 35 Bytes [40, 66, 82, A0, 37, 66, 82, ...]
.text aj0r8sl9.SYS 900B10CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text aj0r8sl9.SYS 900B10DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B291F8
Device \FileSystem\fastfat \FatCdrom 882B1500
Device \Driver\sptd \Device\2007687852 spnf.sys
Device \Driver\volmgr \Device\VolMgrControl 85B261F8
Device \Driver\usbuhci \Device\USBPDO-0 875D4408
Device \Driver\usbuhci \Device\USBPDO-1 875D4408
Device \Driver\usbehci \Device\USBPDO-2 875821F8
Device \Driver\usbuhci \Device\USBPDO-3 875D4408
Device \Driver\usbuhci \Device\USBPDO-4 875D4408
Device \Driver\usbuhci \Device\USBPDO-5 875D4408
Device \Driver\usbehci \Device\USBPDO-6 875821F8
Device \Driver\volmgr \Device\HarddiskVolume1 85B261F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 85B261F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8757E1F8
Device \Driver\PCI_PNP5835 \Device\00000059 spnf.sys
Device \Driver\volmgr \Device\HarddiskVolume3 85B261F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\iaStor \Device\Ide\iaStor0 [8A8A6F90] \SystemRoot\system32\drivers\iastor.sys[unknown section]
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A8A6F90] \SystemRoot\system32\drivers\iastor.sys[unknown section]
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A8A6F90] \SystemRoot\system32\drivers\iastor.sys[unknown section]
Device \Driver\cdrom \Device\CdRom1 8757E1F8
Device \Driver\cdrom \Device\CdRom2 8757E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{EC42C46E-184D-4D85-A2B4-6E5D0CEE7F12} 87F141F8
Device \Driver\cdrom \Device\CdRom3 8757E1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87F141F8
Device \Driver\Smb \Device\NetbiosSmb 87E9A1F8
Device \Driver\iScsiPrt \Device\RaidPort0 877941F8
Device \Driver\netbt \Device\NetBT_Tcpip_{24C6B9EE-9497-4223-88C6-0F8D419AEC11} 87F141F8
Device \Driver\usbuhci \Device\USBFDO-0 875D4408
Device \Driver\usbuhci \Device\USBFDO-1 875D4408
Device \Driver\usbehci \Device\USBFDO-2 875821F8
Device \Driver\usbuhci \Device\USBFDO-3 875D4408
Device \Driver\usbuhci \Device\USBFDO-4 875D4408
Device \Driver\usbuhci \Device\USBFDO-5 875D4408
Device \Driver\usbehci \Device\USBFDO-6 875821F8
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91Port2Path0Target2Lun0 87647500
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91Port2Path0Target0Lun0 87647500
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91 87647500
Device \Driver\aj0r8sl9 \Device\Scsi\aj0r8sl91Port2Path0Target1Lun0 87647500
Device \FileSystem\fastfat \Fat 882B1500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 8884D1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@imagepath \systemroot\system32\drivers\SKYNETiwepeviv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@sid 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETiwepeviv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETcmd.dll \systemroot\system32\SKYNETqynkjnly.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETlog.dat \systemroot\system32\SKYNETieftpktr.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbiuippav.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNET.dat \systemroot\system32\SKYNETximmwjup.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x5F 0x30 0x3C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x90 0xD4 0x90 0xB6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF4 0xC6 0x9E 0x69 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvvitsvnbfm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x5F 0x9B 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8A 0xC0 0x36 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0xF8 0x20 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x5F 0x9B 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8A 0xC0 0x36 0x24 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0xF8 0x20 0x72 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...

---- EOF - GMER 1.0.15 ----










DDS (Ver_09-07-30.01) - NTFSx86
Run by Ichabod at 15:30:16.51 on 12/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.2.1033.18.3069.1290 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\DivX\DivX Codec\divxsm.exe
C:\Users\Ichabod\Desktop\zozp9cgm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ichabod\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105w.bay105.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ichabod\appdata\roaming\mozilla\firefox\profiles\diqinmap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 MSSQL$ACCPAC53CGAR2;SQL Server (ACCPAC53CGAR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-2-24 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-7 22016]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
SUnknown 0304311174691783mcinstcleanup;0304311174691783mcinstcleanup; [x]

=============== Created Last 30 ================

2009-10-08 11:27 44,544 a------- c:\windows\system32\msxml4a.dll
2009-10-08 07:58 <DIR> -cd----- c:\program files\Spybot - Search & Destroy
2009-10-08 07:54 <DIR> -cd----- c:\program files\SUPERAntiSpyware
2009-10-08 07:53 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-10-08 07:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 07:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-08 07:53 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 21:34 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-10-02 07:47 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-02 07:43 <DIR> -cd----- c:\program files\Microsoft Security Essentials
2009-09-30 20:08 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-09-30 20:07 87,552 a------- c:\windows\system32\wudriver.dll
2009-09-30 20:07 171,608 a------- c:\windows\system32\wuwebv.dll
2009-09-30 20:07 33,792 a------- c:\windows\system32\wuapp.exe
2009-09-22 10:27 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-19 17:51 <DIR> --d----- c:\users\ichabod\appdata\roaming\DAEMON Tools Pro
2009-09-19 17:51 <DIR> --d----- c:\users\ichabod\appdata\roaming\DAEMON Tools Lite
2009-09-18 07:56 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-18 07:56 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 07:55 <DIR> -cd----- c:\program files\iPod
2009-09-18 07:55 <DIR> -cd----- c:\program files\iTunes
2009-09-18 07:55 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 07:55 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 07:54 <DIR> -cd----- c:\program files\Bonjour
2009-09-17 21:11 <DIR> -cd----- c:\program files\MWareBytes
2009-09-17 17:48 <DIR> --d----- C:\found.000

==================== Find3M ====================

2009-10-08 11:26 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-08 11:26 86,016 a------- c:\windows\inf\infstor.dat
2009-10-08 11:26 51,200 a------- c:\windows\inf\infpub.dat
2009-09-08 22:07 33,069 a------- c:\programdata\nvModes.dat
2009-09-08 22:07 33,069 a------- c:\progra~2\nvModes.dat
2009-09-07 21:16 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 08:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 06:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-17 02:42 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-08-17 02:42 1,346,080 a------- c:\windows\system32\nvsvs.dll
2009-08-17 02:41 215,584 a------- c:\windows\system32\nvvsvc.exe
2009-08-17 02:41 143,360 a------- c:\windows\system32\nvshext.dll
2009-08-17 00:57 10,858,496 a------- c:\windows\system32\nvoglv32.dll
2009-08-17 00:57 9,545,152 a------- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-17 00:57 7,569,920 a------- c:\windows\system32\nvd3dum.dll
2009-08-17 00:57 2,169,376 a------- c:\windows\system32\nvcuvid.dll
2009-08-17 00:57 1,985,536 a------- c:\windows\system32\nvcuda.dll
2009-08-17 00:57 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-17 00:57 1,044,992 a------- c:\windows\system32\nvapi.dll
2009-08-17 00:57 795,104 a------- c:\windows\system32\dpinst.exe
2009-08-17 00:57 485,920 a------- c:\windows\system32\nvudisp.exe
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod162.dll
2009-08-17 00:57 155,648 a------- c:\windows\system32\nvcod.dll
2009-08-17 00:57 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-08-14 13:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-11 12:35 485,920 a------- c:\windows\system32\nvuninst.exe
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-27 09:42 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2008-09-25 18:33 174 a--sh--- c:\program files\desktop.ini
2008-09-25 18:22 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-03 20:55 32 a------- c:\programdata\ezsid.dat
2008-07-03 20:55 32 a------- c:\progra~2\ezsid.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:31:13.84 ===============

Attached Files



#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:34 PM

Posted 13 October 2009 - 01:31 AM

It disappeared when I ran it.

That was by design.

Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[-HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo]
[-HKLM\SYSTEM\ControlSet001\Services\UACd.sys]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then attach the resultant log & fresh gmer log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 Jellofiend

Jellofiend
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 13 October 2009 - 09:16 PM

Ok, so just as last time Combofix screwed up my network adapter. Instead of resetting the process and doing a system restore again - I uninstalled and reinstalled the drivers for the network adapter and ethernet card.

I've attached the requested combofix log and the gmer log is below.

Thanks

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-13 22:15:36
Windows 6.0.6001 Service Pack 1
Running: zozp9cgm.exe; Driver: C:\Users\Ichabod\AppData\Local\Temp\pxldypod.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 874B0F00
INT 0x61 ? 85B28BF8
INT 0x71 ? 874B0F00
INT 0x71 ? 874B0F00
INT 0x92 ? 874B0F00
INT 0xA2 ? 874B0F00
INT 0xB2 ? 874B0F00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spwz.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8ABDA46F 5 Bytes JMP 874B04E0
.text a9474j3q.SYS 908AC000 22 Bytes [26, 82, 60, 82, 10, 81, 60, ...]
.text a9474j3q.SYS 908AC017 130 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...]
.text a9474j3q.SYS 908AC09A 14 Bytes [68, 82, 9C, 83, 68, 82, 60, ...]
.text a9474j3q.SYS 908AC0A9 35 Bytes [70, 68, 82, A0, 67, 68, 82, ...]
.text a9474j3q.SYS 908AC0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B291F8
Device \FileSystem\fastfat \FatCdrom 87DF1500
Device \Driver\sptd \Device\1292510283 spwz.sys
Device \FileSystem\fastfat \Fat 87DF1500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 8869F500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo@imagepath \systemroot\system32\drivers\SKYNETiwepeviv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@sid 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETiwepeviv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETcmd.dll \systemroot\system32\SKYNETqynkjnly.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETlog.dat \systemroot\system32\SKYNETieftpktr.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNETwsp.dll \systemroot\system32\SKYNETbiuippav.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETfhxqtuxo\modules@SKYNET.dat \systemroot\system32\SKYNETximmwjup.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x5F 0x30 0x3C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x90 0xD4 0x90 0xB6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF4 0xC6 0x9E 0x69 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACvvitsvnbfm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x5F 0x9B 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8A 0xC0 0x36 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0xF8 0x20 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x11 0xF0 0x89 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x35 0x0C 0xC2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCE 0x5F 0x9B 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x8A 0xC0 0x36 0x24 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x84 0xF8 0x20 0x72 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x89 0x0C 0x9E 0xA9 ...

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  log.txt   141.74KB   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users