Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IAPro


  • This topic is locked This topic is locked
3 replies to this topic

#1 MChris

MChris

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 20 December 2009 - 03:40 PM

I've been working on a friends computer that is infected with something (some trojan or rootkit, or something). The PC started prompting her with messages of infections and advised using "Internet Antivirus Professional". I'm not sure what all she clicked on, but when I got the PC and logged in under her profile the machine immediately locked up and was showing two windows. 1. an IAPRO.EXE error prompting to "send error report" to microsoft (looked fake to me) and a large window with a fake Vista appearance called "Privacy Center". There was also an icon on the desktop for "Internet Antivirus Pro". I don't know if the two are related.

Here is what I've done so far.
In safe mode, I searched for and removed every instance (file name and registry key) of "Internet Antivirus Pro", IAPRO.EXE, "Privacy Center". I didn't right them all down, but I tried to make sure they were not legitimate before deleting anything.

I basically followed the steps I found here: http://www.spywareremove.com/removeInternetAntivirusPro.html

Then, put the PC on my own network (in safe mode with networking) and scanned it numerous times with Trend Micro Internet Security (which I'm not bragging about). The only thing TM found was a bunch of cookies.

I have a few malware removal tools on a jump drive (Malware Bytes, Spybot S&D, AVG, etc) and I plugged it into this PC once I thought I had cleaned up (using the instructions at the linke above) But I had forgotten that I had plugged it up once while the PC was in safe mode). When I opended the jump drive I noticed two new files One was an executable called "m.exe" and showed to belong to Skype LTD. The second was an "Autorun.inf" file which included this:

[AutoRun]
shellexecute=J:\m.exe /s
Action=Autorun

I deleted these two files and rebooted the machine. I brought it up in safe mode because I assumed it was infected again with the same files. I did a search for IAPRO.EXE and found this file: C:WINDOWS/PREFETCH/IAPRO.EXE-35BB6985.pf (I'm not sure if that was the exact location but I do remember seeing those 2 directories in the path name).

So, I deleted this file and rebooted the machine. This time allowing it boot completely into windows and logged on as the user. Immediately I started seeing popup windows.

I looked at the jumpdrive again and those two files were there again. I deleted them.

I read these instructions: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

I downloaded and used the DDS and RootRepeal tools. I used the same jumpdrive to move those files from my personal machine to my friends machine. Of course those two files reappeared. I saved the logs from the tools on the jumpdrive and deleted the autorun.inf and m.exe files again and quickly removed the jumpdrive. When I plugged the jumpdrive into this machine and opened it, those two files briefly appeard and then disappeared.

SO, I have two questions.
#1. What is causing these two files to be saved on my jumpdrive?
#2. How do I stop it?

I hope this is not too long. I have a tendancy to over explain things.

Thanks in advance.

Here are my log files created by DDS and RootRepeal

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 12:33:13.45 on Mon 01/02/2006
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.599 [GMT -6:00]

AV: Internet Antivirus *On-access scanning disabled* (Updated) {98A76F52-26FB-4DDB-B29D-C22BAFA7D00D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE -k fioo32
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\windows\ld16.exe
C:\windows\freddy79.exe
C:\windows\mstre24.exe
C:\windows\pp13.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\NOTEPAD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
J:\tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe
uWinlogon: Shell=c:\documents and settings\compaq_administrator\application data\pc\pc.exe
BHO: MMklkl: {1428a472-5260-404e-9977-7ecdf1daf936} - c:\windows\system32\mukmil.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ALO: {506cd401-5203-4b27-bb5a-03c97758fd02} - c:\windows\system32\lastmon.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
uRun: [Internet Antivirus Pro] "c:\program files\internet antivirus pro\IAPro.exe" /s
uRun: [agent.exe] c:\documents and settings\compaq_administrator\application data\pc\agent.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [10370154] c:\documents and settings\all users\application data\10370154\10370154.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [sysldtray] c:\windows\ld16.exe
mRun: [sysfbtray] c:\windows\freddy79.exe
mRun: [SySmstray] c:\windows\mstre24.exe
mRun: [pp] c:\windows\pp13.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: ccbadbebbbef - c:\windows\system32\ccbadbebbbef.dll
Notify: cdabbedb - c:\windows\system32\cdabbedb.dll
Notify: __c00C5844 - c:\windows\system32\__c00C5844.dat
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: taskmgr.exe - ?

============= SERVICES / DRIVERS ===============

R?2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2008-9-10 14336]
R1 fio32;fio32;c:\windows\system32\drivers\fio32.sys [2009-11-20 59520]
R2 HTGrdEngine;Guard Service;c:\documents and settings\sheila\local settings\application data\microsoft\windows\services.exe [2009-12-6 195584]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10910.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10910.sys [?]

=============== Created Last 30 ================

2009-12-18 17:00:20 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-18 17:00:20 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-12-18 17:00:15 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-18 17:00:15 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-18 17:00:09 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-18 17:00:09 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-16 23:52:21 207888 ----a-w- c:\windows\system32\c867de12fcf77ad6547318aff8dac9d6.exe
2009-12-16 23:52:20 246288 ----a-w- c:\windows\system32\574bd64bcd3dd8e697681d449cc4a14a.exe
2009-12-16 23:52:18 207824 ----a-w- c:\windows\system32\1f7a6dbef61bf2e9074945c9384b53a8.exe
2009-12-16 23:52:17 246224 ----a-w- c:\windows\system32\a64b012c94c2cc467c8a3689954a5338.exe
2009-12-10 23:31:55 0 d-sh--w- c:\documents and settings\compaq_administrator\PrivacIE
2009-12-10 22:51:01 31232 ---h--w- c:\windows\pp13.exe
2009-12-10 22:51:00 92672 ----a-w- c:\windows\rdr_1260485458.exe
2009-12-10 22:50:58 61440 ------w- c:\windows\freddy76.exe
2009-12-10 22:50:58 2 ----a-w- c:\windows\0101120101465455.xxe
2009-12-10 22:50:06 0 d-----w- c:\docume~1\compaq~1\applic~1\Internet Antivirus Pro
2009-12-10 22:49:05 0 d-sh--w- c:\documents and settings\compaq_administrator\IETldCache
2009-12-07 00:44:26 2 ----a-w- c:\windows\010112010146103110.xxe
2009-12-07 00:38:13 215 ----a-w- C:\xcrashdump.dat
2009-12-07 00:38:00 28672 ----a-w- c:\program files\common files\75391char.exe
2009-12-07 00:37:59 2392477 ----a-w- c:\program files\common files\505162calc.exe
2009-12-07 00:37:53 28672 ----a-w- c:\program files\common files\243901char.exe
2009-12-07 00:37:49 2392477 ----a-w- c:\program files\common files\42934calc.exe
2009-12-07 00:16:03 0 d-----w- c:\docume~1\alluse~1\applic~1\16440318
2009-12-07 00:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\44871428
2009-12-06 23:27:20 246288 ----a-w- c:\windows\system32\2e4afd83cf0eed240f8b6b508347611d.exe
2009-12-06 23:27:16 246224 ----a-w- c:\windows\system32\c5ecb5553004a79a0b5ae0144a771f2e.exe
2009-12-06 23:23:52 2 ----a-w- c:\windows\010112010146111103.xxe
2009-11-21 00:39:59 25 ----a-w- c:\windows\bk20856.dat
2009-11-17 22:29:10 246800 ----a-w- c:\windows\system32\008fc37c341047d9fa8b9d2c7e44553c.exe
2009-11-17 22:29:10 246736 ----a-w- c:\windows\system32\8479e383c13c1b353c1fc82d2b8a9bde.exe
2009-11-12 05:15:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-11-12 05:15:09 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-11-12 02:15:06 0 d-----w- c:\windows\system32\Adobe
2009-10-28 12:52:07 246800 ----a-w- c:\windows\system32\a16654f89b83a3aab3011de73d5d63d5.exe
2009-10-28 12:52:06 246736 ----a-w- c:\windows\system32\789bd55241b125118b8b90b0dc0d3664.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\SET222.tmp
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\SET223.tmp
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-08 00:42:46 116224 ------w- c:\windows\system32\cc4f239455a90fa09b97f405fafb1027.TMP
2009-10-08 00:42:45 312847 ------w- c:\windows\system32\ef96b0ad7b0290cc7659bc2b7491b8a3.TMP
2009-10-01 17:53:18 193040 ----a-w- c:\windows\system32\lastmon.dll
2009-09-30 17:53:08 245776 ----a-w- c:\windows\system32\e7b0071d52b29d6b9705b081ba330b6e.exe
2009-09-30 17:53:05 245712 ----a-w- c:\windows\system32\63f0725d044a25ca444138b1c01fae07.exe
2009-09-26 23:20:01 248848 ----a-w- c:\windows\system32\cef718bfc563c34ebd9ff19d5ccc105a.exe
2009-09-26 23:20:00 248784 ----a-w- c:\windows\system32\3fdeaf5c332858379516984e9d9e46a0.exe
2009-09-14 14:46:33 16 ----a-w- c:\windows\system32\d2f72775c68a7c30bb33d7609cda6bdf.exe
2009-09-09 10:38:42 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-04 20:28:00 0 d-----w- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-04 20:27:44 0 d-----w- c:\program files\Bonjour
2009-09-02 23:12:04 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2009-09-02 08:04:52 0 d-----w- c:\windows\system32\XPSViewer
2009-09-02 08:04:03 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-02 08:04:03 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-02 08:04:03 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-02 08:04:03 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-02 08:04:03 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-02 08:04:03 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-02 08:04:03 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-02 08:04:03 0 d-----w- C:\97fe8400da610b0242caeef1665465e8
2009-09-02 00:25:42 0 d-----w- C:\ProgramData
2009-09-02 00:25:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-09-02 00:24:51 0 d-----w- c:\program files\Microsoft WSE
2009-09-02 00:21:35 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-09-02 00:21:32 0 d-----w- c:\windows\Logs
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-13 14:17:40 244752 ----a-w- c:\windows\system32\87854202aab219b94e614335cf5e5eae.exe
2009-08-13 14:17:37 244688 ----a-w- c:\windows\system32\ce37e8fb96b8fbe98017870ccc455eca.exe
2009-08-12 00:59:12 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 00:59:04 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 23:39:30 244752 ----a-w- c:\windows\system32\c2b71e238d215a06d3087047e2b168a6.exe
2009-08-11 23:39:29 244688 ----a-w- c:\windows\system32\f6454f3db99fd3c0686aa0e5ad3c9a68.exe
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 08:05:02 150544 ----a-w- c:\windows\system32\a7c3f1831fae7b35903c34d6cc496be7.exe
2009-07-28 08:05:01 244752 ----a-w- c:\windows\system32\81748fe86dc7b5ccda0881230561ee04.exe
2009-07-28 08:05:01 124448 ----a-w- c:\windows\system32\2a987c3c0968a642bc5857fbd1cfab72.exe
2009-07-27 08:01:38 116224 ----a-w- c:\windows\system32\ccbadbebbbef.dll
2009-07-23 01:08:39 0 d-----w- c:\program files\Fast Browser Search
2009-07-21 06:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-21 02:12:49 0 d-----w- c:\docume~1\alluse~1\applic~1\10370154
2009-07-17 19:01:06 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22:18 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-06-25 08:25:26 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25:26 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36:30 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 12:31:40 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 12:31:39 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-06-11 08:04:33 0 d-----w- c:\windows\ie8updates
2009-06-10 19:59:18 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 19:59:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 14:13:29 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 06:14:49 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-06-07 18:05:43 0 dc-h--w- c:\windows\ie8
2009-05-28 05:07:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-28 04:53:56 445504 ----a-r- c:\windows\system32\vp6vfw.dll
2009-05-27 00:19:30 0 d-----w- c:\docume~1\alluse~1\applic~1\blg
2009-05-26 22:18:34 90112 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 22:18:34 57344 ----a-w- c:\windows\system32\QuickTime.qts
2009-05-10 22:36:40 0 d-----w- C:\My Games
2009-05-10 22:36:40 0 d-----w- c:\docume~1\alluse~1\applic~1\RealArcade
2009-05-10 22:36:37 0 d-----w- c:\program files\Zylom Games
2009-05-10 22:36:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom
2009-05-10 22:35:27 0 d-----w- C:\users
2009-05-07 15:32:35 345600 ------w- c:\windows\system32\dllcache\localspl.dll
2009-05-05 03:09:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2009-05-05 03:08:48 0 d-----w- C:\GameHouse Games
2009-05-05 03:08:04 0 d-----w- c:\program files\RealArcade
2009-05-03 05:55:33 0 d-----w- c:\program files\ReflexiveArcade
2009-04-15 14:51:25 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-15 08:02:06 706048 ----a-w- c:\windows\system32\_000038_.tmp.dll
2009-04-15 08:02:06 35328 ----a-w- c:\windows\system32\sc.exe
2009-04-15 08:02:06 35328 ----a-w- c:\windows\system32\dllcache\sc.exe
2009-04-15 08:02:06 284160 ----a-w- c:\windows\system32\pdh.dll
2009-04-15 08:02:06 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-15 08:02:06 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-04-15 08:02:06 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-15 08:02:06 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-15 08:02:06 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-04-15 08:02:06 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-15 03:47:44 2560 ----a-w- c:\windows\system32\xpsp4res.dll
2009-04-15 03:47:44 215552 ----a-w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 03:47:44 1203922 ----a-w- c:\windows\system32\dllcache\sysmain.sdb
2009-03-21 14:06:58 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 19:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 19:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 19:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 19:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-02-13 03:20:42 5630 ------w- c:\windows\system32\IE8Eula.rtf
2009-02-03 19:59:07 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2009-02-01 02:19:19 0 d--h--w- c:\windows\PIF
2009-01-07 23:20:54 134144 ------w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 23:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-16 12:30:34 354816 ----a-w- c:\windows\system32\dllcache\winhttp.dll
2008-12-12 16:18:16 87336 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-12 16:11:46 61440 ----a-w- c:\windows\system32\dnssd.dll
2008-12-09 00:18:23 0 d-----w- C:\temp
2008-12-05 06:54:55 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2008-11-13 00:49:19 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 00:49:08 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2008-11-03 21:08:25 3247 ----a-w- c:\windows\system32\wbem\Outlook_01c93df84fdb2338.mof
2008-10-24 06:27:23 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 12:36:14 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 05:02:04 333952 ------w- c:\windows\system32\dllcache\srv.sys
2008-10-16 05:01:45 1850624 ------w- c:\windows\system32\dllcache\win32k.sys
2008-10-02 03:14:25 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2008-10-02 03:14:24 48128 ----a-w- c:\windows\system32\hpzll463.dll
2008-10-02 02:59:32 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2008-10-02 02:59:32 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2008-09-21 00:11:32 0 d-----w- c:\program files\LimeWire
2008-09-13 18:34:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2008-09-13 18:34:51 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2008-09-12 10:45:10 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-12 10:37:12 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2008-09-12 10:37:12 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2008-09-12 10:37:12 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2008-09-12 10:37:11 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll
2008-09-12 10:37:11 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2008-09-12 10:37:11 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2008-09-12 10:37:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2008-09-12 10:37:11 1241088 ----a-w- c:\windows\system32\dllcache\ieframe.dll.mui
2008-09-12 10:37:10 11069952 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2008-09-12 10:33:49 274288 ----a-w- c:\windows\system32\mucltui.dll
2008-09-12 10:33:49 215920 ----a-w- c:\windows\system32\muweb.dll
2008-09-12 10:33:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2008-09-11 22:08:58 32656 ----a-w- c:\windows\system32\msonpmon.dll
2008-09-11 22:03:32 0 d-----w- c:\windows\SHELLNEW
2008-09-11 21:55:09 0 ----a-w- c:\windows\vpc32.INI
2008-09-11 21:51:58 0 d-----w- c:\program files\Symantec
2008-09-11 21:43:02 0 d-----w- c:\windows\system32\appmgmt
2008-09-11 20:34:04 0 d-----w- c:\windows\system32\scripting
2008-09-11 20:34:04 0 d-----w- c:\windows\l2schemas
2008-09-11 20:34:03 0 d-----w- c:\windows\system32\en
2008-09-11 20:34:03 0 d-----w- c:\windows\system32\bits
2008-09-11 20:32:46 0 d-----w- c:\windows\ServicePackFiles
2008-09-11 20:31:13 0 d-----w- c:\windows\network diagnostic
2008-09-11 17:31:54 0 d-----w- c:\windows\system32\LogFiles
2008-09-11 16:58:01 0 d-----w- c:\program files\MSXML 4.0
2008-09-11 12:07:20 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2008-09-11 12:07:19 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-09-11 12:04:52 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2008-09-11 12:01:16 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2008-09-11 11:58:24 0 d-----w- c:\windows\system32\PreInstall
2008-09-11 11:58:07 0 d-sh--r- C:\cmdcons
2008-09-11 11:58:04 0 d-----w- c:\windows\setup.pss
2008-09-11 11:57:49 0 d-----w- c:\windows\setupupd
2008-09-11 11:56:47 1914 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RK581AA-ABA SR2038X NA680_YC_0Pres_QMXX640_E64NAemREA4_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L409_M959_J80_7AMD_8Athlon 64 X2 Dual Core_92_#080911_N_Z14F12F20_G10DE0241.MRK
2008-09-11 11:46:42 0 d-----w- c:\docume~1\compaq~1\applic~1\Intuit
2008-09-11 11:44:26 0 d-----w- c:\windows\system32\SoftwareDistribution
2008-09-11 11:43:21 184 ----a-w- c:\windows\system\hpsysdrv.DAT
2008-09-11 04:28:03 115880 ----a-w- c:\windows\system32\pxinsi64.exe
2008-09-11 04:28:03 114856 ----a-w- c:\windows\system32\pxcpyi64.exe
2008-09-11 04:27:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Digital Interactive Systems Corporation
2008-09-11 04:27:00 0 d-----w- c:\program files\DISC
2008-09-11 04:23:27 0 d-----w- c:\docume~1\alluse~1\applic~1\WildTangent
2008-09-11 04:23:22 0 d-----w- c:\program files\WildTangent
2008-09-11 04:22:14 108 ----a-w- c:\windows\WININIT.INI
2008-09-11 04:22:11 0 d-----w- c:\program files\common files\SureThing Shared
2008-09-11 04:21:45 0 d-----w- c:\program files\Sonic
2008-09-11 04:20:47 698 ----a-w- c:\windows\NSSetDefaultBrowser.ini
2008-09-11 04:20:47 45929 ----a-w- c:\windows\NSSetDefaultBrowser.EXE
2008-09-11 04:20:35 0 d-----w- c:\program files\Netscape
2008-09-11 04:20:34 8192 ----a-w- c:\windows\REGLOCS.OLD
2008-09-11 04:20:22 0 d-----w- c:\program files\music_now
2008-09-11 04:20:04 0 d-----w- c:\program files\common files\Real
2008-09-11 04:16:34 0 d-----w- c:\program files\common files\Sonic Shared
2008-09-11 04:16:09 0 d-----w- c:\program files\common files\HP
2008-09-11 04:15:54 0 d-----w- c:\program files\HP
2008-09-11 04:15:46 95822 ----a-w- c:\windows\hpqins69.dat
2008-09-11 04:12:30 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2008-09-11 04:12:08 0 d-----w- c:\program files\CONEXANT
2008-09-11 04:12:07 936448 ----a-w- c:\windows\system32\drivers\HSX_DP.sys
2008-09-11 04:12:07 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2008-09-11 04:12:07 670208 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2008-09-11 04:12:07 241664 ----a-w- c:\windows\system32\drivers\HSXHWBS2.sys
2008-09-11 04:12:07 141392 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2008-09-11 04:12:07 12544 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2008-09-11 04:12:07 114688 ----a-w- c:\windows\system32\UCI32103.dll
2008-09-11 04:10:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SBSI
2008-09-11 04:09:46 791 ----a-w- c:\windows\orun32.ini
2008-09-11 04:09:46 218245 ----a-w- c:\windows\orun32.isu
2008-09-11 04:09:44 306688 ----a-w- c:\windows\IsUninst.exe
2008-09-11 04:04:43 28672 ----a-w- c:\windows\system32\verclsid.exe
2008-09-11 03:59:13 0 d--h--w- c:\windows\$hf_mig$
2008-09-11 03:58:20 52736 ----a-w- c:\windows\system\hpsysdrv.exe
2008-09-11 03:56:21 786944 ----a-w- c:\windows\system32\RDBios32.dll
2008-09-11 03:56:21 532480 ----a-w- c:\windows\system32\cPC_DMIRD.dll
2008-09-11 03:56:08 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2008-09-11 03:52:35 0 d-----w- c:\windows\RegisteredPackages
2008-09-11 03:50:16 0 d-----w- c:\program files\GemMaster
2008-09-11 03:48:16 0 d-----w- c:\windows\system32\URTTemp
2008-09-11 03:02:08 61 ----a-w- c:\windows\smscfg.ini
2008-09-11 03:02:08 0 d-sh--w- c:\documents and settings\all users\DRM
2008-09-11 03:02:05 333 ----a-w- c:\windows\system32\$ncsp$.inf
2008-09-11 03:01:53 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2008-09-11 03:01:47 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2008-09-11 02:50:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2008-09-11 02:50:40 0 d-----w- c:\program files\common files\Symantec Shared
2008-09-11 02:46:43 0 d-----w- c:\program files\Yahoo!
2008-09-11 02:42:57 2238 ----a-w- c:\windows\system32\doc.ico
2008-09-11 02:42:28 0 d-----w- c:\program files\PC-Doctor for DOS
2008-09-11 02:42:27 28848 ----a-w- c:\windows\system32\drivers\USBkey.sys
2008-09-11 02:42:27 13440 ----a-w- c:\windows\system32\drivers\pcdrndisuio.sys
2008-09-11 02:39:04 29926 ----a-w- c:\windows\hsc.ico
2008-09-11 02:39:04 1077336 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2008-09-11 02:38:30 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2008-09-11 02:38:06 0 d-----w- c:\windows\HPCPCUninstall-5577497
2008-09-11 02:37:59 118842 ----a-r- c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
2008-09-11 02:37:57 0 d-----w- c:\program files\Compaq Connections
2008-09-11 02:37:44 0 d---a-w- c:\windows\system32\pcintro
2008-09-11 02:37:20 667896 ----a-w- c:\windows\unins000.exe
2008-09-11 02:37:20 1235 ----a-w- c:\windows\unins000.dat
2008-09-11 02:37:12 12988 ----a-w- c:\windows\system32\CHODDI.SYS
2008-09-11 02:37:11 19736 ----a-w- c:\windows\system32\oemlogo.bmp
2008-09-11 02:37:10 45056 ----a-w- c:\windows\system32\runclose.ocx
2008-09-11 02:37:09 40960 ----a-w- c:\windows\system32\omano.dll
2008-09-11 02:37:07 45056 ----a-w- c:\windows\system32\hpreg.dll
2008-09-11 02:33:58 1667072 ----a-w- c:\windows\system32\cdintf250.dll
2008-09-11 02:33:50 0 d-----w- c:\program files\common files\Palo Alto Software
2008-09-11 02:33:45 0 d-----w- c:\program files\common files\Intuit
2008-09-11 02:33:41 0 d-----w- c:\program files\Quicken
2008-09-11 02:33:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2008-09-11 02:33:39 174 ----a-w- c:\windows\QUICKEN.INI
2008-09-11 02:32:51 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll
2008-09-11 02:32:51 237568 ----a-w- c:\windows\system32\ShellvRTF.dll
2008-09-11 02:30:44 0 d-----w- c:\program files\MSN Encarta Standard
2008-09-11 02:30:12 0 d-----w- c:\program files\Microsoft Money 2006
2008-09-11 02:29:40 44544 ----a-w- c:\windows\system32\msxml4a.dll
2008-09-11 02:28:41 0 d---a-w- c:\program files\common files\LS Getting Started
2008-09-11 01:38:24 0 d-----w- c:\windows\I386
2008-09-11 01:36:13 0 d-----w- C:\Program Files
2008-09-11 01:36:12 0 d-----r- c:\documents and settings\all users\Documents
2008-09-11 01:19:13 0 d-----r- c:\windows\Offline Web Pages
2008-09-11 01:18:58 0 d-sh--r- c:\windows\system32\dllcache
2008-09-11 00:02:59 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2008-09-11 00:01:59 984 ----a-w- c:\windows\system32\dllcache\srframe.mmf
2008-09-10 23:59:55 83456 ----a-w- c:\windows\system32\dpvsetup.exe
2008-07-30 02:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 02:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 02:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 01:35:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-30 00:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-30 00:59:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-30 00:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-30 00:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 00:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-30 00:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-30 00:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-30 00:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 10:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 16:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 16:16:58 282112 ----a-w- c:\windows\system32\mscoree.dll
2008-07-25 16:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 16:16:46 96760 ----a-w- c:\windows\system32\dfshim.dll
2008-07-07 20:26:58 253952 ------w- c:\windows\system32\dllcache\es.dll
2008-06-26 08:15:30 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2008-06-26 08:15:29 1499136 ------w- c:\windows\system32\dllcache\shdocvw.dll
2008-06-24 16:43:16 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2008-06-23 15:09:27 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2008-06-23 15:09:27 5940736 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2008-06-20 17:46:57 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 17:46:57 147968 ------w- c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 11:51:12 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:40:08 138496 ------w- c:\windows\system32\dllcache\afd.sys
2008-06-20 11:08:27 225856 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-06-17 19:02:19 8461312 ------w- c:\windows\system32\dllcache\shell32.dll
2008-06-12 14:23:32 956928 ----a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23:32 956928 ----a-w- c:\windows\system32\dllcache\msdtctm.dll
2008-06-12 14:23:32 91648 ----a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23:32 91648 ----a-w- c:\windows\system32\dllcache\mtxoci.dll
2008-06-12 14:23:32 66560 ----a-w- c:\windows\system32\dllcache\mtxclu.dll
2008-06-12 14:23:32 58880 ----a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23:32 58880 ----a-w- c:\windows\system32\dllcache\msdtclog.dll
2008-06-12 14:23:32 428032 ----a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23:32 428032 ----a-w- c:\windows\system32\dllcache\msdtcprx.dll
2008-06-12 14:23:32 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23:32 161792 ----a-w- c:\windows\system32\dllcache\msdtcuiu.dll
2008-05-09 23:23:42 135168 ------w- c:\windows\system32\dllcache\wshom.ocx
2008-05-09 10:53:40 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2008-05-09 10:53:40 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2008-05-09 10:53:39 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2008-05-08 11:24:44 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2008-05-07 09:07:23 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2008-05-07 05:12:40 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
2007-08-13 23:54:10 759296 ----a-w- c:\windows\system32\dllcache\VGX.dll
2007-08-13 23:54:10 66560 ----a-w- c:\windows\system32\dllcache\mshtmled.dll
2007-08-13 23:54:10 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2007-08-13 23:54:10 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2007-08-13 23:54:10 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2007-08-13 23:54:10 236544 ----a-w- c:\windows\system32\dllcache\webcheck.dll
2007-08-13 23:54:10 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2007-08-13 23:54:10 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2007-08-13 23:45:10 1469440 ----a-w- c:\windows\system32\dllcache\inetcpl.cpl
2007-08-13 23:44:30 105984 ----a-w- c:\windows\system32\dllcache\url.dll
2007-08-13 23:44:26 193536 ----a-w- c:\windows\system32\dllcache\msrating.dll
2007-08-13 23:44:18 43008 ----a-w- c:\windows\system32\dllcache\licmgr10.dll
2007-08-13 23:44:06 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2007-08-13 23:44:02 69120 ------w- c:\windows\system32\dllcache\iedw.exe
2007-08-13 23:43:56 638816 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2007-08-13 23:42:54 18944 ----a-w- c:\windows\system32\dllcache\corpol.dll
2007-08-13 23:40:52 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
2007-08-13 23:39:54 229376 ----a-w- c:\windows\system32\dllcache\ieaksie.dll
2007-08-13 23:39:50 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2007-08-13 23:39:26 125952 ----a-w- c:\windows\system32\dllcache\ieakeng.dll
2007-08-13 23:39:20 72704 ----a-w- c:\windows\system32\dllcache\admparse.dll
2007-08-13 23:39:12 71680 ----a-w- c:\windows\system32\dllcache\iesetup.dll
2007-08-13 23:39:10 55808 ----a-w- c:\windows\system32\dllcache\iernonce.dll
2007-08-13 23:39:06 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2007-08-13 23:39:02 94720 ----a-w- c:\windows\system32\dllcache\inseng.dll
2007-08-13 23:39:00 128512 ----a-w- c:\windows\system32\dllcache\advpack.dll
2007-08-13 23:38:48 10240 ----a-w- c:\windows\system32\advpack.dll.mui
2007-08-13 23:38:04 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2007-08-13 23:36:12 46592 ----a-w- c:\windows\system32\dllcache\pngfilt.dll
2007-08-13 23:36:06 34816 ----a-w- c:\windows\system32\dllcache\imgutil.dll
2007-08-13 23:35:46 348160 ----a-w- c:\windows\system32\dllcache\dxtmsft.dll
2007-08-13 23:35:38 216064 ----a-w- c:\windows\system32\dllcache\dxtrans.dll
2007-08-13 23:32:30 45568 ----a-w- c:\windows\system32\dllcache\mshta.exe
2007-08-13 23:32:16 66560 ----a-w- c:\windows\system32\dllcache\tdc.ocx
2007-08-13 23:18:02 68608 ----a-w- c:\windows\system32\dllcache\hmmapi.dll
2007-08-13 23:01:12 48128 ----a-w- c:\windows\system32\dllcache\mshtmler.dll
2007-08-13 22:50:08 1638912 ----a-w- c:\windows\system32\dllcache\mshtml.tlb
2007-07-31 02:19:32 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2007-07-31 02:19:02 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2007-07-31 02:18:44 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2007-07-31 02:18:14 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2007-04-08 06:08:43 312847 ----a-w- c:\windows\system32\cdabbedb.dll
2006-10-26 19:10:06 33088 ----a-w- c:\windows\system32\FM20ENU.DLL
2006-10-26 18:45:04 293376 ----a-w- c:\windows\system32\WISPTIS.EXE
2006-10-26 18:45:04 207360 ----a-w- c:\windows\system32\INKED.DLL
2006-09-23 18:12:50 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2006-09-23 18:12:50 1022976 ------w- c:\windows\system32\dllcache\browseui.dll
2006-09-23 18:12:38 74715 ------w- c:\windows\system32\IE7Eula.rtf
2006-09-13 03:17:13 0 d---a-w- c:\windows\CREATOR
2006-09-13 03:17:09 94208 ----a-w- c:\windows\system32\pywintypes22.dll
2006-09-13 03:17:09 323584 ----a-w- c:\windows\system32\pythoncom22.dll
2006-09-01 13:44:04 8798 ----a-w- c:\windows\system32\icrav03.rat
2006-09-01 13:44:04 1988 ------w- c:\windows\system32\ticrf.rat
2006-08-24 21:15:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-07-24 15:50:40 47920 ----a-w- c:\windows\system32\VBAME.DLL
2006-07-24 15:50:40 39728 ----a-w- c:\windows\system32\SCP32.DLL
2006-07-24 15:50:38 125744 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2006-06-29 13:05:44 26112 ----a-w- c:\windows\system32\idndl.dll
2006-06-29 13:05:44 23552 ----a-w- c:\windows\system32\normaliz.dll
2006-06-28 22:59:26 24576 ----a-w- c:\windows\system32\nlsdl.dll
2006-06-16 18:58:18 0 ----a-w- c:\windows\system32\px.ini
2006-06-08 17:06:50 66384 ----a-w- c:\windows\system32\normnfkc.nls
2006-06-08 17:06:50 60294 ----a-w- c:\windows\system32\normnfkd.nls
2006-06-08 17:06:50 59342 ----a-w- c:\windows\system32\normidna.nls
2006-06-08 17:06:50 45794 ----a-w- c:\windows\system32\normnfc.nls
2006-06-08 17:06:50 39284 ----a-w- c:\windows\system32\normnfd.nls
2006-02-23 20:27:52 151552 ----a-w- c:\windows\system32\pxwma.dll
2006-01-26 20:56:24 802648 ----a-w- c:\windows\system32\SysCheck2.dll
2006-01-18 18:18:18 56656 ----a-w- c:\windows\system32\syschkvc.dll
2006-01-12 21:20:26 343216 ----a-w- c:\windows\system32\keyhelp.ocx
2006-01-12 21:20:22 1699913 ----a-w- c:\windows\system32\inetclnt.dll
2006-01-02 16:24:11 0 d-----w- c:\windows\system32\NtmsData
2006-01-02 16:18:10 40057 ----a-w- c:\windows\fs1235.dat
2006-01-02 16:15:36 92672 ----a-w- c:\windows\rdr_1136218535.exe
2006-01-02 16:15:35 2 ----a-w- c:\windows\0101120101465755.xxe
2006-01-02 16:15:27 39424 ----a-w- c:\windows\ld16.exe
2006-01-02 16:15:25 57344 ------w- c:\windows\freddy79.exe
2006-01-02 16:08:19 207888 ----a-w- c:\windows\system32\7e8928a6607cbcb306ba99400a61ce00.exe
2006-01-02 16:08:18 246288 ----a-w- c:\windows\system32\407b52b8c45d1f336e925c9d504a8176.exe
2006-01-02 16:08:18 207824 ----a-w- c:\windows\system32\3de168536a9719cb7409543a32570207.exe
2006-01-02 16:08:17 246224 ----a-w- c:\windows\system32\36fb029de7c41710f54c36884f81fb82.exe
2005-12-09 20:47:32 1645320 ----a-w- c:\windows\system32\gdiplus.dll

==================== Find3M ====================

2009-11-20 17:17:48 38400 ---h--w- c:\windows\pp12.exe
2009-11-20 17:17:32 59520 ----a-w- c:\windows\system32\drivers\fio32.sys
2009-11-20 17:17:32 50688 ----a-w- c:\windows\system32\fio32.dll
2009-11-20 17:17:18 51712 ----a-w- c:\windows\mstre24.exe
2009-11-20 17:17:15 58368 ----a-w- c:\windows\freddy75.exe
2009-11-20 17:17:02 43008 ----a-w- c:\windows\ld15.exe
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 09:17:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 13:21:25 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-07 00:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-07 00:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-07 00:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-07 00:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-07 00:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-07 00:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-07 00:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:05:44 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-31 16:05:44 1372672 ------w- c:\windows\system32\dllcache\msxml6.dll
2009-07-31 04:35:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-13 15:08:14 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 15:08:14 286720 ----a-w- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 15:08:12 5537792 ----a-w- c:\windows\system32\dllcache\wmp.dll
2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25:26 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25:26 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36:30 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31:40 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:19:38 2066432 ----a-w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 14:13:29 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 03:24:34 2330624 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2009-06-03 19:09:37 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 14:51:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 06:01:42 413544 ----a-w- c:\windows\system32\wmspdmod.dll
2009-04-10 06:01:42 413544 ----a-w- c:\windows\system32\dllcache\wmspdmod.dll
2009-03-08 09:34:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 09:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 09:33:06 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 09:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 09:32:52 163840 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 09:32:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 09:31:38 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 09:31:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 09:31:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 09:22:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-08 09:22:38 156160 ----a-w- c:\windows\system32\dllcache\msls31.dll
2009-03-06 14:22:18 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-02-09 12:10:48 714752 ------w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-09 12:10:48 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 11:11:05 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-02-06 10:10:02 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-06 10:10:02 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-01-07 23:21:00 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2008-12-11 10:57:09 333952 ----a-w- c:\windows\system32\drivers\srv.sys
2008-10-24 11:21:09 455296 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-08-15 01:25:08 181124 ----a-w- c:\windows\fonts\ARIALNI.TTF
2008-08-15 01:25:08 180740 ----a-w- c:\windows\fonts\ARIALNB.TTF
2008-08-15 01:25:08 180084 ----a-w- c:\windows\fonts\ARIALNBI.TTF
2008-08-15 01:25:08 175956 ----a-w- c:\windows\fonts\ARIALN.TTF
2008-08-14 10:04:36 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26:58 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 16:43:16 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46:57 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51:12 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08:27 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-12 14:23:32 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-11 08:58:16 988672 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-11 08:58:16 988672 ----a-w- c:\windows\system32\dllcache\WMNetmgr.dll
2008-06-11 08:47:52 96768 ----a-w- c:\windows\system32\logagent.exe
2008-06-11 08:47:52 96768 ----a-w- c:\windows\system32\dllcache\logagent.exe
2008-05-09 10:53:40 90112 ----a-w- c:\windows\system32\wshext.dll

============= FINISH: 12:33:58.42 ===============





ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2006/01/02 13:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: c92f8558a807c3625cf313ded9226232.sys
Image Path: c92f8558a807c3625cf313ded9226232.sys
Address: 0xF7620000 Size: 57344 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3575000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B28000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA163000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\c92f8558a807c3625cf313ded9226232.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\compaq_administrator\local settings\temp\~df40f9.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\compaq_administrator\local settings\temp\~df50b3.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\compaq_administrator\local settings\temp\~df6e25.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\compaq_administrator\local settings\temp\~df72ae.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\compaq_administrator\local settings\temp\~df7990.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Stealth Objects
-------------------
Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x094d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x09250000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x068e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x01da0000 Size: 73728

Object: Hidden Module [Name: psapi.dll]
Process: Explorer.EXE (PID: 608) Address: 0x00960000 Size: 40960

Object: Hidden Module [Name: psapi.dll]
Process: Explorer.EXE (PID: 608) Address: 0x00970000 Size: 40960

Object: Hidden Module [Name: psapi.dll]
Process: Explorer.EXE (PID: 608) Address: 0x00980000 Size: 40960

Object: Hidden Module [Name: psapi.dll]
Process: Explorer.EXE (PID: 608) Address: 0x01210000 Size: 40960

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x01dc0000 Size: 73728

Object: Hidden Module [Name: WebHelper.dll]
Process: Explorer.EXE (PID: 608) Address: 0x02d40000 Size: 212992

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x030c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x030e0000 Size: 73728

Object: Hidden Module [Name: shgina.dll]
Process: Explorer.EXE (PID: 608) Address: 0x032b0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x032d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x032f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03310000 Size: 73728

Object: Hidden Module [Name: WebHelper.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03450000 Size: 212992

Object: Hidden Module [Name: msvcrt40.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03790000 Size: 65536

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x062a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03910000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x038f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03850000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03880000 Size: 73728

Object: Hidden Module [Name: psapi.dll]
Process: Explorer.EXE (PID: 608) Address: 0x038a0000 Size: 40960

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x038d0000 Size: 73728

Object: Hidden Module [Name: wmasf.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03b00000 Size: 237568

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03950000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03ab0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03ad0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04d50000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x041e0000 Size: 73728

Object: Hidden Module [Name: audiodev.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03b90000 Size: 491520

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03b40000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03b60000 Size: 73728

Object: Hidden Module [Name: WMVCore.dll]
Process: Explorer.EXE (PID: 608) Address: 0x03c10000 Size: 2351104

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x042e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04240000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04200000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04220000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04280000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04260000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x042c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x042a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04360000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04320000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04300000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04340000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x043c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x043a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04380000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04400000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x043e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04440000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04420000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04480000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04460000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x044a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x044c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x044e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04500000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04520000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04540000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04560000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04580000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04c90000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04c70000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04cd0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04cb0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04d10000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04cf0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04d30000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05430000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05330000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x050d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04f10000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04e30000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04db0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04d90000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04d70000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04df0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04dd0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04e10000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04e90000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04e70000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04e50000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04ed0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04eb0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04ef0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04ff0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04f70000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04f50000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04f30000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04fb0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04f90000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x04fd0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05050000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05030000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05010000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05090000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05070000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x050b0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x051b0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05130000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05110000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x050f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05170000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05150000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05190000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05290000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05210000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x051f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x051d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05250000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05230000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05270000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x052f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x052d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x052b0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05310000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x053b0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05370000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05350000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05390000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x053f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x053d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05410000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05670000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x055b0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05510000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05490000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05470000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05450000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x054d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x054b0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x054f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05570000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05550000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05530000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05590000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05630000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x055f0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x055d0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05610000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05650000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05690000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05e20000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05bc0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05a00000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05920000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x058a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05880000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05860000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x058e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x058c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05900000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05980000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05960000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05940000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x059c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x059a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x059e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ae0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05a60000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05a40000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05a20000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05aa0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05a80000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ac0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05b40000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05b20000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05b00000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05b80000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05b60000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ba0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ca0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05c20000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05c00000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05be0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05c60000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05c40000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05c80000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05d80000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05d00000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ce0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05cc0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05d40000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05d20000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05d60000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05de0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05dc0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05da0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05e00000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06000000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05f20000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ea0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05e60000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05e40000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05e80000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ee0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05ec0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05f00000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05f80000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05f60000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05f40000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05fc0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05fa0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x05fe0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x060e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06060000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06040000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06020000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x060a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06080000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x060c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06140000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06120000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06100000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06160000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06280000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x066e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06500000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06380000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06300000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x062e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x062c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06340000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06320000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06360000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06460000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x063e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x063c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x063a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06420000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06400000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06440000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x064c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x064a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06480000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x064e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06600000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06580000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06540000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06520000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06560000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x065c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x065a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x065e0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06660000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06640000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06620000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x066a0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06680000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x066c0000 Size: 73728

Object: Hidden Module [Name: cabinet.dll]
Process: Explorer.EXE (PID: 608) Address: 0x06820000 Size: 737==EOF==


While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Attached Files


Edited by garmanma, 23 December 2009 - 05:54 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:52 AM

Posted 03 January 2010 - 06:06 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 MChris

MChris
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 07 January 2010 - 12:04 AM

After creating my initial posting, I cleaned up the PC enough to use it. I used RKill and Malwarebytes to clean it up and then I installed AVG free edition. I had to give the machine back that weekend because the owner lived 3 hours away and I was planning to be in that area that weekend.

I checked on that machine this past weekend and it seems to be ok, so far.

Thanks. :(

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:52 AM

Posted 08 January 2010 - 06:22 PM

Since this topic appears to be resolved, I will now close it. Thanks for letting us know. :(

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users