Winibluesoft trojan

April 17, 2009 at 18:58:44
Specs: Windows XP, 2 gb
This morning i got overwhelmed by popups saying i was under attack by a trojan and virusses. But then it said that i had to buy winibluesoft i tried a couple of anti-spyware programs like malware SUPERantispyware and ad-aware but nothing seems to help.is there something i can do about this other then reinstalling windows, my systems: windows xp home edition 2002 with sp2. i hope that someone can help as this is getting really annoying. And hello from a dutchman


See More: Winibluesoft trojan

Report •


#1
April 17, 2009 at 19:01:16
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
April 17, 2009 at 21:05:05
Well I got the hijackthis.log cause nothing got solved with the malware scan so maybe something else is going on cause it seems that winibluesoft is still there.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:57, on 4/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ICQ6Toolbar\ICQ Service.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
E:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
E:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
E:\Program Files\Cyberlink\Shared Files\brs.exe
E:\Program Files\Logitech\Gaming Software\LWEMon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\setup2.exe
E:\Program Files\SUPERAntiSpyware\f80b1966-7f47-4c2a-928b-37ce2e7e06e5.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Michael\Desktop\tools.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "E:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "E:\WINDOWS\system32\RUNDLL32.EXE" E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "E:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "E:\WINDOWS\system32\RUNDLL32.EXE" E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] "E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [RemoteControl8] "E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "E:\Program Files\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] "E:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [setup2.exe] E:\WINDOWS\system32\setup2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\f80b1966-7f47-4c2a-928b-37ce2e7e06e5.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Drive...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - E:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - E:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - E:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - E:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - E:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - E:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9906 bytes


Thanks for all the effort


Report •

#3
April 17, 2009 at 21:35:39
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your Norton antivirus, Ad-Aware and any other antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.


Report •

Related Solutions

#4
April 18, 2009 at 06:06:08
Well i ran combofix and this what it came up with.

Combolog.txt:

ComboFix 09-04-18.05 - Michael 04/18/2009 6:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1609 [GMT -6:00]
Running from: e:\documents and settings\Michael\Desktop\toolb.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system\msvbvm60.dll
e:\windows\system32\404Fix.exe
e:\windows\system32\Agent.OMZ.Fix.exe
e:\windows\system32\dumphive.exe
e:\windows\system32\IEDFix.C.exe
e:\windows\system32\IEDFix.exe
e:\windows\system32\o4Patch.exe
e:\windows\system32\Process.exe
e:\windows\system32\SrchSTS.exe
e:\windows\system32\tmp.reg
e:\windows\system32\VACFix.exe
e:\windows\system32\VCCLSID.exe
e:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-12-28 06:51 . 2009-12-28 06:51 8470 ----a-w e:\windows\system32\546ddownlz9der1843.cpl
2009-12-27 06:16 . 2009-12-27 06:16 10570 ----a-w e:\windows\system32\5934vir1z.bin
2009-12-26 20:00 . 2009-12-26 20:00 14065 ----a-w e:\windows\system32\18608not-a5zirus3519.ocx
2009-12-24 19:52 . 2009-12-24 19:52 7045 ----a-w e:\windows\system32\9z675orm555.dll
2009-12-24 14:56 . 2009-12-24 14:56 10318 ----a-w e:\windows\system32\59z2wormc5.cpl
2009-12-20 06:01 . 2009-12-20 06:01 5165 ----a-w e:\windows\system32\359estea9z76.cpl
2009-12-18 23:04 . 2009-12-18 23:04 4950 ----a-w e:\windows\system32\246z2no5-9-virus520.exe
2009-12-18 08:02 . 2009-12-18 08:02 3126 ----a-w e:\windows\system32\28z14not-9-viru5f1.bin
2009-12-17 04:26 . 2009-12-17 04:26 8002 ----a-w e:\windows\system32\345fs9arze135.ocx
2009-12-15 20:32 . 2009-12-15 20:32 13757 ----a-w e:\windows\system32\97zf5ackdoor503.cpl
2009-12-13 11:43 . 2009-12-13 11:43 11660 ----a-w e:\windows\system32\23597spzmbot3509.exe
2009-12-12 22:03 . 2009-12-12 22:03 11275 ----a-w e:\windows\system32\4229th5zat31505.cpl
2009-12-12 00:45 . 2009-12-12 00:45 17348 ----a-w e:\windows\system32\9903not-a-5zrus3e5.exe
2009-12-09 02:31 . 2009-12-09 02:31 10577 ----a-w e:\windows\system32\12z6w95m479.bin
2009-11-24 11:48 . 2009-11-24 11:48 4801 ----a-w e:\windows\system32\d9b9hr5az2164.cpl
2009-11-24 00:59 . 2009-11-24 00:59 15183 ----a-w e:\windows\system32\1169stzal652.ocx
2009-11-21 18:41 . 2009-11-21 18:41 3849 ----a-w e:\windows\system32\z256tro9427.bin
2009-11-20 02:22 . 2009-11-20 02:22 11327 ----a-w e:\windows\system32\20z55not-a-vir95301.exe
2009-11-18 07:26 . 2009-11-18 07:26 4620 ----a-w e:\windows\system32\25843hacktoolz5d9.cpl
2009-11-17 14:44 . 2009-11-17 14:44 18407 ----a-w e:\windows\system32\629dz5a9se368.cpl
2009-11-12 15:55 . 2009-11-12 15:55 9927 ----a-w e:\windows\system32\5937steaz15905.dll
2009-11-12 13:48 . 2009-11-12 13:48 17331 ----a-w e:\windows\system32\73c79ownloaderz5885.exe
2009-11-09 17:50 . 2009-11-09 17:50 13115 ----a-w e:\windows\system32\12157spyz89.exe
2009-11-08 08:35 . 2009-11-08 08:35 14547 ----a-w e:\windows\system32\92872wzrm4ca5.exe
2009-11-07 17:28 . 2009-11-07 17:28 12203 ----a-w e:\windows\system32\5253virusb9z.cpl
2009-11-03 09:43 . 2009-11-03 09:43 17662 ----a-w e:\windows\system32\3f84s5ywar9z417.bin
2009-11-01 19:53 . 2009-11-01 19:53 10759 ----a-w e:\windows\system32\z6502w9rm26e.bin
2009-10-28 03:35 . 2009-10-28 03:35 4599 ----a-w e:\windows\system32\7a18szarse3955.bin
2009-10-27 19:47 . 2009-10-27 19:47 2714 ----a-w e:\windows\system32\65ddth5ef19z9.ocx
2009-10-25 09:19 . 2009-10-25 09:19 16670 ----a-w e:\windows\system32\25e4thief2z94.ocx
2009-10-22 12:38 . 2009-10-22 12:38 13451 ----a-w e:\windows\system32\29089n5t9a-virus51bz.exe
2009-10-17 15:38 . 2009-10-17 15:38 12696 ----a-w e:\windows\system32\19z98not-a-vi5us113.ocx
2009-10-17 13:17 . 2009-10-17 13:17 2855 ----a-w e:\windows\system32\5ae159iez1065.ocx
2009-10-15 19:22 . 2009-10-15 19:22 17176 ----a-w e:\windows\system32\2f159irz088.bin
2009-10-12 03:31 . 2009-10-12 03:31 17042 ----a-w e:\windows\system32\499zvirus255.bin
2009-10-11 12:47 . 2009-10-11 12:47 17033 ----a-w e:\windows\system32\5e5backdoo9285z.exe
2009-10-11 03:39 . 2009-10-11 03:39 6541 ----a-w e:\windows\system32\242cth5eat29116z.exe
2009-10-10 07:13 . 2009-10-10 07:13 3212 ----a-w e:\windows\system32\51616spzmbot699.bin
2009-10-08 21:11 . 2009-10-08 21:11 5374 ----a-w e:\windows\system32\16678hackto9l25z.bin
2009-10-06 03:25 . 2009-10-06 03:25 10828 ----a-w e:\windows\system32\7564tzief2925.bin
2009-10-02 12:41 . 2009-10-02 12:41 14723 ----a-w e:\windows\system32\53762hacktzol22d9.dll
2009-09-26 07:09 . 2009-09-26 07:09 15084 ----a-w e:\windows\system32\557w9rz51c.ocx
2009-09-25 19:56 . 2009-09-25 19:56 5859 ----a-w e:\windows\system32\c58thzeat9193.ocx
2009-09-25 06:43 . 2009-09-25 06:43 3415 ----a-w e:\windows\system32\8543troj22z9.cpl
2009-09-23 04:45 . 2009-09-23 04:45 18326 ----a-w e:\windows\system32\77e45t9zl361.bin
2009-09-23 03:10 . 2009-09-23 03:10 7181 ----a-w e:\windows\system32\9545pamzot41e9.cpl
2009-09-18 05:35 . 2009-09-18 05:35 3897 ----a-w e:\windows\system32\19z1spam5ot3da.exe
2009-09-17 11:36 . 2009-09-17 11:36 6206 ----a-w e:\windows\system32\48d1thi9f59z.cpl
2009-09-16 12:54 . 2009-09-16 12:54 17992 ----a-w e:\windows\system32\449steaz8165.bin
2009-09-16 09:18 . 2009-09-16 09:18 6526 ----a-w e:\windows\system32\10869zormf5.exe
2009-09-14 09:56 . 2009-09-14 09:56 4748 ----a-w e:\windows\system32\3034z9irus275.ocx
2009-09-06 19:04 . 2009-09-06 19:04 15068 ----a-w e:\windows\system32\4592zir901.bin
2009-09-05 16:10 . 2009-09-05 16:10 7517 ----a-w e:\windows\system32\25a2zpars9596.ocx
2009-09-03 06:08 . 2009-09-03 06:08 16803 ----a-w e:\windows\system32\5cb9sp9waze864.exe
2009-09-01 08:20 . 2009-09-01 08:20 12436 ----a-w e:\windows\system32\355239acktzol730.dll
2009-09-01 04:33 . 2009-09-01 04:33 15129 ----a-w e:\windows\system32\21559not-a-v5r9s1a8z.dll
2009-08-21 11:21 . 2009-08-21 11:21 5082 ----a-w e:\windows\system32\905abackdozr1500.cpl
2009-08-16 13:31 . 2009-08-16 13:31 9493 ----a-w e:\windows\system32\4z49spyware3543.dll
2009-08-15 14:41 . 2009-08-15 14:41 6084 ----a-w e:\windows\system32\1817hack5ool69z9.dll
2009-08-14 20:21 . 2009-08-14 20:21 7594 ----a-w e:\windows\system32\2b589irz399.bin
2009-08-12 22:53 . 2009-08-12 22:53 5999 ----a-w e:\windows\system32\2532zp5ware659.dll
2009-08-12 01:48 . 2009-08-12 01:48 8305 ----a-w e:\windows\system32\952wzrm1e0.exe
2009-07-23 02:15 . 2009-07-23 02:15 10353 ----a-w e:\windows\system32\23d3downloader1595z.exe
2009-07-22 02:52 . 2009-07-22 02:52 14703 ----a-w e:\windows\system32\5365ddza9e55.dll
2009-07-18 22:17 . 2009-07-18 22:17 8656 ----a-w e:\windows\system32\255cs9yware105z.bin
2009-07-17 04:28 . 2009-07-17 04:28 13099 ----a-w e:\windows\system32\299305py629z.dll
2009-07-16 18:56 . 2009-07-16 18:56 10221 ----a-w e:\windows\system32\19z1thief2514.ocx
2009-07-15 22:56 . 2009-07-15 22:56 6062 ----a-w e:\windows\system32\7z9eb5ckdoor3040.bin
2009-07-13 18:52 . 2009-07-13 18:52 4371 ----a-w e:\windows\system32\z7359hackt5ol102.exe
2009-07-12 16:37 . 2009-07-12 16:37 18011 ----a-w e:\windows\system32\18297zorm597.dll
2009-07-10 03:19 . 2009-07-10 03:19 4832 ----a-w e:\windows\system32\2556zn5t-a-virus719.bin
2009-07-09 05:51 . 2009-07-09 05:51 4466 ----a-w e:\windows\system32\5615notza-virus9c9.ocx
2009-07-08 03:01 . 2009-07-08 03:01 7310 ----a-w e:\windows\system32\z6316spambot5959.ocx
2009-07-02 19:14 . 2009-07-02 19:14 14591 ----a-w e:\windows\system32\7za3sp5r9e2555.bin
2009-07-01 23:56 . 2009-07-01 23:56 8094 ----a-w e:\windows\system32\2781z5or944d.bin
2009-06-25 12:40 . 2009-06-25 12:40 12225 ----a-w e:\windows\system32\4067sp9mb5t3zf.cpl
2009-06-25 11:28 . 2009-06-25 11:28 14407 ----a-w e:\windows\system32\5e25vi9z497.exe
2009-06-25 02:40 . 2009-06-25 02:40 11529 ----a-w e:\windows\system32\1c59t5ief1z79.ocx
2009-06-24 08:55 . 2009-06-24 08:55 3037 ----a-w e:\windows\system32\6ab0sp9rse553z.exe
2009-06-24 02:38 . 2009-06-24 02:38 9750 ----a-w e:\windows\system32\15358w9rm3z4.exe
2009-06-23 00:49 . 2009-06-23 00:49 5740 ----a-w e:\windows\system32\289z7not-5-virus580.cpl
2009-06-22 05:44 . 2009-06-22 05:44 5761 ----a-w e:\windows\system32\25z0vir17789.bin
2009-06-18 16:08 . 2009-06-18 16:08 3822 ----a-w e:\windows\system32\6eathrea532z379.exe
2009-06-18 06:25 . 2009-06-18 06:25 7540 ----a-w e:\windows\system32\zc0downlo9der5810.exe
2009-06-11 13:40 . 2009-06-11 13:40 17688 ----a-w e:\windows\system32\29318nzt-a-5irus1de.dll
2009-06-10 05:06 . 2009-06-10 05:06 14688 ----a-w e:\windows\system32\11z67ha5kto9l380.bin
2009-06-07 04:35 . 2009-06-07 04:35 5000 ----a-w e:\windows\system32\2z759ddware1680.dll
2009-06-06 05:56 . 2009-06-06 05:56 15557 ----a-w e:\windows\system32\66z2sp59se2782.bin
2009-06-01 21:01 . 2009-06-01 21:01 14709 ----a-w e:\windows\system32\3aa9th5ef932z.bin
2009-05-26 15:15 . 2009-05-26 15:15 16673 ----a-w e:\windows\system32\5za5steal2958.ocx
2009-05-24 21:52 . 2009-05-24 21:52 10604 ----a-w e:\windows\system32\86369roj599z.exe
2009-05-24 18:13 . 2009-05-24 18:13 11249 ----a-w e:\windows\system32\6595bazkdoo52753.cpl
2009-05-21 02:58 . 2009-05-21 02:58 4659 ----a-w e:\windows\system32\63f5s9yware16z4.ocx
2009-05-18 18:29 . 2009-05-18 18:29 8579 ----a-w e:\windows\system32\e07ad5wa9z864.cpl
2009-05-18 13:33 . 2009-05-18 13:33 17653 ----a-w e:\windows\system32\1533zparse9571.ocx
2009-05-18 11:43 . 2009-05-18 11:43 18157 ----a-w e:\windows\system32\z9261tro915a.exe
2009-05-17 10:42 . 2009-05-17 10:42 7744 ----a-w e:\windows\system32\549zvir1672.exe
2009-05-15 12:44 . 2009-05-15 12:44 9127 ----a-w e:\windows\system32\4z4s5arse1579.ocx
2009-05-12 23:52 . 2009-05-12 23:52 8602 ----a-w e:\windows\system32\6781dozn5oader1289.cpl
2009-05-12 04:00 . 2009-05-12 04:00 16910 ----a-w e:\windows\system32\579spyw5rz357.cpl
2009-05-10 12:07 . 2009-05-10 12:07 8251 ----a-w e:\windows\system32\18020v5r9s5b4z.bin
2009-05-07 20:44 . 2009-05-07 20:44 11253 ----a-w e:\windows\system32\1c9athr5az13845.cpl
2009-04-28 03:30 . 2009-04-28 03:30 10527 ----a-w e:\windows\system32\552eaddwar92z7.ocx
2009-04-23 16:54 . 2009-04-23 16:54 7172 ----a-w e:\windows\system32\15713worm49dz.ocx
2009-04-23 04:31 . 2009-04-23 04:31 15169 ----a-w e:\windows\system32\53f4spz9are2641.exe
2009-04-22 18:51 . 2009-04-22 18:51 6229 ----a-w e:\windows\system32\3z785hackto9l49d.cpl
2009-04-21 08:09 . 2009-04-21 08:09 12603 ----a-w e:\windows\system32\5616szam95t39.dll
2009-04-19 07:28 . 2009-04-19 07:28 2616 ----a-w e:\windows\system32\2548zviru97fa.exe
2009-04-18 21:36 . 2009-04-18 21:36 5515 ----a-w e:\windows\system32\7129bzckdoor567.exe
2009-04-18 13:05 . 2009-04-18 13:05 12288 ----a-w e:\windows\system32\1855zparse8469.dll
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\system32\MSVBVM60.DLL
2009-04-18 02:21 . 2009-04-06 21:32 15504 ----a-w e:\windows\system32\drivers\mbam.sys
2009-04-18 02:21 . 2009-04-06 21:32 38496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\system32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\system32\drivers\Lbd.sys
2009-04-18 01:18 . 2009-04-18 01:18 -------- dc-h--w e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 01:18 . 2009-04-18 01:19 -------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\system32\MRT.INI
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\system32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\system32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\system32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\system32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 723456 -c----w e:\windows\system32\dllcache\lsasrv.dll
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\system32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\system32\dllcache\wmiprvsd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 02:33 . 2009-04-18 02:32 5432 ----a-w E:\rapport.txt
2009-04-18 02:24 . 2009-04-17 17:33 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-18 02:05 . 2009-02-27 02:47 -------- d-----w e:\program files\rFactor
2009-04-18 01:18 . 2009-04-18 01:18 -------- d-----w e:\program files\Lavasoft
2009-04-17 22:32 . 2009-01-03 17:41 -------- d-----w e:\documents and settings\Michael\Application Data\Azureus
2009-04-17 20:44 . 2009-04-17 18:36 -------- d-----w e:\program files\SUPERAntiSpyware
2009-04-17 20:11 . 2009-04-11 14:08 -------- d-----w e:\program files\WinStars2
2009-04-17 20:11 . 2009-04-03 13:40 -------- d-----w e:\program files\TVPCElite
2009-04-17 20:10 . 2009-04-03 12:59 -------- d-----w e:\program files\SatelliteTVforPC
2009-04-17 18:36 . 2009-01-03 17:03 -------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\program files\Norton AntiVirus 2009
2009-04-17 16:27 . 2009-04-17 16:27 -------- d-----w e:\program files\Sunbelt Software
2009-04-17 16:24 . 2009-04-17 13:26 -------- d-----w e:\program files\BitDefender
2009-04-17 15:06 . 2009-01-03 17:40 -------- d-----w e:\program files\Vuze
2009-04-17 14:08 . 2009-04-17 14:07 216532 ----a-w E:\coreuninstall.log
2009-04-15 11:05 . 2009-02-07 03:01 -------- d-----w e:\program files\Polygon Cruncher
2009-04-14 00:47 . 2009-04-14 00:47 -------- d-----w e:\program files\DVD-Cloner Platinum
2009-04-12 20:02 . 2009-01-03 18:32 -------- d-----w e:\documents and settings\Michael\Application Data\GrabIt
2009-04-12 15:37 . 2009-01-03 17:41 46824 ----a-w e:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 03:36 . 2009-01-03 19:22 -------- d-----w e:\program files\Common Files\Autodesk Shared
2009-04-12 03:35 . 2009-01-03 19:23 -------- d-----w e:\program files\Autodesk
2009-04-03 21:03 . 2009-04-03 21:03 -------- d-----w e:\program files\GOPlayer
2009-04-03 12:18 . 2009-03-10 00:32 -------- d-----w e:\program files\Java
2009-03-27 16:09 . 2009-01-26 02:51 -------- d-----w e:\program files\ZaZ Gp4 tools
2009-03-27 15:57 . 2009-01-21 04:07 -------- d-----w e:\program files\ZModeler
2009-03-25 06:12 . 2009-01-07 05:15 -------- d-----w e:\program files\iTunes
2009-03-25 06:11 . 2009-03-25 06:11 -------- d-----w e:\program files\iPod
2009-03-25 06:11 . 2009-01-07 05:14 -------- d-----w e:\program files\Common Files\Apple
2009-03-25 06:10 . 2009-01-07 05:15 -------- d-----w e:\program files\Bonjour
2009-03-25 06:10 . 2009-03-25 06:09 -------- d-----w e:\program files\QuickTime
2009-03-14 13:57 . 2009-03-14 13:57 -------- d-----w e:\program files\ESET
2009-03-13 15:13 . 2009-03-13 15:13 11312 ----a-w e:\windows\system32\26552zpamb5t19e.dll
2009-03-13 14:41 . 2009-03-13 14:41 -------- d-----w e:\documents and settings\Michael\Application Data\ESET
2009-03-13 14:40 . 2009-01-03 18:46 -------- d-----w e:\documents and settings\All Users\Application Data\ESET
2009-03-13 14:10 . 2009-01-24 17:39 -------- d-----w e:\program files\ICQ6.5
2009-03-09 11:19 . 2009-03-10 00:32 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-07 04:57 . 2009-03-07 04:57 7614 ----a-w e:\windows\system32\33hack9ool3cz5.bin
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w e:\windows\system32\pdh.dll
2009-03-06 05:59 . 2009-01-07 05:14 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-05 05:47 . 2009-03-05 05:47 6497 ----a-w e:\windows\system32\488bviz11995.bin
2009-03-03 00:18 . 2002-08-29 12:00 826368 ----a-w e:\windows\system32\wininet.dll
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Common Files\Logitech
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Logitech
2009-03-02 00:17 . 2009-03-02 00:17 15054 ----a-w e:\windows\system32\63cavir905z.bin
2009-02-23 23:42 . 2009-02-23 23:42 10271 ----a-w e:\windows\system32\d599ddwarez326.exe
2009-02-23 04:01 . 2009-02-23 04:01 -------- d-----w e:\documents and settings\Michael\Application Data\GlobalSCAPE
2009-02-23 03:59 . 2009-02-23 03:59 -------- d-----w e:\program files\GlobalSCAPE
2009-02-23 03:59 . 2009-01-03 17:32 -------- d--h--w e:\program files\InstallShield Installation Information
2009-02-22 04:36 . 2009-02-22 04:34 -------- d-----w e:\program files\Ultimate Unwrap3D
2009-02-20 18:09 . 2009-01-03 17:59 78336 ----a-w e:\windows\system32\ieencode.dll
2009-02-14 22:16 . 2009-02-14 22:16 14749 ----a-w e:\windows\system32\2f745hi9z2373.dll
2009-02-10 03:38 . 2009-02-10 03:38 2558 ----a-w e:\windows\system32\153fa5zw9re2362.exe
2009-02-09 10:20 . 2002-08-29 12:00 723456 ----a-w e:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 12:00 399360 ----a-w e:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 12:00 714752 ----a-w e:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 12:00 616960 ----a-w e:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w e:\windows\system32\win32k.sys
2009-02-06 17:22 . 2002-08-29 12:00 2136064 ----a-w e:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 12:00 110592 ----a-w e:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 12:00 35328 ----a-w e:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w e:\windows\system32\ntkrnlpa.exe
2009-02-06 07:06 . 2009-02-06 07:06 11554 ----a-w e:\windows\system32\6965spazbot50e.bin
2009-02-03 20:08 . 2002-08-29 12:00 55808 ----a-w e:\windows\system32\secur32.dll
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\system32\nvRegDev.dll
2009-01-23 02:26 . 2009-01-23 02:26 146120 ----a-w e:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-08-14 01:2008-08-14 01:02 02:10 . e:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"setup2.exe"="e:\windows\system32\setup2.exe" [2009-04-17 634368]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\f80b1966-7f47-4c2a-928b-37ce2e7e06e5.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="e:\windows\system32\nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="e:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="e:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="e:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Start WingMan Profiler"="e:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-18 515416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Shareaza\\Shareaza.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 .EsetTrialReset;Eset Trial Reset;e:\windows\system32\regedt32.exe [2002-08-29 3584]
R2 .norton2009Reset;Norton 2009 Reset;e:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-04-17 281625]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-18 951632]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2009-04-18 64160]
S1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-02 00:24 41456]
S2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:19]

2009-04-17 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-18 e:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]

2009-01-22 e:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\e4nbsux2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ad.nl/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\program files\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 06:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
e:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
e:\windows\system32\antiwpa.dll
.
Completion time: 2009-04-18 6:55
ComboFix-quarantined-files.txt 2009-04-18 12:54

Pre-Run: 15,755,419,648 bytes free
Post-Run: 16,449,277,952 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(2)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

334 --- E O F --- 2009-04-18 12:32


Thanks again for all the effort i really appreciate it.


Report •

#5
April 18, 2009 at 07:13:51
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
e:\windows\system32\546ddownlz9der1843.cpl
e:\windows\system32\5934vir1z.bin
e:\windows\system32\18608not-a5zirus3519.ocx
e:\windows\system32\9z675orm555.dll
e:\windows\system32\59z2wormc5.cpl
e:\windows\system32\359estea9z76.cpl
e:\windows\system32\246z2no5-9-virus520.exe
e:\windows\system32\28z14not-9-viru5f1.bin
e:\windows\system32\345fs9arze135.ocx
e:\windows\system32\97zf5ackdoor503.cpl
e:\windows\system32\23597spzmbot3509.exe
e:\windows\system32\4229th5zat31505.cpl
e:\windows\system32\9903not-a-5zrus3e5.exe
e:\windows\system32\12z6w95m479.bin
e:\windows\system32\d9b9hr5az2164.cpl
e:\windows\system32\1169stzal652.ocx
e:\windows\system32\z256tro9427.bin
e:\windows\system32\20z55not-a-vir95301.exe
e:\windows\system32\25843hacktoolz5d9.cpl
e:\windows\system32\629dz5a9se368.cpl
e:\windows\system32\5937steaz15905.dll
e:\windows\system32\73c79ownloaderz5885.exe
e:\windows\system32\12157spyz89.exe
e:\windows\system32\92872wzrm4ca5.exe
e:\windows\system32\5253virusb9z.cpl
e:\windows\system32\3f84s5ywar9z417.bin
e:\windows\system32\z6502w9rm26e.bin
e:\windows\system32\7a18szarse3955.bin
e:\windows\system32\65ddth5ef19z9.ocx
e:\windows\system32\25e4thief2z94.ocx
e:\windows\system32\29089n5t9a-virus51bz.exe
e:\windows\system32\19z98not-a-vi5us113.ocx
e:\windows\system32\5ae159iez1065.ocx
e:\windows\system32\2f159irz088.bin
e:\windows\system32\499zvirus255.bin
e:\windows\system32\5e5backdoo9285z.exe
e:\windows\system32\242cth5eat29116z.exe
e:\windows\system32\51616spzmbot699.bin
e:\windows\system32\16678hackto9l25z.bin
e:\windows\system32\7564tzief2925.bin
e:\windows\system32\53762hacktzol22d9.dll
e:\windows\system32\557w9rz51c.ocx
e:\windows\system32\c58thzeat9193.ocx
e:\windows\system32\8543troj22z9.cpl
e:\windows\system32\77e45t9zl361.bin
e:\windows\system32\9545pamzot41e9.cpl
e:\windows\system32\19z1spam5ot3da.exe
e:\windows\system32\48d1thi9f59z.cpl
e:\windows\system32\449steaz8165.bin
e:\windows\system32\10869zormf5.exe
e:\windows\system32\3034z9irus275.ocx
e:\windows\system32\4592zir901.bin
e:\windows\system32\25a2zpars9596.ocx
e:\windows\system32\5cb9sp9waze864.exe
e:\windows\system32\355239acktzol730.dll
e:\windows\system32\21559not-a-v5r9s1a8z.dll
e:\windows\system32\905abackdozr1500.cpl
e:\windows\system32\4z49spyware3543.dll
e:\windows\system32\1817hack5ool69z9.dll
e:\windows\system32\2b589irz399.bin
e:\windows\system32\2532zp5ware659.dll
e:\windows\system32\952wzrm1e0.exe
e:\windows\system32\23d3downloader1595z.exe
e:\windows\system32\5365ddza9e55.dll
e:\windows\system32\255cs9yware105z.bin
e:\windows\system32\299305py629z.dll
e:\windows\system32\19z1thief2514.ocx
e:\windows\system32\7z9eb5ckdoor3040.bin
e:\windows\system32\z7359hackt5ol102.exe
e:\windows\system32\18297zorm597.dll
e:\windows\system32\2556zn5t-a-virus719.bin
e:\windows\system32\5615notza-virus9c9.ocx
e:\windows\system32\z6316spambot5959.ocx
e:\windows\system32\7za3sp5r9e2555.bin
e:\windows\system32\2781z5or944d.bin
e:\windows\system32\4067sp9mb5t3zf.cpl
e:\windows\system32\5e25vi9z497.exe
e:\windows\system32\1c59t5ief1z79.ocx
e:\windows\system32\6ab0sp9rse553z.exe
e:\windows\system32\15358w9rm3z4.exe
e:\windows\system32\289z7not-5-virus580.cpl
e:\windows\system32\25z0vir17789.bin
e:\windows\system32\6eathrea532z379.exe
e:\windows\system32\zc0downlo9der5810.exe
e:\windows\system32\29318nzt-a-5irus1de.dll
e:\windows\system32\11z67ha5kto9l380.bin
e:\windows\system32\2z759ddware1680.dll
e:\windows\system32\66z2sp59se2782.bin
e:\windows\system32\3aa9th5ef932z.bin
e:\windows\system32\5za5steal2958.ocx
e:\windows\system32\86369roj599z.exe
e:\windows\system32\6595bazkdoo52753.cpl
e:\windows\system32\63f5s9yware16z4.ocx
e:\windows\system32\e07ad5wa9z864.cpl
e:\windows\system32\1533zparse9571.ocx
e:\windows\system32\z9261tro915a.exe
e:\windows\system32\549zvir1672.exe
e:\windows\system32\4z4s5arse1579.ocx
e:\windows\system32\6781dozn5oader1289.cpl
e:\windows\system32\579spyw5rz357.cpl
e:\windows\system32\18020v5r9s5b4z.bin
e:\windows\system32\1c9athr5az13845.cpl
e:\windows\system32\552eaddwar92z7.ocx
e:\windows\system32\15713worm49dz.ocx
e:\windows\system32\53f4spz9are2641.exe
e:\windows\system32\3z785hackto9l49d.cpl
e:\windows\system32\5616szam95t39.dll
e:\windows\system32\2548zviru97fa.exe
e:\windows\system32\7129bzckdoor567.exe
e:\windows\system32\1855zparse8469.dll
e:\windows\system32\26552zpamb5t19e.dll
e:\windows\system32\33hack9ool3cz5.bin
e:\windows\system32\488bviz11995.bin
e:\windows\system32\63cavir905z.bin
e:\windows\system32\d599ddwarez326.exe
e:\windows\system32\2f745hi9z2373.dll
e:\windows\system32\153fa5zw9re2362.exe
e:\windows\system32\6965spazbot50e.bin

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Post a new Combofix log following the previous directions.


Report •

#6
April 18, 2009 at 08:22:16
This is the next combofix text. it sure is getting annoying still having those popups.


ComboFix 09-04-18.05 - Michael 04/18/2009 8:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1173 [GMT -6:00]
Running from: e:\documents and settings\Michael\Desktop\toolb.exe
Command switches used :: e:\documents and settings\Michael\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated)
FW: ESET Persoonlijke firewall *disabled*
* Created a new restore point

FILE ::
e:\windows\system32\10869zormf5.exe
e:\windows\system32\1169stzal652.ocx
e:\windows\system32\11z67ha5kto9l380.bin
e:\windows\system32\12157spyz89.exe
e:\windows\system32\12z6w95m479.bin
e:\windows\system32\1533zparse9571.ocx
e:\windows\system32\15358w9rm3z4.exe
e:\windows\system32\153fa5zw9re2362.exe
e:\windows\system32\15713worm49dz.ocx
e:\windows\system32\16678hackto9l25z.bin
e:\windows\system32\18020v5r9s5b4z.bin
e:\windows\system32\1817hack5ool69z9.dll
e:\windows\system32\18297zorm597.dll
e:\windows\system32\1855zparse8469.dll
e:\windows\system32\18608not-a5zirus3519.ocx
e:\windows\system32\19z1spam5ot3da.exe
e:\windows\system32\19z1thief2514.ocx
e:\windows\system32\19z98not-a-vi5us113.ocx
e:\windows\system32\1c59t5ief1z79.ocx
e:\windows\system32\1c9athr5az13845.cpl
e:\windows\system32\20z55not-a-vir95301.exe
e:\windows\system32\21559not-a-v5r9s1a8z.dll
e:\windows\system32\23597spzmbot3509.exe
e:\windows\system32\23d3downloader1595z.exe
e:\windows\system32\242cth5eat29116z.exe
e:\windows\system32\246z2no5-9-virus520.exe
e:\windows\system32\2532zp5ware659.dll
e:\windows\system32\2548zviru97fa.exe
e:\windows\system32\2556zn5t-a-virus719.bin
e:\windows\system32\255cs9yware105z.bin
e:\windows\system32\25843hacktoolz5d9.cpl
e:\windows\system32\25a2zpars9596.ocx
e:\windows\system32\25e4thief2z94.ocx
e:\windows\system32\25z0vir17789.bin
e:\windows\system32\26552zpamb5t19e.dll
e:\windows\system32\2781z5or944d.bin
e:\windows\system32\289z7not-5-virus580.cpl
e:\windows\system32\28z14not-9-viru5f1.bin
e:\windows\system32\29089n5t9a-virus51bz.exe
e:\windows\system32\29318nzt-a-5irus1de.dll
e:\windows\system32\299305py629z.dll
e:\windows\system32\2b589irz399.bin
e:\windows\system32\2f159irz088.bin
e:\windows\system32\2f745hi9z2373.dll
e:\windows\system32\2z759ddware1680.dll
e:\windows\system32\3034z9irus275.ocx
e:\windows\system32\33hack9ool3cz5.bin
e:\windows\system32\345fs9arze135.ocx
e:\windows\system32\355239acktzol730.dll
e:\windows\system32\359estea9z76.cpl
e:\windows\system32\3aa9th5ef932z.bin
e:\windows\system32\3f84s5ywar9z417.bin
e:\windows\system32\3z785hackto9l49d.cpl
e:\windows\system32\4067sp9mb5t3zf.cpl
e:\windows\system32\4229th5zat31505.cpl
e:\windows\system32\449steaz8165.bin
e:\windows\system32\4592zir901.bin
e:\windows\system32\488bviz11995.bin
e:\windows\system32\48d1thi9f59z.cpl
e:\windows\system32\499zvirus255.bin
e:\windows\system32\4z49spyware3543.dll
e:\windows\system32\4z4s5arse1579.ocx
e:\windows\system32\51616spzmbot699.bin
e:\windows\system32\5253virusb9z.cpl
e:\windows\system32\5365ddza9e55.dll
e:\windows\system32\53762hacktzol22d9.dll
e:\windows\system32\53f4spz9are2641.exe
e:\windows\system32\546ddownlz9der1843.cpl
e:\windows\system32\549zvir1672.exe
e:\windows\system32\552eaddwar92z7.ocx
e:\windows\system32\557w9rz51c.ocx
e:\windows\system32\5615notza-virus9c9.ocx
e:\windows\system32\5616szam95t39.dll
e:\windows\system32\579spyw5rz357.cpl
e:\windows\system32\5934vir1z.bin
e:\windows\system32\5937steaz15905.dll
e:\windows\system32\59z2wormc5.cpl
e:\windows\system32\5ae159iez1065.ocx
e:\windows\system32\5cb9sp9waze864.exe
e:\windows\system32\5e25vi9z497.exe
e:\windows\system32\5e5backdoo9285z.exe
e:\windows\system32\5za5steal2958.ocx
e:\windows\system32\629dz5a9se368.cpl
e:\windows\system32\63cavir905z.bin
e:\windows\system32\63f5s9yware16z4.ocx
e:\windows\system32\6595bazkdoo52753.cpl
e:\windows\system32\65ddth5ef19z9.ocx
e:\windows\system32\66z2sp59se2782.bin
e:\windows\system32\6781dozn5oader1289.cpl
e:\windows\system32\6965spazbot50e.bin
e:\windows\system32\6ab0sp9rse553z.exe
e:\windows\system32\6eathrea532z379.exe
e:\windows\system32\7129bzckdoor567.exe
e:\windows\system32\73c79ownloaderz5885.exe
e:\windows\system32\7564tzief2925.bin
e:\windows\system32\77e45t9zl361.bin
e:\windows\system32\7a18szarse3955.bin
e:\windows\system32\7z9eb5ckdoor3040.bin
e:\windows\system32\7za3sp5r9e2555.bin
e:\windows\system32\8543troj22z9.cpl
e:\windows\system32\86369roj599z.exe
e:\windows\system32\905abackdozr1500.cpl
e:\windows\system32\92872wzrm4ca5.exe
e:\windows\system32\952wzrm1e0.exe
e:\windows\system32\9545pamzot41e9.cpl
e:\windows\system32\97zf5ackdoor503.cpl
e:\windows\system32\9903not-a-5zrus3e5.exe
e:\windows\system32\9z675orm555.dll
e:\windows\system32\c58thzeat9193.ocx
e:\windows\system32\d599ddwarez326.exe
e:\windows\system32\d9b9hr5az2164.cpl
e:\windows\system32\e07ad5wa9z864.cpl
e:\windows\system32\z256tro9427.bin
e:\windows\system32\z6316spambot5959.ocx
e:\windows\system32\z6502w9rm26e.bin
e:\windows\system32\z7359hackt5ol102.exe
e:\windows\system32\z9261tro915a.exe
e:\windows\system32\zc0downlo9der5810.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\10869zormf5.exe
e:\windows\system32\1169stzal652.ocx
e:\windows\system32\11z67ha5kto9l380.bin
e:\windows\system32\12157spyz89.exe
e:\windows\system32\12z6w95m479.bin
e:\windows\system32\1533zparse9571.ocx
e:\windows\system32\15358w9rm3z4.exe
e:\windows\system32\153fa5zw9re2362.exe
e:\windows\system32\15713worm49dz.ocx
e:\windows\system32\16678hackto9l25z.bin
e:\windows\system32\18020v5r9s5b4z.bin
e:\windows\system32\1817hack5ool69z9.dll
e:\windows\system32\18297zorm597.dll
e:\windows\system32\1855zparse8469.dll
e:\windows\system32\18608not-a5zirus3519.ocx
e:\windows\system32\19z1spam5ot3da.exe
e:\windows\system32\19z1thief2514.ocx
e:\windows\system32\19z98not-a-vi5us113.ocx
e:\windows\system32\1c59t5ief1z79.ocx
e:\windows\system32\1c9athr5az13845.cpl
e:\windows\system32\20z55not-a-vir95301.exe
e:\windows\system32\21559not-a-v5r9s1a8z.dll
e:\windows\system32\23597spzmbot3509.exe
e:\windows\system32\23d3downloader1595z.exe
e:\windows\system32\242cth5eat29116z.exe
e:\windows\system32\246z2no5-9-virus520.exe
e:\windows\system32\2532zp5ware659.dll
e:\windows\system32\2548zviru97fa.exe
e:\windows\system32\2556zn5t-a-virus719.bin
e:\windows\system32\255cs9yware105z.bin
e:\windows\system32\25843hacktoolz5d9.cpl
e:\windows\system32\25a2zpars9596.ocx
e:\windows\system32\25e4thief2z94.ocx
e:\windows\system32\25z0vir17789.bin
e:\windows\system32\26552zpamb5t19e.dll
e:\windows\system32\2781z5or944d.bin
e:\windows\system32\289z7not-5-virus580.cpl
e:\windows\system32\28z14not-9-viru5f1.bin
e:\windows\system32\29089n5t9a-virus51bz.exe
e:\windows\system32\29318nzt-a-5irus1de.dll
e:\windows\system32\299305py629z.dll
e:\windows\system32\2b589irz399.bin
e:\windows\system32\2f159irz088.bin
e:\windows\system32\2f745hi9z2373.dll
e:\windows\system32\2z759ddware1680.dll
e:\windows\system32\3034z9irus275.ocx
e:\windows\system32\33hack9ool3cz5.bin
e:\windows\system32\345fs9arze135.ocx
e:\windows\system32\355239acktzol730.dll
e:\windows\system32\359estea9z76.cpl
e:\windows\system32\3aa9th5ef932z.bin
e:\windows\system32\3f84s5ywar9z417.bin
e:\windows\system32\3z785hackto9l49d.cpl
e:\windows\system32\4067sp9mb5t3zf.cpl
e:\windows\system32\4229th5zat31505.cpl
e:\windows\system32\449steaz8165.bin
e:\windows\system32\4592zir901.bin
e:\windows\system32\488bviz11995.bin
e:\windows\system32\48d1thi9f59z.cpl
e:\windows\system32\499zvirus255.bin
e:\windows\system32\4z49spyware3543.dll
e:\windows\system32\4z4s5arse1579.ocx
e:\windows\system32\51616spzmbot699.bin
e:\windows\system32\5253virusb9z.cpl
e:\windows\system32\5365ddza9e55.dll
e:\windows\system32\53762hacktzol22d9.dll
e:\windows\system32\53f4spz9are2641.exe
e:\windows\system32\546ddownlz9der1843.cpl
e:\windows\system32\549zvir1672.exe
e:\windows\system32\552eaddwar92z7.ocx
e:\windows\system32\557w9rz51c.ocx
e:\windows\system32\5615notza-virus9c9.ocx
e:\windows\system32\5616szam95t39.dll
e:\windows\system32\579spyw5rz357.cpl
e:\windows\system32\5934vir1z.bin
e:\windows\system32\5937steaz15905.dll
e:\windows\system32\59z2wormc5.cpl
e:\windows\system32\5ae159iez1065.ocx
e:\windows\system32\5cb9sp9waze864.exe
e:\windows\system32\5e25vi9z497.exe
e:\windows\system32\5e5backdoo9285z.exe
e:\windows\system32\5za5steal2958.ocx
e:\windows\system32\629dz5a9se368.cpl
e:\windows\system32\63cavir905z.bin
e:\windows\system32\63f5s9yware16z4.ocx
e:\windows\system32\6595bazkdoo52753.cpl
e:\windows\system32\65ddth5ef19z9.ocx
e:\windows\system32\66z2sp59se2782.bin
e:\windows\system32\6781dozn5oader1289.cpl
e:\windows\system32\6965spazbot50e.bin
e:\windows\system32\6ab0sp9rse553z.exe
e:\windows\system32\6eathrea532z379.exe
e:\windows\system32\7129bzckdoor567.exe
e:\windows\system32\73c79ownloaderz5885.exe
e:\windows\system32\7564tzief2925.bin
e:\windows\system32\77e45t9zl361.bin
e:\windows\system32\7a18szarse3955.bin
e:\windows\system32\7z9eb5ckdoor3040.bin
e:\windows\system32\7za3sp5r9e2555.bin
e:\windows\system32\8543troj22z9.cpl
e:\windows\system32\86369roj599z.exe
e:\windows\system32\905abackdozr1500.cpl
e:\windows\system32\92872wzrm4ca5.exe
e:\windows\system32\952wzrm1e0.exe
e:\windows\system32\9545pamzot41e9.cpl
e:\windows\system32\97zf5ackdoor503.cpl
e:\windows\system32\9903not-a-5zrus3e5.exe
e:\windows\system32\9z675orm555.dll
e:\windows\system32\c58thzeat9193.ocx
e:\windows\system32\d599ddwarez326.exe
e:\windows\system32\d9b9hr5az2164.cpl
e:\windows\system32\e07ad5wa9z864.cpl
e:\windows\system32\z256tro9427.bin
e:\windows\system32\z6316spambot5959.ocx
e:\windows\system32\z6502w9rm26e.bin
e:\windows\system32\z7359hackt5ol102.exe
e:\windows\system32\z9261tro915a.exe
e:\windows\system32\zc0downlo9der5810.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 12:46 . 2009-04-18 12:46 -------- d-----w E:\[u]0[/u]0000082
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\system32\MSVBVM60.DLL
2009-04-18 02:21 . 2009-04-06 21:32 15504 ----a-w e:\windows\system32\drivers\mbam.sys
2009-04-18 02:21 . 2009-04-06 21:32 38496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\system32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\system32\drivers\Lbd.sys
2009-04-18 01:18 . 2009-04-18 01:18 -------- dc-h--w e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 01:18 . 2009-04-18 01:19 -------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\system32\MRT.INI
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\system32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\system32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\system32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\system32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 723456 -c----w e:\windows\system32\dllcache\lsasrv.dll
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\system32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 22:33 . 2009-02-06 16:39 227840 -c----w e:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 22:33 . 2009-02-09 10:20 616960 -c----w e:\windows\system32\dllcache\advapi32.dll
2009-04-17 22:33 . 2009-02-09 10:20 714752 -c----w e:\windows\system32\dllcache\ntdll.dll
2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-17 20:34 . 2003-05-25 10:11 60416 ----a-w e:\windows\system32\antiwpa.dll
2009-04-17 20:09 . 2009-04-17 20:25 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-17 18:59 . 2008-10-19 03:42 332672 ----a-w e:\windows\system32\wgatray.exe.bak
2009-04-17 18:44 . 2009-04-17 18:44 -------- d-----w e:\documents and settings\Michael\Application Data\Malwarebytes
2009-04-17 18:36 . 2009-04-17 18:36 -------- d-----w e:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2009-04-17 17:33 . 2009-04-17 17:33 -------- d-----w e:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 17:21 . 2009-04-17 17:21 -------- d-----w e:\documents and settings\Michael\Local Settings\Application Data\Symantec
2009-04-17 17:15 . 2009-04-17 17:15 -------- d-----w e:\documents and settings\All Users\Application Data\Symantec
2009-04-17 17:14 . 2009-04-18 12:46 -------- d-----w e:\documents and settings\All Users\Application Data\Norton
2009-04-17 17:13 . 2009-04-17 17:13 -------- d-----w e:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\windows\Norton AntiVirus 2009
2009-04-17 16:37 . 2008-09-12 17:12 69168 ----a-w e:\windows\system32\drivers\sbapifs.sys
2009-04-17 16:37 . 2008-09-12 17:12 13360 ----a-w e:\windows\system32\drivers\sbaphd.sys
2009-04-17 16:32 . 2009-04-17 16:32 -------- d-----w e:\documents and settings\Michael\Application Data\Sunbelt
2009-04-17 16:29 . 2009-04-17 16:29 -------- d-----w e:\documents and settings\All Users\Application Data\Sunbelt
2009-04-17 16:27 . 2008-10-09 16:21 202928 ----a-w e:\windows\system32\drivers\sbtis.sys
2009-04-17 15:29 . 2009-04-17 17:44 -------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2009-04-17 13:27 . 2009-04-17 13:27 -------- d-----w e:\windows\system32\logs
2009-04-17 13:25 . 2009-04-17 13:25 -------- d-----w e:\windows\system32\URTTEMP
2009-04-17 07:30 . 2009-04-17 07:30 8431 ----a-w e:\windows\system32\533z0ha9ktool1f.bin
2009-04-16 18:46 . 2009-04-16 18:46 12441 ----a-w e:\windows\system32\1155spazse990.exe
2009-04-15 12:34 . 2009-04-15 12:34 3032 ----a-w e:\windows\system32\9z44spars52228.cpl
2009-04-15 00:15 . 2009-04-15 00:15 8272 ----a-w e:\windows\system32\19758spy5z8.ocx
2009-04-14 00:47 . 2007-08-27 23:08 58 ----a-w e:\windows\system32\msadio.dll
2009-04-12 13:53 . 2009-04-12 13:53 18088 ----a-w e:\windows\system32\7819backdoor18z05.ocx
2009-04-12 03:32 . 2005-05-26 21:34 2297552 ----a-w e:\windows\system32\d3dx9_26.dll
2009-04-11 14:13 . 2009-04-11 14:13 -------- d-----w e:\documents and settings\Michael\Application Data\Stellarium
2009-04-05 17:22 . 2009-04-05 17:22 3752 ----a-w e:\windows\system32\2794back5oor323z.bin
2009-04-05 02:16 . 2009-04-05 02:16 16424 ----a-w e:\windows\system32\2z693tro5546.exe
2009-04-04 15:36 . 2009-04-04 15:36 6297 ----a-w e:\windows\system32\9bc35ddware1157z.ocx
2009-04-03 12:59 . 2009-04-17 20:10 -------- d-----w e:\windows\uninstall
2009-03-25 06:11 . 2009-03-25 06:12 -------- d-----w e:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 06:08 . 2009-03-06 05:59 1900544 ----a-w e:\windows\system32\usbaaplrc.dll
2009-03-23 09:26 . 2009-03-23 09:26 13806 ----a-w e:\windows\system32\5697h9ckt5ol23az.dll
2009-03-22 17:43 . 2009-03-22 17:43 7857 ----a-w e:\windows\system32\15550not-azv9rus1de.exe
2009-03-21 14:18 . 2009-03-21 14:18 986112 -c----w e:\windows\system32\dllcache\kernel32.dll
2009-03-20 11:22 . 2009-03-20 11:22 10910 ----a-w e:\windows\system32\3a23zp5rs91658.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 14:50 . 2009-01-03 17:41 -------- d-----w e:\documents and settings\Michael\Application Data\Azureus
2009-04-18 13:00 . 2009-01-03 17:03 -------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-04-18 13:00 . 2009-04-17 18:36 -------- d-----w e:\program files\SUPERAntiSpyware
2009-04-18 02:33 . 2009-04-18 02:32 5432 ----a-w E:\rapport.txt
2009-04-18 02:24 . 2009-04-17 17:33 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-18 02:05 . 2009-02-27 02:47 -------- d-----w e:\program files\rFactor
2009-04-18 01:18 . 2009-04-18 01:18 -------- d-----w e:\program files\Lavasoft
2009-04-17 20:11 . 2009-04-11 14:08 -------- d-----w e:\program files\WinStars2
2009-04-17 20:11 . 2009-04-03 13:40 -------- d-----w e:\program files\TVPCElite
2009-04-17 20:10 . 2009-04-03 12:59 -------- d-----w e:\program files\SatelliteTVforPC
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\program files\Norton AntiVirus 2009
2009-04-17 16:27 . 2009-04-17 16:27 -------- d-----w e:\program files\Sunbelt Software
2009-04-17 16:24 . 2009-04-17 13:26 -------- d-----w e:\program files\BitDefender
2009-04-17 15:06 . 2009-01-03 17:40 -------- d-----w e:\program files\Vuze
2009-04-17 14:08 . 2009-04-17 14:07 216532 ----a-w E:\coreuninstall.log
2009-04-15 11:05 . 2009-02-07 03:01 -------- d-----w e:\program files\Polygon Cruncher
2009-04-14 00:47 . 2009-04-14 00:47 -------- d-----w e:\program files\DVD-Cloner Platinum
2009-04-12 20:02 . 2009-01-03 18:32 -------- d-----w e:\documents and settings\Michael\Application Data\GrabIt
2009-04-12 15:37 . 2009-01-03 17:41 46824 ----a-w e:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 03:36 . 2009-01-03 19:22 -------- d-----w e:\program files\Common Files\Autodesk Shared
2009-04-12 03:35 . 2009-01-03 19:23 -------- d-----w e:\program files\Autodesk
2009-04-03 21:03 . 2009-04-03 21:03 -------- d-----w e:\program files\GOPlayer
2009-04-03 12:18 . 2009-03-10 00:32 -------- d-----w e:\program files\Java
2009-03-27 16:09 . 2009-01-26 02:51 -------- d-----w e:\program files\ZaZ Gp4 tools
2009-03-27 15:57 . 2009-01-21 04:07 -------- d-----w e:\program files\ZModeler
2009-03-25 06:12 . 2009-01-07 05:15 -------- d-----w e:\program files\iTunes
2009-03-25 06:11 . 2009-03-25 06:11 -------- d-----w e:\program files\iPod
2009-03-25 06:11 . 2009-01-07 05:14 -------- d-----w e:\program files\Common Files\Apple
2009-03-25 06:10 . 2009-01-07 05:15 -------- d-----w e:\program files\Bonjour
2009-03-25 06:10 . 2009-03-25 06:09 -------- d-----w e:\program files\QuickTime
2009-03-14 13:57 . 2009-03-14 13:57 -------- d-----w e:\program files\ESET
2009-03-13 14:41 . 2009-03-13 14:41 -------- d-----w e:\documents and settings\Michael\Application Data\ESET
2009-03-13 14:40 . 2009-01-03 18:46 -------- d-----w e:\documents and settings\All Users\Application Data\ESET
2009-03-13 14:10 . 2009-01-24 17:39 -------- d-----w e:\program files\ICQ6.5
2009-03-09 11:19 . 2009-03-10 00:32 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w e:\windows\system32\pdh.dll
2009-03-06 05:59 . 2009-01-07 05:14 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2002-08-29 12:00 826368 ----a-w e:\windows\system32\wininet.dll
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Common Files\Logitech
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Logitech
2009-02-23 04:01 . 2009-02-23 04:01 -------- d-----w e:\documents and settings\Michael\Application Data\GlobalSCAPE
2009-02-23 03:59 . 2009-02-23 03:59 -------- d-----w e:\program files\GlobalSCAPE
2009-02-23 03:59 . 2009-01-03 17:32 -------- d--h--w e:\program files\InstallShield Installation Information
2009-02-22 04:36 . 2009-02-22 04:34 -------- d-----w e:\program files\Ultimate Unwrap3D
2009-02-20 18:09 . 2009-01-03 17:59 78336 ----a-w e:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2002-08-29 12:00 723456 ----a-w e:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 12:00 399360 ----a-w e:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 12:00 714752 ----a-w e:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 12:00 616960 ----a-w e:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w e:\windows\system32\win32k.sys
2009-02-06 17:22 . 2002-08-29 12:00 2136064 ----a-w e:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 12:00 110592 ----a-w e:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 12:00 35328 ----a-w e:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w e:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 12:00 55808 ----a-w e:\windows\system32\secur32.dll
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\system32\nvRegDev.dll
2009-01-23 02:26 . 2009-01-23 02:26 146120 ----a-w e:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-08-14 01:2008-08-14 01:02 02:10 . e:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_12.53.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 02:53 . 2008-10-25 02:53 54280 e:\windows\system32\drivers\epfwtdi.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 31240 e:\windows\system32\drivers\epfwndis.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 73224 e:\windows\system32\drivers\epfw.sys
+ 2008-10-25 02:46 . 2008-10-25 02:46 53256 e:\windows\system32\drivers\easdrv.sys
+ 2008-10-25 02:45 . 2008-10-25 02:45 39944 e:\windows\system32\drivers\eamon.sys
- 2009-04-13 13:02 . 2009-04-13 13:02 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-04-13 13:02 . 2009-04-18 13:11 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 10134 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\callmsi.exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 140544 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\egui.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"setup2.exe"="e:\windows\system32\setup2.exe" [2009-04-17 634368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="e:\windows\system32\nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="e:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="e:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="e:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Start WingMan Profiler"="e:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-18 515416]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-25 1451264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Shareaza\\Shareaza.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 .EsetTrialReset;Eset Trial Reset;e:\windows\system32\regedt32.exe [2002-08-29 3584]
R2 .norton2009Reset;Norton 2009 Reset;e:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-04-17 281625]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-02 00:24 41456]
R2 ekrn;Eset Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-25 468224]
R2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-18 951632]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2009-04-18 64160]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:19]

2009-04-17 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-18 e:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]

2009-01-22 e:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\e4nbsux2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ad.nl/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\program files\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 09:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
Completion time: 2009-04-18 9:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 15:10
ComboFix2.txt 2009-04-18 12:55

Pre-Run: 16,304,672,768 bytes free
Post-Run: 16,332,804,096 bytes free

479 --- E O F --- 2009-04-18 12:32


Thank you again jabuck


Report •

#7
April 18, 2009 at 08:43:38
You have a heavily infected computer.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
e:\windows\system32\antiwpa.dll
e:\windows\system32\533z0ha9ktool1f.bin
e:\windows\system32\1155spazse990.exe
e:\windows\system32\9z44spars52228.cpl
e:\windows\system32\19758spy5z8.ocx
e:\windows\system32\7819backdoor18z05.ocx
e:\windows\system32\2794back5oor323z.bin
e:\windows\system32\2z693tro5546.exe
e:\windows\system32\9bc35ddware1157z.ocx
e:\windows\system32\5697h9ckt5ol23az.dll
e:\windows\system32\15550not-azv9rus1de.exe
e:\windows\system32\3a23zp5rs91658.dll

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Post a new Combofix log following the previous directions.


Report •

#8
April 18, 2009 at 15:07:30
ok.you must be getting sick by it now and i am sorry for that but it seems that it still not solved here is the combofix.txt


ComboFix 09-04-19.01 - Michael 04/18/2009 15:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1486 [GMT -6:00]
Running from: e:\documents and settings\Michael\Desktop\toolb.exe
Command switches used :: e:\documents and settings\Michael\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated)
FW: ESET Persoonlijke firewall *disabled*
* Created a new restore point
* Resident AV is active


FILE ::
e:\windows\system32\1155spazse990.exe
e:\windows\system32\15550not-azv9rus1de.exe
e:\windows\system32\19758spy5z8.ocx
e:\windows\system32\2794back5oor323z.bin
e:\windows\system32\2z693tro5546.exe
e:\windows\system32\3a23zp5rs91658.dll
e:\windows\system32\533z0ha9ktool1f.bin
e:\windows\system32\5697h9ckt5ol23az.dll
e:\windows\system32\7819backdoor18z05.ocx
e:\windows\system32\9bc35ddware1157z.ocx
e:\windows\system32\9z44spars52228.cpl
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\1155spazse990.exe
e:\windows\system32\15550not-azv9rus1de.exe
e:\windows\system32\19758spy5z8.ocx
e:\windows\system32\2794back5oor323z.bin
e:\windows\system32\2z693tro5546.exe
e:\windows\system32\3a23zp5rs91658.dll
e:\windows\system32\533z0ha9ktool1f.bin
e:\windows\system32\5697h9ckt5ol23az.dll
e:\windows\system32\7819backdoor18z05.ocx
e:\windows\system32\9bc35ddware1157z.ocx
e:\windows\system32\9z44spars52228.cpl

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 15:12 . 2003-05-25 10:11 60416 ----a-w e:\windows\system32\antiwpa.dll
2009-04-18 12:46 . 2009-04-18 12:46 -------- d-----w E:\[u]0[/u]0000082
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\system32\MSVBVM60.DLL
2009-04-18 02:21 . 2009-04-06 21:32 15504 ----a-w e:\windows\system32\drivers\mbam.sys
2009-04-18 02:21 . 2009-04-06 21:32 38496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\system32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\system32\drivers\Lbd.sys
2009-04-18 01:18 . 2009-04-18 01:18 -------- dc-h--w e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 01:18 . 2009-04-18 01:19 -------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\system32\MRT.INI
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\system32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\system32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\system32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\system32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 723456 -c----w e:\windows\system32\dllcache\lsasrv.dll
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\system32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 22:33 . 2009-02-06 16:39 227840 -c----w e:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 22:33 . 2009-02-09 10:20 616960 -c----w e:\windows\system32\dllcache\advapi32.dll
2009-04-17 22:33 . 2009-02-09 10:20 714752 -c----w e:\windows\system32\dllcache\ntdll.dll
2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-17 20:09 . 2009-04-17 20:25 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-17 18:59 . 2008-10-19 03:42 332672 ----a-w e:\windows\system32\wgatray.exe.bak
2009-04-17 18:44 . 2009-04-17 18:44 -------- d-----w e:\documents and settings\Michael\Application Data\Malwarebytes
2009-04-17 18:36 . 2009-04-17 18:36 -------- d-----w e:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2009-04-17 17:33 . 2009-04-17 17:33 -------- d-----w e:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 17:21 . 2009-04-17 17:21 -------- d-----w e:\documents and settings\Michael\Local Settings\Application Data\Symantec
2009-04-17 17:15 . 2009-04-17 17:15 -------- d-----w e:\documents and settings\All Users\Application Data\Symantec
2009-04-17 17:14 . 2009-04-18 12:46 -------- d-----w e:\documents and settings\All Users\Application Data\Norton
2009-04-17 17:13 . 2009-04-17 17:13 -------- d-----w e:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\windows\Norton AntiVirus 2009
2009-04-17 16:37 . 2008-09-12 17:12 69168 ----a-w e:\windows\system32\drivers\sbapifs.sys
2009-04-17 16:37 . 2008-09-12 17:12 13360 ----a-w e:\windows\system32\drivers\sbaphd.sys
2009-04-17 16:32 . 2009-04-17 16:32 -------- d-----w e:\documents and settings\Michael\Application Data\Sunbelt
2009-04-17 16:29 . 2009-04-17 16:29 -------- d-----w e:\documents and settings\All Users\Application Data\Sunbelt
2009-04-17 16:27 . 2008-10-09 16:21 202928 ----a-w e:\windows\system32\drivers\sbtis.sys
2009-04-17 15:29 . 2009-04-17 17:44 -------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2009-04-17 13:27 . 2009-04-17 13:27 -------- d-----w e:\windows\system32\logs
2009-04-17 13:25 . 2009-04-17 13:25 -------- d-----w e:\windows\system32\URTTEMP
2009-04-14 00:47 . 2007-08-27 23:08 58 ----a-w e:\windows\system32\msadio.dll
2009-04-12 03:32 . 2005-05-26 21:34 2297552 ----a-w e:\windows\system32\d3dx9_26.dll
2009-04-11 14:13 . 2009-04-11 14:13 -------- d-----w e:\documents and settings\Michael\Application Data\Stellarium
2009-04-03 12:59 . 2009-04-17 20:10 -------- d-----w e:\windows\uninstall
2009-03-25 06:11 . 2009-03-25 06:12 -------- d-----w e:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 06:08 . 2009-03-06 05:59 1900544 ----a-w e:\windows\system32\usbaaplrc.dll
2009-03-21 14:18 . 2009-03-21 14:18 986112 -c----w e:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 15:29 . 2009-01-03 17:41 -------- d-----w e:\documents and settings\Michael\Application Data\Azureus
2009-04-18 13:00 . 2009-01-03 17:03 -------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-04-18 13:00 . 2009-04-17 18:36 -------- d-----w e:\program files\SUPERAntiSpyware
2009-04-18 02:33 . 2009-04-18 02:32 5432 ----a-w E:\rapport.txt
2009-04-18 02:24 . 2009-04-17 17:33 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-18 02:05 . 2009-02-27 02:47 -------- d-----w e:\program files\rFactor
2009-04-18 01:18 . 2009-04-18 01:18 -------- d-----w e:\program files\Lavasoft
2009-04-17 20:11 . 2009-04-11 14:08 -------- d-----w e:\program files\WinStars2
2009-04-17 20:11 . 2009-04-03 13:40 -------- d-----w e:\program files\TVPCElite
2009-04-17 20:10 . 2009-04-03 12:59 -------- d-----w e:\program files\SatelliteTVforPC
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\program files\Norton AntiVirus 2009
2009-04-17 16:27 . 2009-04-17 16:27 -------- d-----w e:\program files\Sunbelt Software
2009-04-17 16:24 . 2009-04-17 13:26 -------- d-----w e:\program files\BitDefender
2009-04-17 15:06 . 2009-01-03 17:40 -------- d-----w e:\program files\Vuze
2009-04-17 14:08 . 2009-04-17 14:07 216532 ----a-w E:\coreuninstall.log
2009-04-15 11:05 . 2009-02-07 03:01 -------- d-----w e:\program files\Polygon Cruncher
2009-04-14 00:47 . 2009-04-14 00:47 -------- d-----w e:\program files\DVD-Cloner Platinum
2009-04-12 20:02 . 2009-01-03 18:32 -------- d-----w e:\documents and settings\Michael\Application Data\GrabIt
2009-04-12 15:37 . 2009-01-03 17:41 46824 ----a-w e:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 03:36 . 2009-01-03 19:22 -------- d-----w e:\program files\Common Files\Autodesk Shared
2009-04-12 03:35 . 2009-01-03 19:23 -------- d-----w e:\program files\Autodesk
2009-04-03 21:03 . 2009-04-03 21:03 -------- d-----w e:\program files\GOPlayer
2009-04-03 12:18 . 2009-03-10 00:32 -------- d-----w e:\program files\Java
2009-03-27 16:09 . 2009-01-26 02:51 -------- d-----w e:\program files\ZaZ Gp4 tools
2009-03-27 15:57 . 2009-01-21 04:07 -------- d-----w e:\program files\ZModeler
2009-03-25 06:12 . 2009-01-07 05:15 -------- d-----w e:\program files\iTunes
2009-03-25 06:11 . 2009-03-25 06:11 -------- d-----w e:\program files\iPod
2009-03-25 06:11 . 2009-01-07 05:14 -------- d-----w e:\program files\Common Files\Apple
2009-03-25 06:10 . 2009-01-07 05:15 -------- d-----w e:\program files\Bonjour
2009-03-25 06:10 . 2009-03-25 06:09 -------- d-----w e:\program files\QuickTime
2009-03-14 13:57 . 2009-03-14 13:57 -------- d-----w e:\program files\ESET
2009-03-13 14:41 . 2009-03-13 14:41 -------- d-----w e:\documents and settings\Michael\Application Data\ESET
2009-03-13 14:40 . 2009-01-03 18:46 -------- d-----w e:\documents and settings\All Users\Application Data\ESET
2009-03-13 14:10 . 2009-01-24 17:39 -------- d-----w e:\program files\ICQ6.5
2009-03-09 11:19 . 2009-03-10 00:32 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w e:\windows\system32\pdh.dll
2009-03-06 05:59 . 2009-01-07 05:14 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2002-08-29 12:00 826368 ----a-w e:\windows\system32\wininet.dll
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Common Files\Logitech
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Logitech
2009-02-23 04:01 . 2009-02-23 04:01 -------- d-----w e:\documents and settings\Michael\Application Data\GlobalSCAPE
2009-02-23 03:59 . 2009-02-23 03:59 -------- d-----w e:\program files\GlobalSCAPE
2009-02-23 03:59 . 2009-01-03 17:32 -------- d--h--w e:\program files\InstallShield Installation Information
2009-02-22 04:36 . 2009-02-22 04:34 -------- d-----w e:\program files\Ultimate Unwrap3D
2009-02-20 18:09 . 2009-01-03 17:59 78336 ----a-w e:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2002-08-29 12:00 723456 ----a-w e:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 12:00 399360 ----a-w e:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 12:00 714752 ----a-w e:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 12:00 616960 ----a-w e:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w e:\windows\system32\win32k.sys
2009-02-06 17:22 . 2002-08-29 12:00 2136064 ----a-w e:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 12:00 110592 ----a-w e:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 12:00 35328 ----a-w e:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w e:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 12:00 55808 ----a-w e:\windows\system32\secur32.dll
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\system32\nvRegDev.dll
2009-01-23 02:26 . 2009-01-23 02:26 146120 ----a-w e:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-08-14 01:2008-08-14 01:02 02:10 . e:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_12.53.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 02:53 . 2008-10-25 02:53 54280 e:\windows\system32\drivers\epfwtdi.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 31240 e:\windows\system32\drivers\epfwndis.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 73224 e:\windows\system32\drivers\epfw.sys
+ 2008-10-25 02:46 . 2008-10-25 02:46 53256 e:\windows\system32\drivers\easdrv.sys
+ 2008-10-25 02:45 . 2008-10-25 02:45 39944 e:\windows\system32\drivers\eamon.sys
- 2009-04-13 13:02 . 2009-04-13 13:02 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-04-13 13:02 . 2009-04-18 13:11 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 10134 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\callmsi.exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 140544 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\egui.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"setup2.exe"="e:\windows\system32\setup2.exe" [2009-04-17 634368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="e:\windows\system32\nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="e:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="e:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="e:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Start WingMan Profiler"="e:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-18 515416]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-25 1451264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Shareaza\\Shareaza.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 .EsetTrialReset;Eset Trial Reset;e:\windows\system32\regedt32.exe [2002-08-29 3584]
R2 .norton2009Reset;Norton 2009 Reset;e:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-04-17 281625]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-02 00:24 41456]
R2 ekrn;Eset Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-25 468224]
R2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-18 951632]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2009-04-18 64160]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:19]

2009-04-17 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-18 e:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]

2009-01-22 e:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\e4nbsux2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ad.nl/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\program files\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 15:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
e:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-04-18 15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 21:55
ComboFix2.txt 2009-04-18 15:10
ComboFix3.txt 2009-04-18 12:55

Pre-Run: 16,253,784,064 bytes free
Post-Run: 16,243,859,456 bytes free

262 --- E O F --- 2009-04-18 12:32


Report •

#9
April 18, 2009 at 17:47:40
I can see why you still have problems, something is preventing this file from being deleted:

e:\windows\system32\antiwpa.dll

Probably an antivirus or anti-spyware program.

I see an Eset trial install on the computer, please uninstall it or turn it off then turn off Nortons and Ad-Aware and try to delete the files again as follows making sure you are offline when you turn you protection off.

One you delete the files restart the computer to restart your protection.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
e:\windows\system32\antiwpa.dll
E:\[u]0[/u]0000082

Folder::
e:\windows\system32\antiwpa.dll

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#10
April 18, 2009 at 19:12:10
ok it seems that anti-wpa is gone, this one is a though cookie to bite.

Combofix.txt:


ComboFix 09-04-19.01 - Michael 04/18/2009 19:53.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1485 [GMT -6:00]
Running from: e:\documents and settings\Michael\Desktop\toolb.exe
Command switches used :: e:\documents and settings\Michael\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated)
FW: ESET Persoonlijke firewall *disabled*
* Created a new restore point
* Resident AV is active


FILE ::
E:\[u]0[/u]0000082
e:\windows\system32\antiwpa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\antiwpa.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 01:41 . 2009-04-19 01:41 -------- d-----w E:\[u]0[/u]0000082
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\system32\MSVBVM60.DLL
2009-04-18 02:21 . 2009-04-06 21:32 15504 ----a-w e:\windows\system32\drivers\mbam.sys
2009-04-18 02:21 . 2009-04-06 21:32 38496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\system32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\system32\drivers\Lbd.sys
2009-04-18 01:18 . 2009-04-18 01:18 -------- dc-h--w e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 01:18 . 2009-04-18 01:19 -------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\system32\MRT.INI
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\system32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\system32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\system32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\system32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 723456 -c----w e:\windows\system32\dllcache\lsasrv.dll
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\system32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 22:33 . 2009-02-06 16:39 227840 -c----w e:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 22:33 . 2009-02-09 10:20 616960 -c----w e:\windows\system32\dllcache\advapi32.dll
2009-04-17 22:33 . 2009-02-09 10:20 714752 -c----w e:\windows\system32\dllcache\ntdll.dll
2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-17 20:09 . 2009-04-17 20:25 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-17 18:59 . 2008-10-19 03:42 332672 ----a-w e:\windows\system32\wgatray.exe.bak
2009-04-17 18:44 . 2009-04-17 18:44 -------- d-----w e:\documents and settings\Michael\Application Data\Malwarebytes
2009-04-17 18:36 . 2009-04-17 18:36 -------- d-----w e:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2009-04-17 17:33 . 2009-04-17 17:33 -------- d-----w e:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 17:21 . 2009-04-17 17:21 -------- d-----w e:\documents and settings\Michael\Local Settings\Application Data\Symantec
2009-04-17 17:15 . 2009-04-17 17:15 -------- d-----w e:\documents and settings\All Users\Application Data\Symantec
2009-04-17 17:14 . 2009-04-18 12:46 -------- d-----w e:\documents and settings\All Users\Application Data\Norton
2009-04-17 17:13 . 2009-04-17 17:13 -------- d-----w e:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\windows\Norton AntiVirus 2009
2009-04-17 16:37 . 2008-09-12 17:12 69168 ----a-w e:\windows\system32\drivers\sbapifs.sys
2009-04-17 16:37 . 2008-09-12 17:12 13360 ----a-w e:\windows\system32\drivers\sbaphd.sys
2009-04-17 16:32 . 2009-04-17 16:32 -------- d-----w e:\documents and settings\Michael\Application Data\Sunbelt
2009-04-17 16:29 . 2009-04-17 16:29 -------- d-----w e:\documents and settings\All Users\Application Data\Sunbelt
2009-04-17 16:27 . 2008-10-09 16:21 202928 ----a-w e:\windows\system32\drivers\sbtis.sys
2009-04-17 15:29 . 2009-04-17 17:44 -------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2009-04-17 13:27 . 2009-04-17 13:27 -------- d-----w e:\windows\system32\logs
2009-04-17 13:25 . 2009-04-17 13:25 -------- d-----w e:\windows\system32\URTTEMP
2009-04-14 00:47 . 2007-08-27 23:08 58 ----a-w e:\windows\system32\msadio.dll
2009-04-12 03:32 . 2005-05-26 21:34 2297552 ----a-w e:\windows\system32\d3dx9_26.dll
2009-04-11 14:13 . 2009-04-11 14:13 -------- d-----w e:\documents and settings\Michael\Application Data\Stellarium
2009-03-25 06:11 . 2009-03-25 06:12 -------- d-----w e:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 06:08 . 2009-03-06 05:59 1900544 ----a-w e:\windows\system32\usbaaplrc.dll
2009-03-21 14:18 . 2009-03-21 14:18 986112 -c----w e:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 22:40 . 2009-01-03 17:41 -------- d-----w e:\documents and settings\Michael\Application Data\Azureus
2009-04-18 22:08 . 2002-08-29 12:00 502272 ----a-w e:\windows\system32\winlogon.exe
2009-04-18 13:00 . 2009-01-03 17:03 -------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-04-18 13:00 . 2009-04-17 18:36 -------- d-----w e:\program files\SUPERAntiSpyware
2009-04-18 02:33 . 2009-04-18 02:32 5432 ----a-w E:\rapport.txt
2009-04-18 02:24 . 2009-04-17 17:33 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-18 02:05 . 2009-02-27 02:47 -------- d-----w e:\program files\rFactor
2009-04-18 01:18 . 2009-04-18 01:18 -------- d-----w e:\program files\Lavasoft
2009-04-17 20:11 . 2009-04-11 14:08 -------- d-----w e:\program files\WinStars2
2009-04-17 20:11 . 2009-04-03 13:40 -------- d-----w e:\program files\TVPCElite
2009-04-17 20:10 . 2009-04-03 12:59 -------- d-----w e:\program files\SatelliteTVforPC
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\program files\Norton AntiVirus 2009
2009-04-17 16:27 . 2009-04-17 16:27 -------- d-----w e:\program files\Sunbelt Software
2009-04-17 16:24 . 2009-04-17 13:26 -------- d-----w e:\program files\BitDefender
2009-04-17 15:06 . 2009-01-03 17:40 -------- d-----w e:\program files\Vuze
2009-04-17 14:08 . 2009-04-17 14:07 216532 ----a-w E:\coreuninstall.log
2009-04-15 11:05 . 2009-02-07 03:01 -------- d-----w e:\program files\Polygon Cruncher
2009-04-14 00:47 . 2009-04-14 00:47 -------- d-----w e:\program files\DVD-Cloner Platinum
2009-04-12 20:02 . 2009-01-03 18:32 -------- d-----w e:\documents and settings\Michael\Application Data\GrabIt
2009-04-12 15:37 . 2009-01-03 17:41 46824 ----a-w e:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 03:36 . 2009-01-03 19:22 -------- d-----w e:\program files\Common Files\Autodesk Shared
2009-04-12 03:35 . 2009-01-03 19:23 -------- d-----w e:\program files\Autodesk
2009-04-03 21:03 . 2009-04-03 21:03 -------- d-----w e:\program files\GOPlayer
2009-04-03 12:18 . 2009-03-10 00:32 -------- d-----w e:\program files\Java
2009-03-27 16:09 . 2009-01-26 02:51 -------- d-----w e:\program files\ZaZ Gp4 tools
2009-03-27 15:57 . 2009-01-21 04:07 -------- d-----w e:\program files\ZModeler
2009-03-25 06:12 . 2009-01-07 05:15 -------- d-----w e:\program files\iTunes
2009-03-25 06:11 . 2009-03-25 06:11 -------- d-----w e:\program files\iPod
2009-03-25 06:11 . 2009-01-07 05:14 -------- d-----w e:\program files\Common Files\Apple
2009-03-25 06:10 . 2009-01-07 05:15 -------- d-----w e:\program files\Bonjour
2009-03-25 06:10 . 2009-03-25 06:09 -------- d-----w e:\program files\QuickTime
2009-03-14 13:57 . 2009-03-14 13:57 -------- d-----w e:\program files\ESET
2009-03-13 14:41 . 2009-03-13 14:41 -------- d-----w e:\documents and settings\Michael\Application Data\ESET
2009-03-13 14:40 . 2009-01-03 18:46 -------- d-----w e:\documents and settings\All Users\Application Data\ESET
2009-03-13 14:10 . 2009-01-24 17:39 -------- d-----w e:\program files\ICQ6.5
2009-03-09 11:19 . 2009-03-10 00:32 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w e:\windows\system32\pdh.dll
2009-03-06 05:59 . 2009-01-07 05:14 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2002-08-29 12:00 826368 ----a-w e:\windows\system32\wininet.dll
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Common Files\Logitech
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Logitech
2009-02-23 04:01 . 2009-02-23 04:01 -------- d-----w e:\documents and settings\Michael\Application Data\GlobalSCAPE
2009-02-23 03:59 . 2009-02-23 03:59 -------- d-----w e:\program files\GlobalSCAPE
2009-02-23 03:59 . 2009-01-03 17:32 -------- d--h--w e:\program files\InstallShield Installation Information
2009-02-22 04:36 . 2009-02-22 04:34 -------- d-----w e:\program files\Ultimate Unwrap3D
2009-02-20 18:09 . 2009-01-03 17:59 78336 ----a-w e:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2002-08-29 12:00 723456 ----a-w e:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 12:00 399360 ----a-w e:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 12:00 714752 ----a-w e:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 12:00 616960 ----a-w e:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w e:\windows\system32\win32k.sys
2009-02-06 17:22 . 2002-08-29 12:00 2136064 ----a-w e:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 12:00 110592 ----a-w e:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 12:00 35328 ----a-w e:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w e:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 12:00 55808 ----a-w e:\windows\system32\secur32.dll
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\system32\nvRegDev.dll
2009-01-23 02:26 . 2009-01-23 02:26 146120 ----a-w e:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-08-14 01:2008-08-14 01:02 02:10 . e:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2002-08-29 12:00 516608 2246D8D8F4714A2CEDB21AB9B1849ABB e:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE e:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E e:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe
[-] 2009-04-18 22:08 502272 6E8CA4FCB30282F216F5DB9DD58A5F81 e:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_12.53.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 01:58 . 2009-04-19 01:58 16384 e:\windows\temp\Perflib_Perfdata_618.dat
+ 2008-10-25 02:53 . 2008-10-25 02:53 54280 e:\windows\system32\drivers\epfwtdi.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 31240 e:\windows\system32\drivers\epfwndis.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 73224 e:\windows\system32\drivers\epfw.sys
+ 2008-10-25 02:46 . 2008-10-25 02:46 53256 e:\windows\system32\drivers\easdrv.sys
+ 2008-10-25 02:45 . 2008-10-25 02:45 39944 e:\windows\system32\drivers\eamon.sys
+ 2009-01-03 17:59 . 2004-08-04 06:56 32866 e:\windows\system32\dllcache\slrundll.exe
+ 2009-01-03 17:59 . 2004-08-04 06:56 32866 e:\windows\slrundll.exe
- 2009-01-03 17:59 . 2004-08-04 07:56 32866 e:\windows\slrundll.exe
+ 2009-04-13 13:02 . 2009-04-18 13:11 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
- 2009-04-13 13:02 . 2009-04-13 13:02 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 10134 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\callmsi.exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 140544 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\egui.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"setup2.exe"="e:\windows\system32\setup2.exe" [2009-04-17 634368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="e:\windows\system32\nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="e:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="e:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="e:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Start WingMan Profiler"="e:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-18 515416]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-25 1451264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Shareaza\\Shareaza.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 .EsetTrialReset;Eset Trial Reset;e:\windows\system32\regedt32.exe [2002-08-29 3584]
R2 .norton2009Reset;Norton 2009 Reset;e:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-04-17 281625]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-18 951632]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2009-04-18 64160]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-02 00:24 41456]
S2 ekrn;Eset Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-25 468224]
S2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:19]

2009-04-17 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-19 e:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]

2009-01-22 e:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\e4nbsux2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ad.nl/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\program files\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 20:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3412)
e:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\windows\system32\rundll32.exe
e:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-19 20:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 02:09
ComboFix2.txt 2009-04-18 21:55
ComboFix3.txt 2009-04-18 15:10
ComboFix4.txt 2009-04-18 12:55

Pre-Run: 16,286,842,880 bytes free
Post-Run: 16,277,086,208 bytes free

267 --- E O F --- 2009-04-18 12:32


Report •

#11
April 18, 2009 at 19:27:24
I took a picture of my screen it might help cause I don't like what I saw in my windows system32 folder.

[URL=http://img21.imageshack.us/my.php?image=weirdk.jpg][IMG]http://img21.imageshack.us/img21/1089/weirdk.th.jpg[/IMG][/URL]


Report •

#12
April 18, 2009 at 19:37:54
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
e:\windows\system32\setup2.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setup2.exe"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#13
April 18, 2009 at 20:12:58
I got the new combofix.txt.it seems to be gone but i will do all the follow ups and report back

Report •

#14
April 18, 2009 at 20:13:52
Well I guess here is the txt:


ComboFix 09-04-19.01 - Michael 04/18/2009 20:51.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1431 [GMT -6:00]
Running from: e:\documents and settings\Michael\Desktop\toolb.exe
Command switches used :: e:\documents and settings\Michael\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated)
FW: ESET Persoonlijke firewall *disabled*
* Created a new restore point
* Resident AV is active


FILE ::
e:\windows\system32\setup2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\setup2.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 01:41 . 2009-04-19 01:41 -------- d-----w E:\[u]0[/u]0000082
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\system32\MSVBVM60.DLL
2009-04-18 02:21 . 2009-04-06 21:32 15504 ----a-w e:\windows\system32\drivers\mbam.sys
2009-04-18 02:21 . 2009-04-06 21:32 38496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\system32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\system32\drivers\Lbd.sys
2009-04-18 01:18 . 2009-04-18 01:18 -------- dc-h--w e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 01:18 . 2009-04-18 01:19 -------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\system32\MRT.INI
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\system32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\system32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\system32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\system32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 723456 -c----w e:\windows\system32\dllcache\lsasrv.dll
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\system32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 22:33 . 2009-02-06 16:39 227840 -c----w e:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 22:33 . 2009-02-09 10:20 616960 -c----w e:\windows\system32\dllcache\advapi32.dll
2009-04-17 22:33 . 2009-02-09 10:20 714752 -c----w e:\windows\system32\dllcache\ntdll.dll
2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-17 20:09 . 2009-04-17 20:25 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-17 18:59 . 2008-10-19 03:42 332672 ----a-w e:\windows\system32\wgatray.exe.bak
2009-04-17 18:44 . 2009-04-17 18:44 -------- d-----w e:\documents and settings\Michael\Application Data\Malwarebytes
2009-04-17 18:36 . 2009-04-17 18:36 -------- d-----w e:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2009-04-17 17:33 . 2009-04-17 17:33 -------- d-----w e:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 17:21 . 2009-04-17 17:21 -------- d-----w e:\documents and settings\Michael\Local Settings\Application Data\Symantec
2009-04-17 17:15 . 2009-04-17 17:15 -------- d-----w e:\documents and settings\All Users\Application Data\Symantec
2009-04-17 17:14 . 2009-04-18 12:46 -------- d-----w e:\documents and settings\All Users\Application Data\Norton
2009-04-17 17:13 . 2009-04-17 17:13 -------- d-----w e:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-17 16:37 . 2008-09-12 17:12 69168 ----a-w e:\windows\system32\drivers\sbapifs.sys
2009-04-17 16:37 . 2008-09-12 17:12 13360 ----a-w e:\windows\system32\drivers\sbaphd.sys
2009-04-17 16:32 . 2009-04-17 16:32 -------- d-----w e:\documents and settings\Michael\Application Data\Sunbelt
2009-04-17 16:29 . 2009-04-17 16:29 -------- d-----w e:\documents and settings\All Users\Application Data\Sunbelt
2009-04-17 16:27 . 2008-10-09 16:21 202928 ----a-w e:\windows\system32\drivers\sbtis.sys
2009-04-17 15:29 . 2009-04-17 17:44 -------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2009-04-17 13:27 . 2009-04-17 13:27 -------- d-----w e:\windows\system32\logs
2009-04-17 13:25 . 2009-04-17 13:25 -------- d-----w e:\windows\system32\URTTEMP
2009-04-14 00:47 . 2007-08-27 23:08 58 ----a-w e:\windows\system32\msadio.dll
2009-04-12 03:32 . 2005-05-26 21:34 2297552 ----a-w e:\windows\system32\d3dx9_26.dll
2009-04-11 14:13 . 2009-04-11 14:13 -------- d-----w e:\documents and settings\Michael\Application Data\Stellarium
2009-03-25 06:11 . 2009-03-25 06:12 -------- d-----w e:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 06:08 . 2009-03-06 05:59 1900544 ----a-w e:\windows\system32\usbaaplrc.dll
2009-03-21 14:18 . 2009-03-21 14:18 986112 -c----w e:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 02:51 . 2009-01-03 17:41 -------- d-----w e:\documents and settings\Michael\Application Data\Azureus
2009-04-18 22:08 . 2002-08-29 12:00 502272 ----a-w e:\windows\system32\winlogon.exe
2009-04-18 13:00 . 2009-01-03 17:03 -------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-04-18 13:00 . 2009-04-17 18:36 -------- d-----w e:\program files\SUPERAntiSpyware
2009-04-18 02:33 . 2009-04-18 02:32 5432 ----a-w E:\rapport.txt
2009-04-18 02:24 . 2009-04-17 17:33 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-18 02:05 . 2009-02-27 02:47 -------- d-----w e:\program files\rFactor
2009-04-18 01:18 . 2009-04-18 01:18 -------- d-----w e:\program files\Lavasoft
2009-04-17 20:11 . 2009-04-11 14:08 -------- d-----w e:\program files\WinStars2
2009-04-17 20:11 . 2009-04-03 13:40 -------- d-----w e:\program files\TVPCElite
2009-04-17 20:10 . 2009-04-03 12:59 -------- d-----w e:\program files\SatelliteTVforPC
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\program files\Norton AntiVirus 2009
2009-04-17 16:27 . 2009-04-17 16:27 -------- d-----w e:\program files\Sunbelt Software
2009-04-17 16:24 . 2009-04-17 13:26 -------- d-----w e:\program files\BitDefender
2009-04-17 15:06 . 2009-01-03 17:40 -------- d-----w e:\program files\Vuze
2009-04-17 14:08 . 2009-04-17 14:07 216532 ----a-w E:\coreuninstall.log
2009-04-15 11:05 . 2009-02-07 03:01 -------- d-----w e:\program files\Polygon Cruncher
2009-04-14 00:47 . 2009-04-14 00:47 -------- d-----w e:\program files\DVD-Cloner Platinum
2009-04-12 20:02 . 2009-01-03 18:32 -------- d-----w e:\documents and settings\Michael\Application Data\GrabIt
2009-04-12 15:37 . 2009-01-03 17:41 46824 ----a-w e:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 03:36 . 2009-01-03 19:22 -------- d-----w e:\program files\Common Files\Autodesk Shared
2009-04-12 03:35 . 2009-01-03 19:23 -------- d-----w e:\program files\Autodesk
2009-04-03 21:03 . 2009-04-03 21:03 -------- d-----w e:\program files\GOPlayer
2009-04-03 12:18 . 2009-03-10 00:32 -------- d-----w e:\program files\Java
2009-03-27 16:09 . 2009-01-26 02:51 -------- d-----w e:\program files\ZaZ Gp4 tools
2009-03-27 15:57 . 2009-01-21 04:07 -------- d-----w e:\program files\ZModeler
2009-03-25 06:12 . 2009-01-07 05:15 -------- d-----w e:\program files\iTunes
2009-03-25 06:11 . 2009-03-25 06:11 -------- d-----w e:\program files\iPod
2009-03-25 06:11 . 2009-01-07 05:14 -------- d-----w e:\program files\Common Files\Apple
2009-03-25 06:10 . 2009-01-07 05:15 -------- d-----w e:\program files\Bonjour
2009-03-25 06:10 . 2009-03-25 06:09 -------- d-----w e:\program files\QuickTime
2009-03-14 13:57 . 2009-03-14 13:57 -------- d-----w e:\program files\ESET
2009-03-13 14:41 . 2009-03-13 14:41 -------- d-----w e:\documents and settings\Michael\Application Data\ESET
2009-03-13 14:40 . 2009-01-03 18:46 -------- d-----w e:\documents and settings\All Users\Application Data\ESET
2009-03-13 14:10 . 2009-01-24 17:39 -------- d-----w e:\program files\ICQ6.5
2009-03-09 11:19 . 2009-03-10 00:32 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w e:\windows\system32\pdh.dll
2009-03-06 05:59 . 2009-01-07 05:14 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2002-08-29 12:00 826368 ----a-w e:\windows\system32\wininet.dll
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Common Files\Logitech
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Logitech
2009-02-23 04:01 . 2009-02-23 04:01 -------- d-----w e:\documents and settings\Michael\Application Data\GlobalSCAPE
2009-02-23 03:59 . 2009-02-23 03:59 -------- d-----w e:\program files\GlobalSCAPE
2009-02-23 03:59 . 2009-01-03 17:32 -------- d--h--w e:\program files\InstallShield Installation Information
2009-02-22 04:36 . 2009-02-22 04:34 -------- d-----w e:\program files\Ultimate Unwrap3D
2009-02-20 18:09 . 2009-01-03 17:59 78336 ----a-w e:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2002-08-29 12:00 723456 ----a-w e:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 12:00 399360 ----a-w e:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 12:00 714752 ----a-w e:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 12:00 616960 ----a-w e:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w e:\windows\system32\win32k.sys
2009-02-06 17:22 . 2002-08-29 12:00 2136064 ----a-w e:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 12:00 110592 ----a-w e:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 12:00 35328 ----a-w e:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w e:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 12:00 55808 ----a-w e:\windows\system32\secur32.dll
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\system32\nvRegDev.dll
2009-01-23 02:26 . 2009-01-23 02:26 146120 ----a-w e:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-08-14 01:2008-08-14 01:02 02:10 . e:\program files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------

[-] 2002-08-29 12:00 516608 2246D8D8F4714A2CEDB21AB9B1849ABB e:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE e:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E e:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe
[-] 2009-04-18 22:08 502272 6E8CA4FCB30282F216F5DB9DD58A5F81 e:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_12.53.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 02:54 . 2009-04-19 02:54 16384 e:\windows\temp\Perflib_Perfdata_61c.dat
+ 2008-10-25 02:53 . 2008-10-25 02:53 54280 e:\windows\system32\drivers\epfwtdi.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 31240 e:\windows\system32\drivers\epfwndis.sys
+ 2008-10-25 02:53 . 2008-10-25 02:53 73224 e:\windows\system32\drivers\epfw.sys
+ 2008-10-25 02:46 . 2008-10-25 02:46 53256 e:\windows\system32\drivers\easdrv.sys
+ 2008-10-25 02:45 . 2008-10-25 02:45 39944 e:\windows\system32\drivers\eamon.sys
+ 2009-01-03 17:59 . 2004-08-04 06:56 32866 e:\windows\system32\dllcache\slrundll.exe
+ 2009-01-03 17:59 . 2004-08-04 06:56 32866 e:\windows\slrundll.exe
- 2009-01-03 17:59 . 2004-08-04 07:56 32866 e:\windows\slrundll.exe
+ 2009-04-13 13:02 . 2009-04-18 13:11 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
- 2009-04-13 13:02 . 2009-04-13 13:02 29926 e:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 10134 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\callmsi.exe
+ 2009-04-18 12:59 . 2009-04-18 12:59 140544 e:\windows\Installer\{0EC82ED3-B062-44F7-86B6-57F6E059106A}\egui.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="e:\windows\system32\nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="e:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="e:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="e:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Start WingMan Profiler"="e:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-18 515416]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-25 1451264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Shareaza\\Shareaza.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 .EsetTrialReset;Eset Trial Reset;e:\windows\system32\regedt32.exe [2002-08-29 3584]
R2 .norton2009Reset;Norton 2009 Reset;e:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-04-17 281625]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-18 951632]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2009-04-18 64160]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-02 00:24 41456]
S2 ekrn;Eset Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-25 468224]
S2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:19]

2009-04-17 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-19 e:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]

2009-01-22 e:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\e4nbsux2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ad.nl/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\program files\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 20:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3564)
e:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\wdfmgr.exe
e:\windows\system32\rundll32.exe
e:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\program files\iPod\bin\iPodService.exe
e:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-19 21:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 03:03
ComboFix2.txt 2009-04-19 02:09
ComboFix3.txt 2009-04-18 21:55
ComboFix4.txt 2009-04-18 15:10
ComboFix5.txt 2009-04-19 02:51

Pre-Run: 16,207,835,136 bytes free
Post-Run: 16,198,205,440 bytes free

266 --- E O F --- 2009-04-18 12:32


Report •

#15
April 19, 2009 at 06:22:39
here is the kaspersky txt file.
I can't say how much I appreciate your help.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 19, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 19, 2009 06:10:08
Records in database: 2059909
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 197512
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 04:35:59


File name / Threat name / Threats count
C:\GrabIt Downloads\YouTubeGet\YOUTUBEGET VERSION 4\.y.g.exe Infected: Trojan.Win32.Delf.dlc 1
C:\GrabIt Downloads\YouTubeGet\YOUTUBEGET VERSION 4.rar Infected: Trojan.Win32.Delf.dlc 1

The selected area was scanned.


Report •

#16
April 19, 2009 at 08:18:37
Navigate to ans delete these files:

C:\GrabIt Downloads\YouTubeGet\YOUTUBEGET VERSION 4\.y.g.exe


C:\GrabIt Downloads\YouTubeGet\YOUTUBEGET VERSION 4.rar

Your computer should be clean after you remove the suggested files.


Next, go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#17
April 19, 2009 at 08:44:43
It's operating fine again but all those files in the system32 folder do concern me.
Is there a way I can show you with a picture of the folder ?

Many thanks for your help
We fought and concurred


Report •

#18
April 19, 2009 at 10:03:26
They are all fake files but we can clean most of them.

This will probably be a huge file and may take more than one post to get it posted so post it in segments if needed.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
DIRLOOK::
C:\Windows/system32

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#19
April 19, 2009 at 11:51:44
Well here is what combofix cam up with.


ComboFix 09-04-19.05 - Michael 04/19/2009 12:43.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1502 [GMT -6:00]
Running from: e:\documents and settings\Michael\Desktop\tools.exe
Command switches used :: e:\documents and settings\Michael\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated)
FW: ESET Persoonlijke firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\docume~1\Michael\LOCALS~1\Temp\swt-gdip-win32-3448.dll
e:\docume~1\Michael\LOCALS~1\Temp\swt-win32-3448.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-19 15:58 . 2009-04-19 15:58 -------- d-----w e:\documents and settings\Michael\Application Data\Xilisoft Corporation
2009-04-19 15:31 . 2001-08-18 04:37 24576 -c--a-w e:\windows\system32\dllcache\agcgauge.ax
2009-04-19 15:24 . 2009-04-19 15:24 -------- d-----w E:\toolb
2009-04-19 01:41 . 2009-04-19 01:41 -------- d-----w E:\[u]0[/u]0000082
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\system32\MSVBVM60.DLL
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\system32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\system32\drivers\Lbd.sys
2009-04-18 01:18 . 2009-04-18 01:18 -------- dc-h--w e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 01:18 . 2009-04-18 01:19 -------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\system32\MRT.INI
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\system32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\system32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\system32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\system32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\system32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 22:33 . 2009-02-06 16:39 227840 -c----w e:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-17 20:09 . 2009-04-19 18:35 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-17 18:59 . 2008-10-19 03:42 332672 ----a-w e:\windows\system32\wgatray.exe.bak
2009-04-17 18:44 . 2009-04-17 18:44 -------- d-----w e:\documents and settings\Michael\Application Data\Malwarebytes
2009-04-17 18:36 . 2009-04-17 18:36 -------- d-----w e:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2009-04-17 17:33 . 2009-04-17 17:33 -------- d-----w e:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 17:21 . 2009-04-17 17:21 -------- d-----w e:\documents and settings\Michael\Local Settings\Application Data\Symantec
2009-04-17 17:15 . 2009-04-17 17:15 -------- d-----w e:\documents and settings\All Users\Application Data\Symantec
2009-04-17 17:14 . 2009-04-18 12:46 -------- d-----w e:\documents and settings\All Users\Application Data\Norton
2009-04-17 17:13 . 2009-04-17 17:13 -------- d-----w e:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-17 16:37 . 2008-09-12 17:12 69168 ----a-w e:\windows\system32\drivers\sbapifs.sys
2009-04-17 16:37 . 2008-09-12 17:12 13360 ----a-w e:\windows\system32\drivers\sbaphd.sys
2009-04-17 16:32 . 2009-04-17 16:32 -------- d-----w e:\documents and settings\Michael\Application Data\Sunbelt
2009-04-17 16:29 . 2009-04-17 16:29 -------- d-----w e:\documents and settings\All Users\Application Data\Sunbelt
2009-04-17 16:27 . 2008-10-09 16:21 202928 ----a-w e:\windows\system32\drivers\sbtis.sys
2009-04-17 15:29 . 2009-04-19 16:26 -------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2009-04-17 13:27 . 2009-04-17 13:27 -------- d-----w e:\windows\system32\logs
2009-04-17 13:25 . 2009-04-17 13:25 -------- d-----w e:\windows\system32\URTTEMP
2009-04-14 00:47 . 2007-08-27 23:08 58 ----a-w e:\windows\system32\msadio.dll
2009-04-12 03:32 . 2005-05-26 21:34 2297552 ----a-w e:\windows\system32\d3dx9_26.dll
2009-04-11 14:13 . 2009-04-11 14:13 -------- d-----w e:\documents and settings\Michael\Application Data\Stellarium
2009-03-25 06:11 . 2009-03-25 06:12 -------- d-----w e:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 06:08 . 2009-03-06 05:59 1900544 ----a-w e:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 18:46 . 2009-01-03 17:41 -------- d-----w e:\documents and settings\Michael\Application Data\Azureus
2009-04-19 18:32 . 2002-08-29 12:00 502272 ----a-w e:\windows\system32\winlogon.exe
2009-04-19 18:25 . 2009-04-17 17:33 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-19 15:58 . 2009-04-19 15:58 -------- d-----w e:\program files\Xilisoft
2009-04-19 15:38 . 2009-04-19 15:37 -------- d-----w e:\program files\SpywareBlaster
2009-04-19 03:58 . 2009-04-17 16:27 -------- d-----w e:\program files\Sunbelt Software
2009-04-18 13:00 . 2009-01-03 17:03 -------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-04-18 02:33 . 2009-04-18 02:32 5432 ----a-w E:\rapport.txt
2009-04-18 02:05 . 2009-02-27 02:47 -------- d-----w e:\program files\rFactor
2009-04-18 01:18 . 2009-04-18 01:18 -------- d-----w e:\program files\Lavasoft
2009-04-17 20:11 . 2009-04-11 14:08 -------- d-----w e:\program files\WinStars2
2009-04-17 20:11 . 2009-04-03 13:40 -------- d-----w e:\program files\TVPCElite
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\program files\Norton AntiVirus 2009
2009-04-17 16:24 . 2009-04-17 13:26 -------- d-----w e:\program files\BitDefender
2009-04-17 15:06 . 2009-01-03 17:40 -------- d-----w e:\program files\Vuze
2009-04-17 14:08 . 2009-04-17 14:07 216532 ----a-w E:\coreuninstall.log
2009-04-15 11:05 . 2009-02-07 03:01 -------- d-----w e:\program files\Polygon Cruncher
2009-04-14 00:47 . 2009-04-14 00:47 -------- d-----w e:\program files\DVD-Cloner Platinum
2009-04-12 20:02 . 2009-01-03 18:32 -------- d-----w e:\documents and settings\Michael\Application Data\GrabIt
2009-04-12 15:37 . 2009-01-03 17:41 46824 ----a-w e:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 03:36 . 2009-01-03 19:22 -------- d-----w e:\program files\Common Files\Autodesk Shared
2009-04-12 03:35 . 2009-01-03 19:23 -------- d-----w e:\program files\Autodesk
2009-04-03 21:03 . 2009-04-03 21:03 -------- d-----w e:\program files\GOPlayer
2009-04-03 12:18 . 2009-03-10 00:32 -------- d-----w e:\program files\Java
2009-03-27 16:09 . 2009-01-26 02:51 -------- d-----w e:\program files\ZaZ Gp4 tools
2009-03-27 15:57 . 2009-01-21 04:07 -------- d-----w e:\program files\ZModeler
2009-03-25 06:12 . 2009-01-07 05:15 -------- d-----w e:\program files\iTunes
2009-03-25 06:11 . 2009-03-25 06:11 -------- d-----w e:\program files\iPod
2009-03-25 06:11 . 2009-01-07 05:14 -------- d-----w e:\program files\Common Files\Apple
2009-03-25 06:10 . 2009-01-07 05:15 -------- d-----w e:\program files\Bonjour
2009-03-25 06:10 . 2009-03-25 06:09 -------- d-----w e:\program files\QuickTime
2009-03-14 13:57 . 2009-03-14 13:57 -------- d-----w e:\program files\ESET
2009-03-13 14:41 . 2009-03-13 14:41 -------- d-----w e:\documents and settings\Michael\Application Data\ESET
2009-03-13 14:40 . 2009-01-03 18:46 -------- d-----w e:\documents and settings\All Users\Application Data\ESET
2009-03-13 14:10 . 2009-01-24 17:39 -------- d-----w e:\program files\ICQ6.5
2009-03-09 11:19 . 2009-03-10 00:32 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w e:\windows\system32\pdh.dll
2009-03-06 05:59 . 2009-01-07 05:14 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2002-08-29 12:00 826368 ----a-w e:\windows\system32\wininet.dll
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Common Files\Logitech
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Logitech
2009-02-23 04:01 . 2009-02-23 04:01 -------- d-----w e:\documents and settings\Michael\Application Data\GlobalSCAPE
2009-02-23 03:59 . 2009-02-23 03:59 -------- d-----w e:\program files\GlobalSCAPE
2009-02-23 03:59 . 2009-01-03 17:32 -------- d--h--w e:\program files\InstallShield Installation Information
2009-02-22 04:36 . 2009-02-22 04:34 -------- d-----w e:\program files\Ultimate Unwrap3D
2009-02-20 18:09 . 2009-01-03 17:59 78336 ----a-w e:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2002-08-29 12:00 723456 ----a-w e:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 12:00 399360 ----a-w e:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 12:00 714752 ----a-w e:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 12:00 616960 ----a-w e:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w e:\windows\system32\win32k.sys
2009-02-06 17:22 . 2002-08-29 12:00 2136064 ----a-w e:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 12:00 110592 ----a-w e:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 12:00 35328 ----a-w e:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w e:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 12:00 55808 ----a-w e:\windows\system32\secur32.dll
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\system32\nvRegDev.dll
2009-01-23 02:26 . 2009-01-23 02:26 146120 ----a-w e:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-08-14 01:2008-08-14 01:02 02:10 . e:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Windows/system32 ----

((((((((((((((((((((((((((((( SnapShot@2009-04-19_18.18.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 18:37 . 2009-04-19 18:37 16384 e:\windows\temp\Perflib_Perfdata_7c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="e:\windows\system32\nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl8"="e:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="e:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="e:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Start WingMan Profiler"="e:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="e:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-18 515416]
"egui"="e:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-25 1451264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"e:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Shareaza\\Shareaza.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 .EsetTrialReset;Eset Trial Reset;e:\windows\system32\regedt32.exe [2002-08-29 3584]
R2 .norton2009Reset;Norton 2009 Reset;e:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-04-17 281625]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-18 951632]
S0 Lbd;Lbd;e:\windows\system32\DRIVERS\Lbd.sys [2009-04-18 64160]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-02 00:24 41456]
S2 ekrn;Eset Service;e:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-25 468224]
S2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:19]

2009-04-17 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-04-19 e:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]

2009-04-19 e:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2009-01-04 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with Xilisoft YouTube Video Converter - e:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\e4nbsux2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ad.nl/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: e:\program files\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 12:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3828)
e:\windows\system32\msi.dll
.
Completion time: 2009-04-19 12:48
ComboFix-quarantined-files.txt 2009-04-19 18:48
ComboFix2.txt 2009-04-19 18:20
ComboFix3.txt 2009-04-19 03:03

Pre-Run: 17,212,219,392 bytes free
Post-Run: 17,199,321,088 bytes free

228 --- E O F --- 2009-04-18 12:32


Report •

#20
April 19, 2009 at 12:44:54
Looks like I made a typo.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
DIRLOOK::
C:\Windows\System32

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#21
April 19, 2009 at 15:55:22
My mistake as well my main drive is the E drive but I managed to do it. It's gonna be a long one.

ComboFix 09-04-20.02 - Michael 04/19/2009 15:07.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1322 [GMT -6:00]
Running from: e:\documents and settings\Michael\Desktop\tools.exe
Command switches used :: e:\documents and settings\Michael\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated)
FW: ESET Persoonlijke firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-19 15:58 . 2009-04-19 15:58 -------- d-----w e:\documents and settings\Michael\Application Data\Xilisoft Corporation
2009-04-19 15:31 . 2001-08-18 04:37 24576 -c--a-w e:\windows\system32\dllcache\agcgauge.ax
2009-04-19 15:24 . 2009-04-19 15:24 -------- d-----w E:\toolb
2009-04-19 01:41 . 2009-04-19 01:41 -------- d-----w E:\[u]0[/u]0000082
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\system32\MSVBVM60.DLL
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\system32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\system32\drivers\Lbd.sys
2009-04-18 01:18 . 2009-04-18 01:18 -------- dc-h--w e:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-18 01:18 . 2009-04-18 01:19 -------- d-----w e:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\system32\MRT.INI
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\system32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\system32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\system32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\system32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\system32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 22:33 . 2009-02-06 16:39 227840 -c----w e:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 20:44 . 2009-04-17 20:44 -------- d-----w e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-17 20:09 . 2009-04-19 18:35 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-17 18:59 . 2008-10-19 03:42 332672 ----a-w e:\windows\system32\wgatray.exe.bak
2009-04-17 18:44 . 2009-04-17 18:44 -------- d-----w e:\documents and settings\Michael\Application Data\Malwarebytes
2009-04-17 18:36 . 2009-04-17 18:36 -------- d-----w e:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2009-04-17 17:33 . 2009-04-17 17:33 -------- d-----w e:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 17:21 . 2009-04-17 17:21 -------- d-----w e:\documents and settings\Michael\Local Settings\Application Data\Symantec
2009-04-17 17:15 . 2009-04-17 17:15 -------- d-----w e:\documents and settings\All Users\Application Data\Symantec
2009-04-17 17:14 . 2009-04-18 12:46 -------- d-----w e:\documents and settings\All Users\Application Data\Norton
2009-04-17 17:13 . 2009-04-17 17:13 -------- d-----w e:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-17 16:37 . 2008-09-12 17:12 69168 ----a-w e:\windows\system32\drivers\sbapifs.sys
2009-04-17 16:37 . 2008-09-12 17:12 13360 ----a-w e:\windows\system32\drivers\sbaphd.sys
2009-04-17 16:32 . 2009-04-17 16:32 -------- d-----w e:\documents and settings\Michael\Application Data\Sunbelt
2009-04-17 16:29 . 2009-04-17 16:29 -------- d-----w e:\documents and settings\All Users\Application Data\Sunbelt
2009-04-17 16:27 . 2008-10-09 16:21 202928 ----a-w e:\windows\system32\drivers\sbtis.sys
2009-04-17 15:29 . 2009-04-19 16:26 -------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2009-04-17 13:27 . 2009-04-17 13:27 -------- d-----w e:\windows\system32\logs
2009-04-17 13:25 . 2009-04-17 13:25 -------- d-----w e:\windows\system32\URTTEMP
2009-04-14 00:47 . 2007-08-27 23:08 58 ----a-w e:\windows\system32\msadio.dll
2009-04-12 03:32 . 2005-05-26 21:34 2297552 ----a-w e:\windows\system32\d3dx9_26.dll
2009-04-11 14:13 . 2009-04-11 14:13 -------- d-----w e:\documents and settings\Michael\Application Data\Stellarium
2009-03-25 06:11 . 2009-03-25 06:12 -------- d-----w e:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 06:08 . 2009-03-06 05:59 1900544 ----a-w e:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:07 . 2009-01-03 17:41 -------- d-----w e:\documents and settings\Michael\Application Data\Azureus
2009-04-19 18:32 . 2002-08-29 12:00 502272 ----a-w e:\windows\system32\winlogon.exe
2009-04-19 18:25 . 2009-04-17 17:33 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-19 15:58 . 2009-04-19 15:58 -------- d-----w e:\program files\Xilisoft
2009-04-19 15:38 . 2009-04-19 15:37 -------- d-----w e:\program files\SpywareBlaster
2009-04-19 03:58 . 2009-04-17 16:27 -------- d-----w e:\program files\Sunbelt Software
2009-04-18 13:00 . 2009-01-03 17:03 -------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-04-18 02:33 . 2009-04-18 02:32 5432 ----a-w E:\rapport.txt
2009-04-18 02:05 . 2009-02-27 02:47 -------- d-----w e:\program files\rFactor
2009-04-18 01:18 . 2009-04-18 01:18 -------- d-----w e:\program files\Lavasoft
2009-04-17 20:11 . 2009-04-11 14:08 -------- d-----w e:\program files\WinStars2
2009-04-17 20:11 . 2009-04-03 13:40 -------- d-----w e:\program files\TVPCElite
2009-04-17 17:04 . 2009-04-17 17:04 -------- d-----w e:\program files\Norton AntiVirus 2009
2009-04-17 16:24 . 2009-04-17 13:26 -------- d-----w e:\program files\BitDefender
2009-04-17 15:06 . 2009-01-03 17:40 -------- d-----w e:\program files\Vuze
2009-04-17 14:08 . 2009-04-17 14:07 216532 ----a-w E:\coreuninstall.log
2009-04-15 11:05 . 2009-02-07 03:01 -------- d-----w e:\program files\Polygon Cruncher
2009-04-14 00:47 . 2009-04-14 00:47 -------- d-----w e:\program files\DVD-Cloner Platinum
2009-04-12 20:02 . 2009-01-03 18:32 -------- d-----w e:\documents and settings\Michael\Application Data\GrabIt
2009-04-12 15:37 . 2009-01-03 17:41 46824 ----a-w e:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 03:36 . 2009-01-03 19:22 -------- d-----w e:\program files\Common Files\Autodesk Shared
2009-04-12 03:35 . 2009-01-03 19:23 -------- d-----w e:\program files\Autodesk
2009-04-03 21:03 . 2009-04-03 21:03 -------- d-----w e:\program files\GOPlayer
2009-04-03 12:18 . 2009-03-10 00:32 -------- d-----w e:\program files\Java
2009-03-27 16:09 . 2009-01-26 02:51 -------- d-----w e:\program files\ZaZ Gp4 tools
2009-03-27 15:57 . 2009-01-21 04:07 -------- d-----w e:\program files\ZModeler
2009-03-25 06:12 . 2009-01-07 05:15 -------- d-----w e:\program files\iTunes
2009-03-25 06:11 . 2009-03-25 06:11 -------- d-----w e:\program files\iPod
2009-03-25 06:11 . 2009-01-07 05:14 -------- d-----w e:\program files\Common Files\Apple
2009-03-25 06:10 . 2009-01-07 05:15 -------- d-----w e:\program files\Bonjour
2009-03-25 06:10 . 2009-03-25 06:09 -------- d-----w e:\program files\QuickTime
2009-03-14 13:57 . 2009-03-14 13:57 -------- d-----w e:\program files\ESET
2009-03-13 14:41 . 2009-03-13 14:41 -------- d-----w e:\documents and settings\Michael\Application Data\ESET
2009-03-13 14:40 . 2009-01-03 18:46 -------- d-----w e:\documents and settings\All Users\Application Data\ESET
2009-03-13 14:10 . 2009-01-24 17:39 -------- d-----w e:\program files\ICQ6.5
2009-03-09 11:19 . 2009-03-10 00:32 410984 ----a-w e:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2002-08-29 12:00 283648 ----a-w e:\windows\system32\pdh.dll
2009-03-06 05:59 . 2009-01-07 05:14 36864 ----a-w e:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2002-08-29 12:00 826368 ----a-w e:\windows\system32\wininet.dll
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Common Files\Logitech
2009-03-02 22:04 . 2009-03-02 22:04 -------- d-----w e:\program files\Logitech
2009-02-23 04:01 . 2009-02-23 04:01 -------- d-----w e:\documents and settings\Michael\Application Data\GlobalSCAPE
2009-02-23 03:59 . 2009-02-23 03:59 -------- d-----w e:\program files\GlobalSCAPE
2009-02-23 03:59 . 2009-01-03 17:32 -------- d--h--w e:\program files\InstallShield Installation Information
2009-02-22 04:36 . 2009-02-22 04:34 -------- d-----w e:\program files\Ultimate Unwrap3D
2009-02-20 18:09 . 2009-01-03 17:59 78336 ----a-w e:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2002-08-29 12:00 723456 ----a-w e:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2002-08-29 12:00 399360 ----a-w e:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2002-08-29 12:00 714752 ----a-w e:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2002-08-29 12:00 616960 ----a-w e:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w e:\windows\system32\win32k.sys
2009-02-06 17:22 . 2002-08-29 12:00 2136064 ----a-w e:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2002-08-29 12:00 110592 ----a-w e:\windows\system32\services.exe
2009-02-06 16:54 . 2002-08-29 12:00 35328 ----a-w e:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w e:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2002-08-29 12:00 55808 ----a-w e:\windows\system32\secur32.dll
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\system32\nvRegDev.dll
2009-01-23 02:26 . 2009-01-23 02:26 146120 ----a-w e:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-08-14 01:2008-08-14 01:02 02:10 . e:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of e:\windows\System32 ----

2009-04-19 21:06 . 2009-04-19 21:06 388608 ----a-w e:\windows\System32\CF27762.exe
2009-04-19 15:31 . 2001-08-18 04:37 24576 -c--a-w e:\windows\System32\dllcache\agcgauge.ax
2009-04-19 15:30 . 2001-08-17 20:07 101888 -c--a-w e:\windows\System32\dllcache\adpu160m.sys
2009-04-19 15:30 . 2001-08-17 18:11 46112 -c--a-w e:\windows\System32\dllcache\adptsf50.sys
2009-04-19 15:30 . 2004-08-04 04:32 10880 -c--a-w e:\windows\System32\dllcache\admjoy.sys
2009-04-19 15:30 . 2001-08-17 18:19 747392 -c--a-w e:\windows\System32\dllcache\adm8830.sys
2009-04-19 15:30 . 2001-08-17 18:19 553984 -c--a-w e:\windows\System32\dllcache\adm8820.sys
2009-04-19 15:30 . 2001-08-17 18:19 584448 -c--a-w e:\windows\System32\dllcache\adm8810.sys
2009-04-19 15:30 . 2001-08-17 18:11 20160 -c--a-w e:\windows\System32\dllcache\adm8511.sys
2009-04-19 15:30 . 2001-08-17 19:53 7424 -c--a-w e:\windows\System32\dllcache\adicvls.sys
2009-04-19 15:30 . 2001-08-18 04:36 61440 -c--a-w e:\windows\System32\dllcache\acerscad.dll
2009-04-19 15:30 . 2004-08-04 04:32 84480 -c--a-w e:\windows\System32\dllcache\ac97via.sys
2009-04-19 15:30 . 2001-08-17 18:20 297728 -c--a-w e:\windows\System32\dllcache\ac97sis.sys
2009-04-19 15:30 . 2001-08-17 18:20 96256 -c--a-w e:\windows\System32\dllcache\ac97intc.sys
2009-04-19 15:30 . 2004-08-04 04:32 231552 -c--a-w e:\windows\System32\dllcache\ac97ali.sys
2009-04-19 15:30 . 2001-08-17 19:52 23552 -c--a-w e:\windows\System32\dllcache\abp480n5.sys
2009-04-19 15:30 . 2001-08-18 04:36 462848 -c--a-w e:\windows\System32\dllcache\a3dapi.dll
2009-04-19 15:30 . 2001-08-18 04:36 98304 -c--a-w e:\windows\System32\dllcache\a3d.dll
2009-04-19 15:30 . 2001-08-17 20:55 38400 -c--a-w e:\windows\System32\dllcache\8514a.dll
2009-04-19 15:30 . 2004-08-04 05:10 48128 -c--a-w e:\windows\System32\dllcache\61883.sys
2009-04-19 15:30 . 2004-08-04 05:00 12288 -c--a-w e:\windows\System32\dllcache\4mmdat.sys
2009-04-19 15:30 . 2001-08-17 18:48 148352 -c--a-w e:\windows\System32\dllcache\3dfxvsm.sys
2009-04-19 15:30 . 2001-08-17 20:55 689216 -c--a-w e:\windows\System32\dllcache\3dfxvs.dll
2009-04-19 15:30 . 2001-08-17 19:28 762780 -c--a-w e:\windows\System32\dllcache\3cwmcru.sys
2009-04-19 15:30 . 2001-08-17 20:06 11264 -c--a-w e:\windows\System32\dllcache\1394vdbg.sys
2009-04-19 15:30 . 2001-08-17 20:56 66048 -c--a-w e:\windows\System32\dllcache\s3legacy.dll
2009-04-19 15:25 . 2009-04-19 15:25 78 ----a-w e:\windows\System32\Restore\MachineGuid.txt
2009-04-18 02:32 . 2009-04-18 02:32 0 ----a-w e:\windows\System32\tmp.txt
2009-04-18 02:23 . 2004-02-23 07:00 1386496 ----a-w e:\windows\System32\MSVBVM60.DLL
2009-04-18 02:16 . 2009-04-19 18:36 978 ----a-w e:\windows\System32\wbem\Logs\wbemprox.log
2009-04-18 02:05 . 2009-04-18 01:19 15688 ----a-w e:\windows\System32\lsdelete.exe
2009-04-18 01:20 . 2009-04-18 01:19 64160 ----a-w e:\windows\System32\drivers\Lbd.sys
2009-04-18 01:20 . 2009-04-18 01:19 64160 -c--a-w e:\windows\System32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.sys
2009-04-18 01:20 . 2009-04-18 01:19 6460 -c--a-w e:\windows\System32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\Lbd.cat
2009-04-18 01:20 . 2008-12-02 14:00 3247 -c--a-w e:\windows\System32\DRVSTORE\lbd_1D149FE61E2CD0936E43877117FE3EF0674B9944\lbd.inf
2009-04-18 00:16 . 2009-03-21 17:26 11612 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB959426.cat
2009-04-18 00:15 . 2008-12-21 00:08 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB961373.cat
2009-04-18 00:15 . 2009-03-03 01:26 31396 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB963027-IE7.cat
2009-04-18 00:15 . 2009-04-18 00:15 197 ----a-w e:\windows\System32\MRT.INI
2009-04-18 00:13 . 2009-03-06 18:33 29707 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB956572.cat
2009-04-18 00:13 . 2008-06-12 15:35 19491 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB952004.cat
2009-04-18 00:12 . 2008-12-16 13:52 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB960803.cat
2009-04-17 23:09 . 2009-04-17 23:09 388 --sha-w e:\windows\System32\Microsoft\Protect\S-1-5-18\c825bb0c-11b7-4694-aec5-29df00e23038
2009-04-17 22:33 . 2009-03-06 14:44 283648 -c----w e:\windows\System32\dllcache\pdh.dll
2009-04-17 22:33 . 2005-07-26 04:39 60416 -c----w e:\windows\System32\dllcache\colbact.dll
2009-04-17 22:33 . 2009-02-09 10:20 399360 -c----w e:\windows\System32\dllcache\rpcss.dll
2009-04-17 22:33 . 2009-02-06 17:14 110592 -c----w e:\windows\System32\dllcache\services.exe
2009-04-17 22:33 . 2009-02-09 10:20 473088 -c----w e:\windows\System32\dllcache\fastprox.dll
2009-04-17 22:33 . 2009-02-06 16:39 227840 -c----w e:\windows\System32\dllcache\wmiprvse.exe
2009-04-17 22:33 . 2009-02-09 10:20 453120 -c----w e:\windows\System32\dllcache\wmiprvsd.dll
2009-04-17 20:09 . 2009-04-19 18:35 664 ----a-w e:\windows\System32\d3d9caps.dat
2009-04-17 18:59 . 2008-10-19 03:42 332672 ----a-w e:\windows\System32\wgatray.exe.bak
2009-04-17 16:37 . 2008-09-12 17:12 69168 ----a-w e:\windows\System32\drivers\sbapifs.sys
2009-04-17 16:37 . 2008-09-12 17:12 13360 ----a-w e:\windows\System32\drivers\sbaphd.sys
2009-04-17 16:27 . 2008-10-09 16:21 202928 ----a-w e:\windows\System32\drivers\sbtis.sys
2009-04-17 13:25 . 2009-04-17 13:25 2376 ----a-w e:\windows\System32\wbem\AutoRecover\8C784BF2D9447FCE6331B3EF7B067AC8.mof
2009-04-17 04:56 . 2009-04-17 04:56 15323 ----a-w e:\windows\System32\4878spzr9e2455.ocx
2009-04-17 04:56 . 2009-04-17 04:56 10293 ----a-w e:\windows\System32\5b6bs9ywzre5649.bin
2009-04-17 04:56 . 2009-04-17 04:56 7654 ----a-w e:\windows\System32\948105zrm2e.ocx
2009-04-17 04:56 . 2009-04-17 04:56 6032 ----a-w e:\windows\System32\z5eth5ef9199.ocx
2009-04-17 04:56 . 2009-04-17 04:56 7133 ----a-w e:\windows\System32\13059troj5z9.bin
2009-04-17 04:56 . 2009-04-17 04:56 6695 ----a-w e:\windows\System32\1fzead5ware9997.cpl
2009-04-17 04:56 . 2009-04-17 04:56 5112 ----a-w e:\windows\System32\z578s9ea51669.exe
2009-04-17 04:56 . 2009-04-17 04:56 15415 ----a-w e:\windows\System32\199059pambot59z.bin
2009-04-17 04:56 . 2009-04-17 04:56 18236 ----a-w e:\windows\System32\5f29threa5293z29.exe
2009-04-17 04:56 . 2009-04-17 04:56 17745 ----a-w e:\windows\System32\7e0z5hief9810.exe
2009-04-17 04:56 . 2009-04-17 04:56 17468 ----a-w e:\windows\System32\94bfthreat3025z5.cpl
2009-04-17 04:56 . 2009-04-17 04:56 11548 ----a-w e:\windows\System32\1591worz991.cpl
2009-04-17 04:56 . 2009-04-17 04:56 11066 ----a-w e:\windows\System32\32ef9hreat9185z.exe
2009-04-17 04:56 . 2009-04-17 04:56 18013 ----a-w e:\windows\System32\4235hackz95l1da.exe
2009-04-17 04:56 . 2009-04-17 04:56 4328 ----a-w e:\windows\System32\13890hack5ozl419.ocx
2009-04-17 04:56 . 2009-04-17 04:56 10077 ----a-w e:\windows\System32\5564troz9c9.bin
2009-04-17 04:56 . 2009-04-17 04:56 5486 ----a-w e:\windows\System32\11866not-a5virzs6379.exe
2009-04-17 04:56 . 2009-04-17 04:56 10426 ----a-w e:\windows\System32\3518viz1946.bin
2009-04-17 04:56 . 2009-04-17 04:56 12948 ----a-w e:\windows\System32\7e5fthzea97355.exe
2009-04-17 04:56 . 2009-04-17 04:56 12572 ----a-w e:\windows\System32\1z134worm5d9.ocx
2009-04-17 04:56 . 2009-04-17 04:56 9471 ----a-w e:\windows\System32\5dcfvz92704.cpl
2009-04-17 04:56 . 2009-04-17 04:56 18366 ----a-w e:\windows\System32\6415down5oaderz9.bin
2009-04-17 04:56 . 2009-04-17 04:56 9560 ----a-w e:\windows\System32\1z129ackd5or1450.dll
2009-04-17 04:56 . 2009-04-17 04:56 13226 ----a-w e:\windows\System32\5bb9zhreat91265.exe
2009-04-17 04:56 . 2009-04-17 04:56 12190 ----a-w e:\windows\System32\75z8sparse5759.ocx
2009-04-17 04:56 . 2009-04-17 04:56 12083 ----a-w e:\windows\System32\4837thz5at30499.ocx
2009-04-17 04:56 . 2009-04-17 04:56 5786 ----a-w e:\windows\System32\6339v59us6z9.bin
2009-04-17 04:56 . 2009-04-17 04:56 17455 ----a-w e:\windows\System32\20695tr5j4a9z.bin
2009-04-17 04:56 . 2009-04-17 04:56 12360 ----a-w e:\windows\System32\2b0b5ddwaze22329.cpl
2009-04-17 04:56 . 2009-04-17 04:56 4110 ----a-w e:\windows\System32\389zspywa5e898.exe
2009-04-17 04:56 . 2009-04-17 04:56 5069 ----a-w e:\windows\System32\5c9aadd5are1z99.bin
2009-04-17 04:56 . 2009-04-17 04:56 13008 ----a-w e:\windows\System32\5z19thief2291.exe
2009-04-17 04:56 . 2009-04-17 04:56 4239 ----a-w e:\windows\System32\966z9y258.bin
2009-04-17 04:56 . 2009-04-17 04:56 15222 ----a-w e:\windows\System32\7949ha5ktoolzb2.bin
2009-04-17 04:56 . 2009-04-17 04:56 11992 ----a-w e:\windows\System32\5cafaddware169z.cpl
2009-04-17 04:56 . 2009-04-17 04:56 11325 ----a-w e:\windows\System32\944495zyfd.ocx
2009-04-17 04:56 . 2009-04-17 04:56 16790 ----a-w e:\windows\System32\z49c5ir3269.cpl
2009-04-17 04:56 . 2009-04-17 04:56 15847 ----a-w e:\windows\System32\6dz4add9are85.cpl
2009-04-17 04:56 . 2009-04-17 04:56 2674 ----a-w e:\windows\System32\zb0daddw5r91674.exe
2009-04-17 04:56 . 2009-04-17 04:56 13943 ----a-w e:\windows\System32\34915ackdoor3z71.bin
2009-04-17 04:56 . 2009-04-17 04:56 6762 ----a-w e:\windows\System32\56d5back9oor306z.bin
2009-04-17 04:56 . 2009-04-17 04:56 9915 ----a-w e:\windows\System32\24668ha9zto5l87.dll
2009-04-17 04:56 . 2009-04-17 04:56 11615 ----a-w e:\windows\System32\2916spamzo5949.dll
2009-04-17 04:56 . 2009-04-17 04:56 5922 ----a-w e:\windows\System32\15459szam95t329.bin
2009-04-17 04:56 . 2009-04-17 04:56 10955 ----a-w e:\windows\System32\92bdaddwzre20365.exe
2009-04-17 04:56 . 2009-04-17 04:56 3796 ----a-w e:\windows\System32\17768n59-a-zirus3a5.cpl
2009-04-17 04:56 . 2009-04-17 04:56 3235 ----a-w e:\windows\System32\435ctzi9f1322.bin
2009-04-17 04:56 . 2009-04-17 04:56 7693 ----a-w e:\windows\System32\6170hacktoo957z.cpl
2009-04-17 04:56 . 2009-04-17 04:56 17171 ----a-w e:\windows\System32\9a2dthiefz485.bin
2009-04-17 04:56 . 2009-04-17 04:56 13408 ----a-w e:\windows\System32\19924zpy945.bin
2009-04-17 04:56 . 2009-04-17 04:56 5113 ----a-w e:\windows\System32\92e8spywarz1545.bin
2009-04-17 04:56 . 2009-04-17 04:56 10332 ----a-w e:\windows\System32\66a1downloa9zr1456.dll
2009-04-17 04:56 . 2009-04-17 04:56 6813 ----a-w e:\windows\System32\8591trojzbc.bin
2009-04-17 04:56 . 2009-04-17 04:56 8574 ----a-w e:\windows\System32\21z93wor5107.cpl
2009-04-17 04:56 . 2009-04-17 04:56 9907 ----a-w e:\windows\System32\e32b9c5door1z56.bin
2009-04-17 04:56 . 2009-04-17 04:56 12622 ----a-w e:\windows\System32\z56f59r3228.bin
2009-04-17 04:56 . 2009-04-17 04:56 13230 ----a-w e:\windows\System32\1590spyware275z.ocx
2009-04-17 04:56 . 2009-04-17 04:56 4125 ----a-w e:\windows\System32\1735zn9t-5-virus22c.cpl
2009-04-17 04:56 . 2009-04-17 04:56 3292 ----a-w e:\windows\System32\17365hzcktool239.bin
2009-04-17 04:56 . 2009-04-17 04:56 2586 ----a-w e:\windows\System32\29596hackt5oz4cc.ocx
2009-04-17 04:56 . 2009-04-17 04:56 12564 ----a-w e:\windows\System32\5494szambot959.bin
2009-04-17 04:56 . 2009-04-17 04:56 10809 ----a-w e:\windows\System32\61f1threaz24599.exe
2009-04-17 04:56 . 2009-04-17 04:56 12713 ----a-w e:\windows\System32\75bzspa9se1650.cpl
2009-04-17 04:56 . 2009-04-17 04:56 4547 ----a-w e:\windows\System32\77285ir9s396z.ocx
2009-04-14 00:47 . 2007-08-27 23:08 58 ----a-w e:\windows\System32\msadio.dll
2009-04-12 03:32 . 2005-05-26 21:43 7479 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\d3dx9_26_x86.CAT
2009-04-12 03:32 . 2005-05-26 21:34 2297552 ----a-w e:\windows\System32\d3dx9_26.dll
2009-04-04 05:27 . 2009-04-04 05:27 388 --sha-w e:\windows\System32\Microsoft\Protect\S-1-5-18\User\479f1cd8-9d62-4cea-a530-8533bd058805
2009-04-03 12:18 . 2009-03-09 11:19 148888 ----a-w e:\windows\System32\javaws.exe
2009-04-03 12:18 . 2009-03-09 11:19 144792 ----a-w e:\windows\System32\java.exe
2009-04-03 12:18 . 2009-03-09 11:19 144792 ----a-w e:\windows\System32\javaw.exe
2009-04-03 12:17 . 2009-04-03 12:18 3345 ----a-w e:\windows\System32\jupdate-1.6.0_13-b03.log
2009-03-25 06:12 . 2009-01-27 15:19 7919 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem11.CAT
2009-03-25 06:12 . 2008-04-17 18:12 107368 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspi.dll
2009-03-25 06:12 . 2009-01-15 18:19 23848 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspiWDM.sys
2009-03-25 06:12 . 2009-01-15 17:24 2763 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\GEARAspiWDM.inf
2009-03-25 06:12 . 2009-01-27 15:19 7919 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\GEARAspiWDMx86.cat
2009-03-25 06:08 . 2009-03-06 05:59 11393 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT
2009-03-25 06:08 . 2009-03-06 05:59 36864 -c--a-w e:\windows\System32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
2009-03-25 06:08 . 2009-03-06 05:59 1900544 -c--a-w e:\windows\System32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
2009-03-25 06:08 . 2009-03-06 05:59 1900544 ----a-w e:\windows\System32\usbaaplrc.dll
2009-03-25 06:08 . 2009-03-06 05:59 11393 -c--a-w e:\windows\System32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\USBAAPL.CAT


Report •

#22
April 19, 2009 at 15:58:25
2009-03-25 06:08 . 2009-03-06 05:59 3467 -c--a-w e:\windows\System32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.inf
2009-03-14 13:58 . 2009-04-17 14:00 90979 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
2009-03-14 13:58 . 2009-04-17 14:00 124 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
2009-03-14 13:58 . 2009-03-14 13:58 898 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
2009-03-14 13:58 . 2009-03-14 13:58 94 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
2009-03-14 13:58 . 2009-03-14 13:58 569 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217
2009-03-14 13:58 . 2009-03-14 13:58 142 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217
2009-03-11 05:54 . 2008-12-05 12:36 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB960225.cat
2009-03-11 05:54 . 2009-02-09 15:10 10511 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB958690.cat
2009-03-10 00:32 . 2009-03-09 08:53 73728 ----a-w e:\windows\System32\javacpl.cpl
2009-03-10 00:32 . 2009-03-09 11:19 410984 ----a-w e:\windows\System32\deploytk.dll
2009-03-07 13:52 . 2009-03-07 13:52 18012 ----a-w e:\windows\System32\10509hrzat58941.ocx
2009-03-06 08:58 . 2009-03-06 08:58 7026 ----a-w e:\windows\System32\5955hack9ool7za.cpl
2009-03-05 10:19 . 2009-03-05 10:19 3968 ----a-w e:\windows\System32\10z05hacktool19a.cpl
2009-03-02 22:05 . 2001-08-17 20:48 12160 -c--a-w e:\windows\System32\dllcache\mouhid.sys
2009-03-02 22:05 . 2001-08-17 20:48 12160 ----a-w e:\windows\System32\drivers\mouhid.sys
2009-03-02 22:05 . 2007-09-14 03:41 14744 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]005\DriverFiles\WmVirHid.sys
2009-03-02 22:05 . 2007-09-20 07:00 16156 --s-a-w e:\windows\System32\ReinstallBackups\[u]0[/u]005\DriverFiles\WmVirHid.cat
2009-03-02 22:05 . 2007-09-14 03:29 1654 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]005\DriverFiles\WMVirHid.inf
2009-03-02 22:05 . 2009-03-02 22:04 6538 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]005\DriverFiles\WMVirHid.PNF
2009-03-02 22:05 . 2009-01-03 18:12 100124 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]004\DriverFiles\input.PNF
2009-03-02 22:05 . 2004-08-04 05:08 53142 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]004\DriverFiles\input.inf
2009-03-02 22:05 . 2004-08-04 07:56 20992 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\hid.dll
2009-03-02 22:05 . 2002-08-29 12:00 9600 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\hidusb.sys
2009-03-02 22:05 . 2004-08-04 06:08 36224 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\hidclass.sys
2009-03-02 22:05 . 2004-08-04 06:08 24960 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]003\DriverFiles\i386\hidparse.sys
2009-03-02 22:05 . 2009-01-03 18:12 100124 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]003\DriverFiles\input.PNF
2009-03-02 22:05 . 2004-08-04 05:08 53142 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]003\DriverFiles\input.inf
2009-03-02 22:04 . 2007-09-20 07:00 16577 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem24.CAT
2009-03-02 22:04 . 2007-09-20 07:00 16156 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem23.CAT
2009-03-02 22:04 . 2007-09-20 07:00 17004 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem22.CAT
2009-02-24 20:16 . 2009-02-10 20:48 10566 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB967715.cat
2009-02-15 17:55 . 2009-02-15 17:55 15767 ----a-w e:\windows\System32\5995zorm129.ocx
2009-02-11 11:45 . 2009-01-15 19:26 8208 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB960715.cat
2009-02-11 11:45 . 2009-01-20 12:31 29984 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB961260-IE7.cat
2009-02-07 03:06 . 2009-02-13 16:44 100 ---h--w e:\windows\System32\superpad5.lnf
2009-02-05 02:18 . 2009-02-05 02:18 16914 ----a-w e:\windows\System32\wbem\AutoRecover\E17CD736F9D43E8766C8821602CF36D7.mof
2009-02-04 16:15 . 2009-02-04 16:15 6178 ----a-w e:\windows\System32\9z878worm5c0.ocx
2009-02-03 20:08 . 2009-02-03 20:08 55808 -c----w e:\windows\System32\dllcache\secur32.dll
2009-02-03 02:15 . 2009-02-03 02:15 240544 ----a-w e:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
2009-02-03 02:15 . 2009-02-03 02:15 3771296 ----a-w e:\windows\System32\Macromed\Flash\NPSWF32.dll
2009-02-03 02:01 . 2009-02-03 02:01 856 ----a-w e:\windows\System32\Macromed\Flash\flashplayer.xpt
2009-02-02 21:59 . 2009-02-02 21:59 17014 ----a-w e:\windows\System32\12558spa9bzt1f5.ocx
2009-02-01 13:30 . 2009-02-01 13:30 9731 ----a-w e:\windows\System32\391zadd9are1858.cpl
2009-01-31 03:43 . 2001-08-18 05:36 5632 ----a-w e:\windows\System32\ptpusb.dll
2009-01-31 03:43 . 2004-08-04 07:56 159232 ----a-w e:\windows\System32\ptpusd.dll
2009-01-26 19:37 . 2009-01-26 19:37 16063 ----a-w e:\windows\System32\9994hackzo5968e.cpl
2009-01-26 00:38 . 2009-01-26 00:38 151552 ----a-w e:\windows\System32\nvRegDev.dll
2009-01-24 13:57 . 2006-10-04 14:29 11671 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925720.cat
2009-01-23 02:26 . 2006-10-21 04:33 7214 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\PresentationFontCache.cat
2009-01-23 02:24 . 2009-01-23 02:24 163792 ----a-w e:\windows\System32\wbem\AutoRecover\F1E24C6A3AAE7D2ECA1808FAC23C779A.mof
2009-01-23 02:23 . 2006-10-15 00:13 34304 ----a-w e:\windows\System32\spool\prtprocs\x64\filterpipelineprintproc.dll
2009-01-23 02:23 . 2006-10-14 23:43 27648 ----a-w e:\windows\System32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-01-23 02:23 . 2006-10-15 00:12 737792 ----a-w e:\windows\System32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
2009-01-23 02:23 . 2006-10-15 03:09 2946304 ----a-w e:\windows\System32\spool\XPSEP\amd64\amd64\xpssvcs.dll
2009-01-23 02:23 . 2006-10-14 23:43 751104 ----a-w e:\windows\System32\spool\XPSEP\i386\i386\mxdwdrv.dll
2009-01-23 02:23 . 2006-10-15 03:22 1698048 ----a-w e:\windows\System32\spool\XPSEP\i386\i386\xpssvcs.dll
2009-01-23 02:23 . 2006-10-15 08:21 4416 ----a-w e:\windows\System32\spool\XPSEP\i386\msxpsdrv.cat
2009-01-23 02:23 . 2006-08-31 08:01 2204 ----a-w e:\windows\System32\spool\XPSEP\i386\msxpsdrv.inf
2009-01-23 02:23 . 2006-04-21 21:38 73 ----a-w e:\windows\System32\spool\XPSEP\i386\msxpsinc.gpd
2009-01-23 02:23 . 2006-04-21 21:38 72 ----a-w e:\windows\System32\spool\XPSEP\i386\msxpsinc.ppd
2009-01-23 02:23 . 2006-10-14 23:43 751104 ----a-w e:\windows\System32\spool\XPSEP\i386\mxdwdrv.dll
2009-01-23 02:23 . 2006-10-15 03:22 1698048 ----a-w e:\windows\System32\spool\XPSEP\i386\xpssvcs.dll
2009-01-23 02:23 . 2006-10-15 08:39 4416 ----a-w e:\windows\System32\spool\XPSEP\amd64\msxpsdrv.cat
2009-01-23 02:23 . 2006-08-31 08:01 2204 ----a-w e:\windows\System32\spool\XPSEP\amd64\msxpsdrv.inf
2009-01-23 02:23 . 2006-04-21 21:38 73 ----a-w e:\windows\System32\spool\XPSEP\amd64\msxpsinc.gpd
2009-01-23 02:23 . 2006-04-21 21:38 72 ----a-w e:\windows\System32\spool\XPSEP\amd64\msxpsinc.ppd
2009-01-23 02:23 . 2006-10-15 00:12 737792 ----a-w e:\windows\System32\spool\XPSEP\amd64\mxdwdrv.dll
2009-01-23 02:23 . 2006-10-15 03:09 2946304 ----a-w e:\windows\System32\spool\XPSEP\amd64\xpssvcs.dll
2009-01-23 02:23 . 2006-10-15 08:21 4416 ----a-w e:\windows\System32\spool\XPSEP\msxpsdrv.cat
2009-01-23 02:23 . 2006-08-31 08:01 2204 ----a-w e:\windows\System32\spool\XPSEP\msxpsdrv.inf
2009-01-23 02:23 . 2006-04-21 21:38 73 ----a-w e:\windows\System32\spool\XPSEP\msxpsinc.gpd
2009-01-23 02:23 . 2006-04-21 21:38 72 ----a-w e:\windows\System32\spool\XPSEP\msxpsinc.ppd
2009-01-23 02:23 . 2009-01-23 02:23 58096 ----a-w e:\windows\System32\spool\drivers\w32x86\3\mxdwdui.BUD
2009-01-23 02:23 . 2006-10-15 08:22 7426 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\XpsEPSC.cat
2009-01-23 02:23 . 2006-06-29 20:07 14048 ------w e:\windows\System32\spmsg2.dll
2009-01-23 02:23 . 2006-10-24 19:37 9601 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIC.cat
2009-01-23 02:21 . 2009-01-23 02:21 29388 ----a-w e:\windows\System32\wbem\AutoRecover\D8768577C12BA0E1AC6E3025460EB02E.mof
2009-01-21 09:08 . 2009-01-21 09:08 9465 ----a-w e:\windows\System32\2bafbackzoor25695.ocx
2009-01-21 04:16 . 2009-01-21 04:16 231 ----a-w e:\windows\System32\3dsmax.ini
2009-01-21 04:16 . 2009-01-21 04:16 43 ----a-w e:\windows\System32\InstallSettings.ini
2009-01-21 04:14 . 2007-05-16 23:45 443752 ----a-w e:\windows\System32\d3dx10_34.dll
2009-01-21 04:14 . 2007-05-16 23:45 1124720 ----a-w e:\windows\System32\D3DCompiler_34.dll
2009-01-21 04:14 . 2006-09-28 23:19 7927 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\d3dx9_31_x86.CAT
2009-01-21 04:14 . 2006-09-28 23:05 2414360 ----a-w e:\windows\System32\d3dx9_31.dll
2009-01-21 04:11 . 2009-01-23 02:21 107496 ----a-w e:\windows\System32\wbem\AutoRecover\355D8EA45E8A60773E8BE5DAB07F479B.mof
2009-01-16 18:38 . 2009-01-16 18:38 3107 ----a-w e:\windows\System32\z1715vir9s564.cpl
2009-01-16 17:51 . 2004-08-04 05:58 15104 -c--a-w e:\windows\System32\dllcache\usbscan.sys
2009-01-16 17:51 . 2004-08-04 05:58 15104 ----a-w e:\windows\System32\drivers\usbscan.sys
2009-01-16 17:50 . 2004-06-22 15:04 51026 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem21.CAT
2009-01-16 17:50 . 2004-06-22 15:04 52349 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT
2009-01-16 17:50 . 2004-06-22 15:04 51467 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.CAT
2009-01-16 17:50 . 2004-06-22 15:04 51467 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem18.CAT
2009-01-16 17:50 . 2004-06-22 15:04 52349 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.CAT
2009-01-16 17:50 . 2004-06-22 15:04 51467 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem16.CAT
2009-01-16 17:50 . 2004-06-22 15:04 51467 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT
2009-01-16 17:50 . 2004-06-22 15:04 447400 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem14.CAT
2009-01-16 17:50 . 2004-06-22 15:04 53670 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem13.CAT
2009-01-14 11:43 . 2008-12-11 17:01 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB958687.cat
2009-01-14 11:42 . 2008-06-21 10:36 18785 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951748.cat
2009-01-14 08:00 . 2009-01-14 08:00 10176 ----a-w e:\windows\System32\59526tzoj1f5.cpl
2009-01-13 07:08 . 2009-01-13 07:08 14072 ----a-w e:\windows\System32\z24aaddware2495.cpl
2009-01-12 21:23 . 2009-01-12 21:23 8656 ----a-w e:\windows\System32\13992zack9o5l7cf.bin
2009-01-12 04:41 . 2007-04-09 11:23 28552 ----a-w e:\windows\System32\spool\prtprocs\w32x86\mdippr.dll
2009-01-12 04:41 . 2007-04-09 11:23 28040 ----a-w e:\windows\System32\mdimon.dll
2009-01-12 04:41 . 2007-04-09 11:23 46472 ----a-w e:\windows\System32\spool\drivers\w32x86\3\mdiui.dll
2009-01-12 04:41 . 2007-04-09 11:23 46472 ----a-w e:\windows\System32\spool\drivers\w32x86\mdiui.dll
2009-01-12 04:41 . 2007-04-09 11:24 758664 ----a-w e:\windows\System32\spool\drivers\w32x86\3\mdigraph.dll
2009-01-12 04:41 . 2007-04-09 11:24 758664 ----a-w e:\windows\System32\spool\drivers\w32x86\mdigraph.dll
2009-01-12 04:41 . 2009-01-12 04:41 149432 ----a-w e:\windows\System32\wbem\AutoRecover\F531C3FC725085EED51CBAACFABA7D0B.mof
2009-01-12 03:55 . 2009-01-12 03:55 48456 ----a-w e:\windows\System32\UninstallElectricSheep.exe
2009-01-10 21:04 . 2009-01-10 21:04 29480 ----a-w e:\windows\System32\msxml3a.dll
2009-01-10 08:16 . 2009-01-10 08:16 18310 ----a-w e:\windows\System32\72f1s95zse1732.bin
2009-01-08 04:02 . 2009-01-08 04:02 34308 ----a-w e:\windows\System32\BASSMOD.dll
2009-01-08 03:44 . 2007-02-20 04:09 654140 ----a-w e:\windows\System32\spool\drivers\color\WebCoatedFOGRA28.icc
2009-01-08 03:44 . 2007-02-20 04:09 560 ----a-w e:\windows\System32\spool\drivers\color\WideGamutRGB.icc
2009-01-08 03:44 . 2007-02-20 04:09 557168 ----a-w e:\windows\System32\spool\drivers\color\USSheetfedCoated.icc
2009-01-08 03:44 . 2007-02-20 04:09 557168 ----a-w e:\windows\System32\spool\drivers\color\USSheetfedUncoated.icc
2009-01-08 03:44 . 2007-02-20 04:09 557168 ----a-w e:\windows\System32\spool\drivers\color\USWebCoatedSWOP.icc
2009-01-08 03:44 . 2007-02-20 04:09 557164 ----a-w e:\windows\System32\spool\drivers\color\USWebUncoated.icc
2009-01-08 03:44 . 2007-02-20 04:09 654140 ----a-w e:\windows\System32\spool\drivers\color\UncoatedFOGRA29.icc
2009-01-08 03:44 . 2007-02-20 04:09 552 ----a-w e:\windows\System32\spool\drivers\color\SMPTE-C.icc
2009-01-08 03:44 . 2007-02-20 04:09 557168 ----a-w e:\windows\System32\spool\drivers\color\JapanColor2001Uncoated.icc
2009-01-08 03:44 . 2007-02-20 04:09 557172 ----a-w e:\windows\System32\spool\drivers\color\JapanColor2002Newspaper.icc
2009-01-08 03:44 . 2007-02-20 04:09 557164 ----a-w e:\windows\System32\spool\drivers\color\JapanWebCoated.icc
2009-01-08 03:44 . 2007-02-20 04:09 556 ----a-w e:\windows\System32\spool\drivers\color\NTSC1953.icc
2009-01-08 03:44 . 2007-02-20 04:09 552 ----a-w e:\windows\System32\spool\drivers\color\PAL_SECAM.icc
2009-01-08 03:44 . 2007-02-20 04:09 560 ----a-w e:\windows\System32\spool\drivers\color\ColorMatchRGB.icc
2009-01-08 03:44 . 2007-02-20 04:09 557164 ----a-w e:\windows\System32\spool\drivers\color\EuroscaleCoated.icc
2009-01-08 03:44 . 2007-02-20 04:09 557164 ----a-w e:\windows\System32\spool\drivers\color\EuroscaleUncoated.icc
2009-01-08 03:44 . 2007-02-20 04:09 557168 ----a-w e:\windows\System32\spool\drivers\color\JapanColor2001Coated.icc
2009-01-08 03:44 . 2007-02-20 04:09 560 ----a-w e:\windows\System32\spool\drivers\color\AdobeRGB1998.icc
2009-01-08 03:44 . 2007-02-20 04:09 552 ----a-w e:\windows\System32\spool\drivers\color\AppleRGB.icc
2009-01-08 03:44 . 2007-02-20 04:09 552 ----a-w e:\windows\System32\spool\drivers\color\CIERGB.icc
2009-01-08 03:44 . 2007-02-20 04:09 557120 ----a-w e:\windows\System32\spool\drivers\color\CoatedFOGRA27.icc
2009-01-08 03:44 . 2007-02-20 04:31 722576 ----a-w e:\windows\System32\spool\drivers\color\Photoshop5DefaultCMYK.icc
2009-01-08 03:44 . 2007-02-20 04:31 940 ----a-w e:\windows\System32\spool\drivers\color\ProPhoto.icm
2009-01-08 03:44 . 2007-02-20 04:31 722600 ----a-w e:\windows\System32\spool\drivers\color\Photoshop4DefaultCMYK.icc
2009-01-07 10:36 . 2009-01-07 10:36 2991 ----a-w e:\windows\System32\50356hacktozl9b6.cpl
2009-01-07 05:16 . 2008-04-24 15:25 11168 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.CAT
2009-01-07 05:16 . 2009-01-15 18:19 23848 ----a-w e:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-07 05:16 . 2008-04-17 20:12 107368 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
2009-01-07 05:16 . 2008-04-17 20:12 15464 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
2009-01-07 05:16 . 2008-04-24 15:25 11168 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\GEARAspiWDMx86.cat
2009-01-07 05:16 . 2008-04-17 18:12 107368 ----a-w e:\windows\System32\GEARAspi.dll
2009-01-07 05:16 . 2008-04-17 20:12 2761 -c--a-w e:\windows\System32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\GEARAspiWDM.inf
2009-01-07 05:14 . 2009-03-06 05:59 36864 ----a-w e:\windows\System32\drivers\usbaapl.sys
2009-01-07 05:14 . 2009-01-07 05:14 649 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\570FB14ABC805C46708F32F92F10C3B4
2009-01-07 05:14 . 2009-01-07 05:14 174 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\570FB14ABC805C46708F32F92F10C3B4
2009-01-05 22:18 . 2009-01-05 22:18 57344 ----a-w e:\windows\System32\QuickTime.qts
2009-01-05 22:18 . 2009-01-05 22:18 90112 ----a-w e:\windows\System32\QuickTimeVR.qtx
2009-01-05 11:53 . 2008-12-13 07:21 8914 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB960714-IE7.cat
2009-01-05 11:53 . 2008-06-02 11:33 11145 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB938127-v2-IE7.cat
2009-01-05 11:53 . 2007-10-28 00:16 12090 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB941569.cat
2009-01-05 11:52 . 2007-02-13 21:44 11494 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat
2009-01-05 11:52 . 2007-07-12 23:44 11284 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB938127-IE7.cat
2009-01-05 11:52 . 2007-05-01 09:27 10335 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB936782.cat
2009-01-05 04:28 . 2005-01-28 20:44 7328 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMSET10.CAT
2009-01-05 04:28 . 2005-01-28 20:44 7626 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPSTUB10.CAT
2009-01-05 04:28 . 2005-01-28 20:44 7626 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPCD10.CAT
2009-01-05 04:27 . 2005-01-28 20:44 14432 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMP10.CAT

Report •

#23
April 19, 2009 at 15:59:35
2009-01-05 02:22 . 2005-01-28 20:44 10598 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WPD10.CAT
2009-01-05 02:22 . 2005-01-28 20:44 9116 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMDM10.CAT
2009-01-05 02:22 . 2005-01-28 20:44 11202 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFSDK10.CAT
2009-01-05 02:22 . 2005-01-28 20:44 8520 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\codecs10.CAT
2009-01-05 02:22 . 2005-01-28 20:44 8818 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DRM10.CAT
2009-01-05 02:22 . 2005-01-28 20:44 7030 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPPRE10.CAT
2009-01-05 02:21 . 2006-03-31 19:49 7927 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\d3dx9_30_x86.CAT
2009-01-05 02:21 . 2006-03-31 19:40 2388176 ----a-w e:\windows\System32\d3dx9_30.dll
2009-01-05 02:21 . 2005-12-06 01:27 7927 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\d3dx9_28_x86.CAT
2009-01-05 02:21 . 2005-12-06 01:09 2323664 ----a-w e:\windows\System32\d3dx9_28.dll
2009-01-05 02:04 . 2008-10-16 21:06 208744 ----a-w e:\windows\System32\muweb.dll
2009-01-05 02:04 . 2008-10-16 21:06 27496 ----a-w e:\windows\System32\mucltui.dll.mui
2009-01-05 02:04 . 2008-10-16 21:06 268648 ----a-w e:\windows\System32\mucltui.dll
2009-01-05 02:04 . 2008-10-16 21:22 15278 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem9.CAT
2009-01-04 22:10 . 2004-08-04 06:01 25856 -c--a-w e:\windows\System32\dllcache\usbprint.sys
2009-01-04 22:10 . 2004-08-04 06:01 25856 ----a-w e:\windows\System32\drivers\usbprint.sys
2009-01-04 21:36 . 2007-02-20 19:50 10621 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem10.CAT
2009-01-04 21:36 . 2007-02-20 19:50 10621 -c--a-w e:\windows\System32\DRVSTORE\wlphonecv_B88DA7978559975500983DADC0107CF3AA89C14C\WLPhoneCV.cat
2009-01-04 21:36 . 2007-02-20 19:50 35940 -c--a-w e:\windows\System32\DRVSTORE\wlphonecv_B88DA7978559975500983DADC0107CF3AA89C14C\wlphonecv.inf
2009-01-04 17:06 . 2009-01-04 17:06 571 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
2009-01-04 17:06 . 2009-01-04 17:06 136 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
2009-01-04 16:53 . 2009-01-04 16:53 8 ----a-w e:\windows\System32\CatRoot\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\TimeStamp
2009-01-04 16:53 . 2007-05-16 20:49 11418 --s---w e:\windows\System32\CatRoot\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\WLSetup.cat
2009-01-04 16:53 . 2009-01-04 16:53 8 ----a-w e:\windows\System32\CatRoot2\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\TimeStamp
2009-01-04 16:53 . 2009-04-19 21:05 1056768 ----a-w e:\windows\System32\CatRoot2\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\catdb
2009-01-04 14:26 . 2009-04-13 13:02 552 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D
2009-01-04 14:26 . 2009-04-13 13:02 132 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D
2009-01-04 14:26 . 2009-03-28 21:17 552 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2009-01-04 14:26 . 2009-03-28 21:17 132 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2009-01-04 14:26 . 2009-01-04 14:26 413 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
2009-01-04 14:26 . 2009-01-04 14:26 98 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
2009-01-04 14:26 . 2009-01-04 14:26 341 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
2009-01-04 14:26 . 2009-01-04 14:26 126 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
2009-01-04 14:26 . 2009-01-04 14:26 558 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
2009-01-04 14:26 . 2009-01-04 14:26 146 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
2009-01-04 14:26 . 2007-10-25 22:30 11960 --s---w e:\windows\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\+CsYLmwKIzUvxOsaLvby0A==
2009-01-04 14:23 . 2005-05-04 21:45 29493 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893803v2_wxp.cat
2009-01-04 09:01 . 2009-01-04 09:01 18245 ----a-w e:\windows\System32\1520695yz7f.ocx
2009-01-04 04:35 . 2008-06-16 20:12 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951376-v2.cat
2009-01-04 04:35 . 2008-06-24 17:04 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB952954.cat
2009-01-04 04:35 . 2008-05-02 15:01 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB946648.cat
2009-01-04 04:35 . 2008-08-14 15:33 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB956803.cat
2009-01-04 04:35 . 2008-12-16 20:06 13925 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB952069.cat
2009-01-04 04:34 . 2008-10-16 21:28 29984 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB958215-IE7.cat
2009-01-04 04:34 . 2008-10-03 18:49 29984 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB956390-IE7.cat
2009-01-04 04:34 . 2009-02-20 18:09 459264 -c----w e:\windows\System32\dllcache\msfeeds.dll
2009-01-04 04:34 . 2009-02-20 18:09 52224 -c----w e:\windows\System32\dllcache\msfeedsbs.dll
2009-01-04 04:34 . 2009-02-20 18:09 268288 -c----w e:\windows\System32\dllcache\iertutil.dll
2009-01-04 04:34 . 2009-02-20 10:20 13824 -c----w e:\windows\System32\dllcache\ieudinit.exe
2009-01-04 04:34 . 2009-02-20 18:09 6066176 -c----w e:\windows\System32\dllcache\ieframe.dll
2009-01-04 04:34 . 2008-07-09 14:30 991232 -c----w e:\windows\System32\dllcache\ieframe.dll.mui
2009-01-04 04:34 . 2009-02-20 18:09 383488 -c----w e:\windows\System32\dllcache\ieapfltr.dll
2009-01-04 04:34 . 2008-07-09 14:25 2455488 -c----w e:\windows\System32\dllcache\ieapfltr.dat
2009-01-04 04:34 . 2009-02-20 18:09 63488 -c----w e:\windows\System32\dllcache\icardie.dll
2009-01-04 04:34 . 2009-01-04 06:01 65536 ----a-w e:\windows\System32\config\Internet.evt
2009-01-04 04:33 . 2007-08-14 01:54 44978 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat
2009-01-04 04:33 . 2006-06-29 15:11 10181 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IDNMitigationAPIs.cat
2009-01-04 04:32 . 2006-06-29 01:00 8420 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NLSDownlevelMapping.cat
2009-01-04 04:32 . 2006-07-14 15:55 10337 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB915865.cat
2009-01-04 04:32 . 2006-07-14 15:51 121856 ------w e:\windows\System32\xmllite.dll
2009-01-04 04:31 . 2008-04-14 14:34 9550 ----a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914440.cat
2009-01-04 04:31 . 2008-04-14 14:34 9550 ----a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904942.cat
2009-01-04 04:28 . 2008-10-23 19:58 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB955839.cat
2009-01-04 04:28 . 2009-01-04 04:28 211754 ----a-w e:\windows\System32\TZLog.log
2009-01-04 04:28 . 2008-10-03 15:27 8208 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB956391.cat
2009-01-04 04:27 . 2008-09-08 14:49 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB957095.cat
2009-01-04 04:27 . 2008-10-16 13:48 25324 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB958215.cat
2009-01-04 04:26 . 2009-04-06 14:57 24921544 ----a-w e:\windows\System32\MRT.exe
2009-01-04 04:26 . 2008-07-07 20:59 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950974.cat
2009-01-04 04:26 . 2008-05-07 05:38 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951698.cat
2009-01-04 04:26 . 2008-09-15 16:17 12729 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB954211.cat
2009-01-04 04:26 . 2008-08-14 15:33 17099 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB956841.cat
2009-01-04 04:26 . 2008-12-13 04:46 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB960714.cat
2009-01-04 04:26 . 2003-02-28 23:54 7315 ----a-w e:\windows\System32\javasup.vxd
2009-01-04 04:26 . 2003-03-01 01:26 139536 ----a-w e:\windows\System32\javaee.dll
2009-01-04 04:26 . 2003-02-28 23:38 113 ----a-w e:\windows\System32\zonedon.reg
2009-01-04 04:26 . 2003-02-28 23:38 113 ----a-w e:\windows\System32\zonedoff.reg
2009-01-04 04:25 . 2008-05-08 21:25 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950762.cat
2009-01-04 04:25 . 2008-10-24 15:06 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB957097.cat
2009-01-04 04:25 . 2008-05-01 15:30 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB952287.cat
2009-01-04 04:25 . 2008-04-11 19:18 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB951066.cat
2009-01-04 04:25 . 2008-04-15 18:51 12305 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB938464.cat
2009-01-04 04:25 . 2008-10-03 10:46 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB954600.cat
2009-01-04 04:25 . 2008-10-15 17:47 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB958644.cat
2009-01-04 04:25 . 2008-09-10 03:12 12431 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB955069.cat
2009-01-04 04:25 . 2008-10-23 13:26 10200 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB956802.cat
2009-01-04 04:25 . 2008-06-25 16:10 11851 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB944338-v2.cat
2009-01-04 04:10 . 2008-04-14 14:34 6259467 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sp3_uber.cat
2009-01-04 04:10 . 2008-06-13 13:10 272128 -c----w e:\windows\System32\dllcache\bthport.sys
2009-01-04 04:09 . 2008-12-11 11:57 333184 -c----w e:\windows\System32\dllcache\srv.sys
2009-01-04 04:09 . 2009-02-20 18:09 347136 -c----w e:\windows\System32\dllcache\dxtmsft.dll
2009-01-04 04:09 . 2009-02-20 18:09 214528 -c----w e:\windows\System32\dllcache\dxtrans.dll
2009-01-04 04:09 . 2007-08-14 01:54 191488 -c--a-w e:\windows\System32\dllcache\iepeers.dll
2009-01-04 04:09 . 2007-08-14 01:44 69120 -c--a-w e:\windows\System32\dllcache\iedw.exe
2009-01-04 04:09 . 2009-02-20 18:09 133120 -c----w e:\windows\System32\dllcache\extmgr.dll
2009-01-04 04:09 . 2009-02-20 18:09 477696 -c----w e:\windows\System32\dllcache\mshtmled.dll
2009-01-04 04:09 . 2007-08-14 01:39 92672 -c--a-w e:\windows\System32\dllcache\inseng.dll
2009-01-04 04:09 . 2008-10-15 14:00 351744 ------w e:\windows\System32\xpsp3res.dll
2009-01-04 04:09 . 2009-02-20 18:09 193024 -c----w e:\windows\System32\dllcache\msrating.dll
2009-01-04 04:09 . 2009-02-20 18:09 44544 -c----w e:\windows\System32\dllcache\pngfilt.dll
2009-01-04 04:09 . 2008-10-16 10:37 151040 -c----w e:\windows\System32\dllcache\cdfview.dll
2009-01-04 04:09 . 2008-10-16 10:37 474112 -c----w e:\windows\System32\dllcache\shlwapi.dll
2009-01-04 04:09 . 2008-10-16 10:37 1023488 -c----w e:\windows\System32\dllcache\browseui.dll
2009-01-04 04:09 . 2009-02-20 18:09 671232 -c----w e:\windows\System32\dllcache\mstime.dll
2009-01-04 04:09 . 2008-10-16 10:37 1054208 -c----w e:\windows\System32\dllcache\danim.dll
2009-01-04 04:09 . 2008-10-16 10:37 1494528 -c----w e:\windows\System32\dllcache\shdocvw.dll
2009-01-04 04:08 . 2009-02-09 10:19 1846272 -c----w e:\windows\System32\dllcache\win32k.sys
2009-01-04 04:08 . 2009-02-06 17:24 2180480 -c--a-w e:\windows\System32\dllcache\ntoskrnl.exe
2009-01-04 04:08 . 2009-02-06 16:49 2015744 -c----w e:\windows\System32\dllcache\ntkrpamp.exe
2009-01-04 04:08 . 2009-02-06 16:49 2057728 -c----w e:\windows\System32\dllcache\ntkrnlpa.exe
2009-01-04 04:08 . 2009-02-20 18:09 3595264 -c----w e:\windows\System32\dllcache\mshtml.dll
2009-01-04 04:07 . 2008-10-24 11:10 453632 -c----w e:\windows\System32\dllcache\mrxsmb.sys
2009-01-04 04:07 . 2008-04-11 18:50 683520 -c----w e:\windows\System32\dllcache\inetcomm.dll
2009-01-04 04:07 . 2008-09-04 16:42 1106944 -c----w e:\windows\System32\dllcache\msxml3.dll
2009-01-04 03:47 . 2008-10-23 17:22 1474 ----a-w e:\windows\System32\ind-wga.nfo
2009-01-04 03:47 . 2008-10-19 04:09 2439 ----a-w e:\windows\System32\installer.bat
2009-01-04 03:47 . 2008-10-23 17:20 119 ----a-w e:\windows\System32\file_id.diz
2009-01-04 03:06 . 2009-04-17 23:09 24 --sha-w e:\windows\System32\Microsoft\Protect\S-1-5-18\Preferred
2009-01-04 03:06 . 2009-01-04 03:06 388 --sha-w e:\windows\System32\Microsoft\Protect\S-1-5-18\[u]0[/u]1077129-e9ef-4c9d-96e9-bf2f5491bfcf
2009-01-04 03:05 . 2008-04-14 14:34 9550 ----a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB898461.cat
2009-01-04 03:05 . 2008-03-21 01:06 9452 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB892130.cat
2009-01-04 03:05 . 2005-02-25 03:35 22240 ------w e:\windows\System32\PreInstall\WinSE\wxp_x86_0409_v1\spcustom.dll.ref
2009-01-04 03:05 . 2005-02-25 03:35 14048 ------w e:\windows\System32\PreInstall\WinSE\wxp_x86_0409_v1\spmsg.dll.ref
2009-01-04 03:05 . 2005-02-25 03:35 371936 ------w e:\windows\System32\PreInstall\WinSE\wxp_x86_0409_v1\updspapi.dll.ref
2009-01-04 03:05 . 2005-02-25 03:35 22752 ------w e:\windows\System32\PreInstall\WinSE\wxp_x86_0409_v1\spupdsvc.exe.ref
2009-01-04 03:05 . 2005-02-25 03:35 209632 ------w e:\windows\System32\PreInstall\WinSE\wxp_x86_0409_v1\spuninst.exe.ref
2009-01-04 03:05 . 2005-02-25 03:35 718048 ------w e:\windows\System32\PreInstall\WinSE\wxp_x86_0409_v1\update.exe.ref
2009-01-04 03:03 . 2008-10-16 21:09 43544 ----a-w e:\windows\System32\wups2.dll
2009-01-04 03:03 . 2008-10-16 21:08 34328 ----a-w e:\windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
2009-01-04 03:03 . 2008-10-16 21:09 31768 ----a-w e:\windows\System32\wucltui.dll.mui
2009-01-04 03:03 . 2008-10-16 21:07 18456 ----a-w e:\windows\System32\wuaueng.dll.mui
2009-01-04 03:03 . 2008-10-16 21:07 23576 ----a-w e:\windows\System32\wuaucpl.cpl.mui
2009-01-04 03:03 . 2008-10-16 21:12 561688 ----a-w e:\windows\System32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll
2009-01-04 03:03 . 2008-10-16 21:07 23576 ----a-w e:\windows\System32\wuapi.dll.mui
2009-01-04 03:03 . 2008-10-16 21:24 45886 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.CAT
2009-01-04 03:03 . 2008-10-16 21:16 7828 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\1.CAT
2009-01-03 23:47 . 2009-01-03 23:47 2 ----a-w e:\windows\System32\wbem\Logs\NTEVT.log
2009-01-03 23:47 . 2009-01-03 23:47 2 ----a-w e:\windows\System32\wbem\Logs\WBEMSNMP.log
2009-01-03 23:37 . 2004-08-04 06:08 26496 -c--a-w e:\windows\System32\dllcache\usbstor.sys
2009-01-03 23:37 . 2004-08-04 06:08 26496 ----a-w e:\windows\System32\drivers\USBSTOR.SYS
2009-01-03 19:26 . 2009-01-03 19:26 7156 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT
2009-01-03 19:26 . 2009-01-03 19:26 7156 ----a-w e:\windows\System32\Setup\aladdin\aksusb.cat
2009-01-03 19:26 . 2009-01-03 19:26 3223 ----a-w e:\windows\System32\Setup\aladdin\aksusb.inf
2009-01-03 19:26 . 2009-01-03 19:26 18944 ----a-w e:\windows\System32\Setup\aladdin\aksusb.sys
2009-01-03 19:26 . 2009-01-03 19:26 383 ----a-w e:\windows\System32\haspdos.sys
2009-01-03 19:26 . 2009-01-03 19:26 6656 ----a-w e:\windows\System32\haspvdd.dll
2009-01-03 19:26 . 2009-01-03 19:26 47616 ----a-w e:\windows\System32\drivers\Haspnt.sys
2009-01-03 19:26 . 2009-01-03 16:39 2577 ----a-w e:\windows\System32\config.hsp
2009-01-03 19:25 . 2001-06-22 04:39 49664 ----a-w e:\windows\System32\SNTI386.DLL
2009-01-03 19:25 . 2001-06-22 04:39 73728 ----a-w e:\windows\System32\drivers\SENTINEL.SYS
2009-01-03 19:25 . 2001-06-22 04:39 18432 ----a-w e:\windows\System32\RNBOVDD.DLL
2009-01-03 19:25 . 2001-06-22 04:39 20032 ----a-r e:\windows\System32\drivers\SNTNLUSB.SYS
2009-01-03 19:25 . 2006-11-22 17:02 8681 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem6.CAT
2009-01-03 19:25 . 2006-11-22 17:02 9138 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.CAT
2009-01-03 19:25 . 2001-06-22 04:39 7172 ----a-r e:\windows\System32\RNBOSENT\SNTNLUSB.CAT
2009-01-03 19:25 . 2001-06-22 04:39 2051 ----a-r e:\windows\System32\RNBOSENT\SNTNLUSB.INF
2009-01-03 19:25 . 2001-06-22 04:39 20032 ----a-r e:\windows\System32\RNBOSENT\SNTNLUSB.SYS
2009-01-03 19:25 . 2001-06-22 04:39 32768 ----a-r e:\windows\System32\RNBOSENT\SETUPX86.EXE
2009-01-03 19:25 . 2001-06-22 04:39 9949 ------w e:\windows\System32\SENTINEL.HLP
2009-01-03 19:25 . 1998-07-10 11:31 7328 ----a-w e:\windows\System32\drivers\ds1410d.sys
2009-01-03 19:25 . 2006-11-22 17:01 693760 ----a-w e:\windows\System32\drivers\hardlock.sys
2009-01-03 19:25 . 2006-11-22 17:01 693760 ----a-w e:\windows\System32\Setup\aladdin\hasphl\hardlock.sys
2009-01-03 19:25 . 2006-11-22 17:01 100096 ----a-w e:\windows\System32\Setup\aladdin\hasphl\aksusb.sys
2009-01-03 19:25 . 2006-11-22 17:02 2386 ----a-w e:\windows\System32\Setup\aladdin\hasphl\aksusb.inf
2009-01-03 19:25 . 2006-11-22 17:02 8681 ----a-w e:\windows\System32\Setup\aladdin\hasphl\aksusb.cat
2009-01-03 19:25 . 2006-10-17 02:35 7168 ----a-w e:\windows\System32\Setup\aladdin\hasphl\akscoinst.dll
2009-01-03 19:25 . 2006-11-22 17:02 9138 ----a-w e:\windows\System32\Setup\aladdin\hasphl\akshasp.cat
2009-01-03 19:25 . 2006-11-22 17:02 2662 ----a-w e:\windows\System32\Setup\aladdin\hasphl\akshasp.inf
2009-01-03 19:25 . 2006-11-22 17:01 327168 ----a-w e:\windows\System32\Setup\aladdin\hasphl\akshasp.sys
2009-01-03 19:25 . 2006-10-17 02:35 104576 ----a-w e:\windows\System32\Setup\aladdin\hasphl\aksclass.sys
2009-01-03 19:21 . 2007-05-16 23:45 3497832 ----a-w e:\windows\System32\d3dx9_34.dll
2009-01-03 19:21 . 2006-12-08 19:08 7927 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\d3dx9_32_x86.CAT
2009-01-03 19:21 . 2006-11-29 20:06 3426072 ----a-w e:\windows\System32\d3dx9_32.dll
2009-01-03 19:17 . 2009-01-03 19:17 717296 ----a-w e:\windows\System32\drivers\sptd.sys
2009-01-03 18:47 . 2009-03-13 14:34 27385 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2009-01-03 18:47 . 2009-03-13 14:34 216 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2009-01-03 18:47 . 2009-04-17 18:41 18 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
2009-01-03 18:47 . 2009-04-17 18:41 216 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
2009-01-03 18:14 . 2009-04-19 18:38 200712 ----a-w e:\windows\System32\nvapps.xml
2009-01-03 18:14 . 2008-09-17 16:55 18394 ----a-w e:\windows\System32\nvdisp.nvu

Report •

#24
April 19, 2009 at 16:00:12
2009-01-03 18:14 . 2008-09-17 16:55 453152 ----a-w e:\windows\System32\nvudisp.exe
2009-01-03 18:14 . 2008-09-23 05:42 32114 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
2009-01-03 18:13 . 2008-09-17 04:27 453152 ----a-w e:\windows\System32\NVUNINST.EXE
2009-01-03 18:12 . 2009-01-03 18:12 498 ----a-w e:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
2009-01-03 18:12 . 2009-01-03 18:12 12787 ----a-w e:\windows\System32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2009-01-03 18:12 . 2009-01-03 18:12 397 ----a-w e:\windows\System32\wbem\Logs\replog.log
2009-01-03 18:12 . 2009-04-19 21:06 4 ----a-w e:\windows\System32\wbem\Repository\FS\MAPPING.VER
2009-01-03 18:12 . 2009-04-19 21:06 3580 ----a-w e:\windows\System32\wbem\Repository\FS\MAPPING1.MAP
2009-01-03 18:12 . 2009-04-19 21:02 3580 ----a-w e:\windows\System32\wbem\Repository\FS\MAPPING2.MAP
2009-01-03 18:12 . 2009-01-03 18:12 251 ----a-w e:\windows\System32\spupdwxp.log
2009-01-03 18:00 . 2009-02-26 23:02 558 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
2009-01-03 18:00 . 2009-02-26 23:02 144 --s-a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
2009-01-03 17:59 . 2004-07-17 18:43 1229 ------w e:\windows\System32\wbem\wscenter.mof
2009-01-03 17:59 . 2004-08-04 07:56 59392 ------w e:\windows\System32\logman.exe
2009-01-03 17:59 . 2004-08-04 05:03 5579 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\actsetup\activ.htm
2009-01-03 17:59 . 2004-08-04 05:03 8306 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\actsetup\activsvc.htm
2009-01-03 17:59 . 2004-08-04 07:56 9216 ------w e:\windows\System32\proxycfg.exe
2009-01-03 17:59 . 2004-08-04 05:03 4171 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\actsetup\actlan.htm
2009-01-03 17:59 . 2004-08-04 05:03 18740 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\actsetup\adeskerr.htm
2009-01-03 17:59 . 2004-08-04 05:03 89828 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\actshell.htm
2009-01-03 17:59 . 2004-08-04 05:03 267850 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\agtscrpt.js
2009-01-03 17:59 . 2004-08-04 05:03 42593 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\dtsgnup.htm
2009-01-03 17:59 . 2004-08-04 05:03 19191 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\error.js
2009-01-03 17:59 . 2004-08-04 05:03 17175 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\icsmgr.js
2009-01-03 17:59 . 2004-07-17 18:44 339 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\migip.dun
2009-01-03 17:59 . 2004-08-04 05:03 23735 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\migrate.js
2009-01-03 17:59 . 2004-07-17 18:44 7160 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\migrate.obe
2009-01-03 17:59 . 2004-07-17 18:44 269 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\msobe.isp
2009-01-03 17:59 . 2004-08-04 05:03 173413 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\msobshel.htm
2009-01-03 17:59 . 2004-07-17 18:44 403 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\obeip.dun
2009-01-03 17:59 . 2004-08-04 05:03 9607 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\oobeutil.js
2009-01-03 17:59 . 2004-07-18 05:54 23779 ----a-w e:\windows\System32\oobe\mui\[u]0[/u]41e\phone.inf
2009-01-03 17:59 . 2004-07-17 18:44 7160 ------w e:\windows\System32\oobe\mui\[u]0[/u]41e\phone.obe
2009-01-03 17:59 . 2004-08-04 07:56 405504 ------w e:\windows\System32\mui\[u]0[/u]41b\xpob2res.dll
2009-01-03 17:59 . 2004-08-04 07:56 193024 ------w e:\windows\System32\mui\[u]0[/u]41b\xpsp1res.dll
2009-01-03 17:59 . 2004-08-04 07:56 757248 ------w e:\windows\System32\mui\[u]0[/u]41b\xpsp2res.dll
2009-01-03 17:59 . 2004-08-04 07:56 408576 ------w e:\windows\System32\mui\[u]0[/u]424\xpob2res.dll
2009-01-03 17:59 . 2004-08-04 07:56 192512 ------w e:\windows\System32\mui\[u]0[/u]424\xpsp1res.dll
2009-01-03 17:59 . 2004-08-04 07:56 732160 ------w e:\windows\System32\mui\[u]0[/u]424\xpsp2res.dll
2009-01-03 17:59 . 2004-08-04 07:56 22016 ----a-w e:\windows\System32\Setup\startoc.dll
2009-01-03 17:59 . 2004-08-04 07:56 187392 ------w e:\windows\System32\mui\[u]0[/u]41e\xpsp1res.dll
2009-01-03 17:59 . 2004-08-04 07:56 2897920 ------w e:\windows\System32\mui\[u]0[/u]41e\xpsp2res.dll
2009-01-03 17:59 . 2004-08-04 07:56 4255 -c--a-w e:\windows\System32\dllcache\adv01nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3967 -c--a-w e:\windows\System32\dllcache\adv02nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3615 -c--a-w e:\windows\System32\dllcache\adv05nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 4255 ------w e:\windows\System32\drivers\adv01nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3967 ------w e:\windows\System32\drivers\adv02nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3615 ------w e:\windows\System32\drivers\adv05nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3647 -c--a-w e:\windows\System32\dllcache\adv07nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3135 -c--a-w e:\windows\System32\dllcache\adv08nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3711 -c--a-w e:\windows\System32\dllcache\adv09nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3647 ------w e:\windows\System32\drivers\adv07nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3135 ------w e:\windows\System32\drivers\adv08nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3711 ------w e:\windows\System32\drivers\adv09nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 3775 -c--a-w e:\windows\System32\dllcache\adv11nt5.dll
2009-01-03 17:59 . 2004-08-04 06:07 42368 -c--a-w e:\windows\System32\dllcache\agp440.sys
2009-01-03 17:59 . 2004-08-04 07:56 3775 ------w e:\windows\System32\drivers\adv11nt5.dll
2009-01-03 17:59 . 2004-08-04 06:07 42368 ------w e:\windows\System32\drivers\agp440.sys
2009-01-03 17:59 . 2004-08-04 06:07 44928 -c--a-w e:\windows\System32\dllcache\agpcpq.sys
2009-01-03 17:59 . 2004-08-04 06:07 44928 ------w e:\windows\System32\drivers\agpcpq.sys
2009-01-03 17:59 . 2004-08-04 06:07 42752 ------w e:\windows\System32\drivers\alim1541.sys
2009-01-03 17:59 . 2004-08-04 06:07 43008 ------w e:\windows\System32\drivers\amdagp.sys
2009-01-03 17:59 . 2004-08-04 05:29 56623 ------w e:\windows\System32\drivers\ati1btxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 11615 ------w e:\windows\System32\drivers\ati1mdxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 12047 ------w e:\windows\System32\drivers\ati1pdxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 30671 ------w e:\windows\System32\drivers\ati1raxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 63663 ------w e:\windows\System32\drivers\ati1rvxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 26367 ------w e:\windows\System32\drivers\ati1snxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 21343 ------w e:\windows\System32\drivers\ati1ttxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 36463 ------w e:\windows\System32\drivers\ati1tuxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 29455 ------w e:\windows\System32\drivers\ati1xbxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 34735 ------w e:\windows\System32\drivers\ati1xsxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 327040 ------w e:\windows\System32\drivers\ati2mtaa.sys
2009-01-03 17:59 . 2004-08-04 05:29 701440 ------w e:\windows\System32\drivers\ati2mtag.sys
2009-01-03 17:59 . 2004-08-04 05:29 57856 ------w e:\windows\System32\drivers\atinbtxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 13824 ------w e:\windows\System32\drivers\atinmdxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 14336 ------w e:\windows\System32\drivers\atinpdxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 52224 ------w e:\windows\System32\drivers\atinraxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 104960 ------w e:\windows\System32\drivers\atinrvxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 28672 ------w e:\windows\System32\drivers\atinsnxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 13824 ------w e:\windows\System32\drivers\atinttxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 73216 ------w e:\windows\System32\drivers\atintuxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 31744 ------w e:\windows\System32\drivers\atinxbxx.sys
2009-01-03 17:59 . 2004-08-04 05:29 63488 ------w e:\windows\System32\drivers\atinxsxx.sys
2009-01-03 17:59 . 2004-07-17 18:36 64352 ------w e:\windows\System32\drivers\ativmc20.cod
2009-01-03 17:59 . 2004-08-04 07:56 21183 ------w e:\windows\System32\drivers\atv01nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 11359 ------w e:\windows\System32\drivers\atv02nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 25471 ------w e:\windows\System32\drivers\atv04nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 14143 ------w e:\windows\System32\drivers\atv06nt5.dll
2009-01-03 17:59 . 2004-08-04 07:56 17279 ------w e:\windows\System32\drivers\atv10nt5.dll
2009-01-03 17:59 . 2004-08-04 06:10 17024 ------w e:\windows\System32\drivers\bthenum.sys
2009-01-03 17:59 . 2004-08-04 06:10 38016 ------w e:\windows\System32\drivers\bthmodem.sys
2009-01-03 17:59 . 2004-08-04 05:58 100992 ------w e:\windows\System32\drivers\bthpan.sys
2009-01-03 17:59 . 2008-06-13 13:10 272128 ------w e:\windows\System32\drivers\bthport.sys
2009-01-03 17:59 . 2004-08-04 06:10 35456 ------w e:\windows\System32\drivers\bthprint.sys
2009-01-03 17:59 . 2004-08-04 06:10 18944 ------w e:\windows\System32\drivers\bthusb.sys
2009-01-03 17:59 . 2004-08-04 07:56 15423 ------w e:\windows\System32\drivers\ch7xxnt5.dll
2009-01-03 17:59 . 2004-07-18 05:55 129045 ------w e:\windows\System32\drivers\cxthsfs2.cty
2009-01-03 17:59 . 2004-08-04 06:01 124800 ------w e:\windows\System32\drivers\fltmgr.sys
2009-01-03 17:59 . 2004-08-04 06:07 46464 ------w e:\windows\System32\drivers\gagp30kx.sys
2009-01-03 17:59 . 2004-08-04 06:10 25600 ------w e:\windows\System32\drivers\hidbth.sys
2009-01-03 17:59 . 2004-08-04 06:08 15104 ------w e:\windows\System32\drivers\hidir.sys
2009-01-03 17:59 . 2004-08-04 05:41 220032 ------w e:\windows\System32\drivers\hsfbs2s2.sys
2009-01-03 17:59 . 2004-08-04 05:41 685056 ------w e:\windows\System32\drivers\hsfcxts2.sys
2009-01-03 17:59 . 2004-08-04 05:41 1041536 ------w e:\windows\System32\drivers\hsfdpsp2.sys
2009-01-03 17:59 . 2004-08-04 06:00 263040 ------w e:\windows\System32\drivers\http.sys
2009-01-03 17:59 . 2004-08-04 05:59 36096 ------w e:\windows\System32\drivers\intelppm.sys
2009-01-03 17:59 . 2004-08-04 06:00 29056 ------w e:\windows\System32\drivers\ip6fw.sys
2009-01-03 17:59 . 2004-08-04 05:41 11868 ------w e:\windows\System32\drivers\mdmxsdk.sys
2009-01-03 17:59 . 2004-08-04 06:07 15488 ------w e:\windows\System32\drivers\mssmbios.sys
2009-01-03 17:59 . 2004-08-04 05:41 126686 ------w e:\windows\System32\drivers\mtlmnt5.sys
2009-01-03 17:59 . 2004-08-04 05:41 1309184 ------w e:\windows\System32\drivers\mtlstrm.sys
2009-01-03 17:59 . 2004-08-04 05:29 452736 ------w e:\windows\System32\drivers\mtxparhm.sys
2009-01-03 17:59 . 2004-08-04 06:04 12672 ------w e:\windows\System32\drivers\mutohpen.sys
2009-01-03 17:59 . 2004-07-17 18:35 67866 ------w e:\windows\System32\drivers\netwlan5.img
2009-01-03 17:59 . 2004-08-04 05:41 180360 ------w e:\windows\System32\drivers\ntmtlfax.sys
2009-01-03 17:59 . 2004-08-04 05:41 13776 ------w e:\windows\System32\drivers\recagent.sys
2009-01-03 17:59 . 2004-08-04 06:10 59648 ------w e:\windows\System32\drivers\rfcomm.sys
2009-01-03 17:59 . 2004-08-04 06:04 30080 ------w e:\windows\System32\drivers\rndismpx.sys
2009-01-03 17:59 . 2004-08-04 05:29 166912 ------w e:\windows\System32\drivers\s3gnbm.sys
2009-01-03 17:59 . 2004-08-04 06:07 67584 ------w e:\windows\System32\drivers\sdbus.sys
2009-01-03 17:59 . 2004-08-04 05:59 11136 ------w e:\windows\System32\drivers\sffdisk.sys
2009-01-03 17:59 . 2004-08-04 05:59 10240 ------w e:\windows\System32\drivers\sffp_sd.sys
2009-01-03 17:59 . 2004-08-04 07:56 3901 ------w e:\windows\System32\drivers\siint5.dll
2009-01-03 17:59 . 2004-08-04 06:07 41088 ------w e:\windows\System32\drivers\sisagp.sys
2009-01-03 17:59 . 2004-08-04 05:41 129535 ------w e:\windows\System32\drivers\slnt7554.sys
2009-01-03 17:59 . 2004-08-04 05:41 404990 ------w e:\windows\System32\drivers\slntamr.sys
2009-01-03 17:59 . 2004-08-04 05:41 95424 ------w e:\windows\System32\drivers\slnthal.sys
2009-01-03 17:59 . 2004-08-04 05:41 13240 ------w e:\windows\System32\drivers\slwdmsup.sys
2009-01-03 17:59 . 2004-08-04 06:07 6016 ------w e:\windows\System32\drivers\smbali.sys
2009-01-03 17:59 . 2004-08-04 06:07 44672 ------w e:\windows\System32\drivers\uagp35.sys
2009-01-03 17:59 . 2004-08-04 06:04 12672 ------w e:\windows\System32\drivers\usb8023x.sys
2009-01-03 17:59 . 2004-08-04 06:10 78464 ------w e:\windows\System32\drivers\usbvideo.sys
2009-01-03 17:59 . 2004-08-04 07:56 11325 ------w e:\windows\System32\drivers\vchnt5.dll
2009-01-03 17:59 . 2004-08-04 06:07 42240 ------w e:\windows\System32\drivers\viaagp.sys
2009-01-03 17:59 . 2004-08-04 06:04 13568 ------w e:\windows\System32\drivers\wacompen.sys
2009-01-03 17:59 . 2004-08-04 05:29 11807 ------w e:\windows\System32\drivers\wadv07nt.sys
2009-01-03 17:59 . 2004-08-04 05:29 11295 ------w e:\windows\System32\drivers\wadv08nt.sys
2009-01-03 17:59 . 2004-08-04 05:29 11871 ------w e:\windows\System32\drivers\wadv09nt.sys
2009-01-03 17:59 . 2004-08-04 05:29 11935 ------w e:\windows\System32\drivers\wadv11nt.sys
2009-01-03 17:59 . 2004-08-04 05:29 22271 ------w e:\windows\System32\drivers\watv06nt.sys
2009-01-03 17:59 . 2004-08-04 05:29 25471 ------w e:\windows\System32\drivers\watv10nt.sys
2009-01-03 17:59 . 2004-08-04 07:56 229376 ------w e:\windows\System32\ati2cqag.dll
2009-01-03 17:59 . 2004-08-04 07:56 377984 ------w e:\windows\System32\ati2dvaa.dll
2009-01-03 17:59 . 2004-08-04 07:56 201728 ------w e:\windows\System32\ati2dvag.dll
2009-01-03 17:59 . 2004-08-04 07:56 870784 ------w e:\windows\System32\ati3d1ag.dll
2009-01-03 17:59 . 2004-08-04 07:56 1888992 ------w e:\windows\System32\ati3duag.dll
2009-01-03 17:59 . 2004-08-04 07:56 9728 ------w e:\windows\System32\ativdaxx.ax
2009-01-03 17:59 . 2004-08-04 07:56 23040 ------w e:\windows\System32\ativmvxx.ax
2009-01-03 17:59 . 2004-08-04 07:56 32768 ------w e:\windows\System32\ativtmxx.dll
2009-01-03 17:59 . 2004-08-04 07:56 516768 ------w e:\windows\System32\ativvaxx.dll
2009-01-03 17:59 . 2004-08-04 07:56 14336 ------w e:\windows\System32\auditusr.exe
2009-01-03 17:59 . 2004-08-04 07:56 8192 ------w e:\windows\System32\bitsprx2.dll
2009-01-03 17:59 . 2004-08-04 07:56 7168 ------w e:\windows\System32\bitsprx3.dll
2009-01-03 17:59 . 2004-08-04 07:56 71680 ------w e:\windows\System32\blastcln.exe
2009-01-03 17:59 . 2004-08-04 07:56 20992 ------w e:\windows\System32\bthci.dll
2009-01-03 17:59 . 2004-08-04 07:56 110592 ------w e:\windows\System32\bthprops.cpl
2009-01-03 17:59 . 2004-08-04 07:56 30208 ------w e:\windows\System32\bthserv.dll
2009-01-03 17:59 . 2004-08-04 07:56 50688 ------w e:\windows\System32\btpanui.dll
2009-01-03 17:59 . 2004-08-04 07:56 13824 ------w e:\windows\System32\cmsetacl.dll
2009-01-03 17:59 . 2009-02-20 18:09 133120 ------w e:\windows\System32\extmgr.dll
2009-01-03 17:59 . 2004-08-04 07:56 80384 ------w e:\windows\System32\firewall.cpl
2009-01-03 17:59 . 2004-08-04 07:56 16896 ------w e:\windows\System32\fltlib.dll
2009-01-03 17:59 . 2004-08-04 07:56 22528 ------w e:\windows\System32\fltmc.exe
2009-01-03 17:59 . 2004-08-04 07:56 193024 ------w e:\windows\System32\fsquirt.exe
2009-01-03 17:59 . 2004-08-04 07:56 60416 ------w e:\windows\System32\fwcfg.dll
2009-01-03 17:59 . 2004-08-04 07:56 32285 ------w e:\windows\System32\hsfcisp2.dll
2009-01-03 17:59 . 2009-02-20 10:21 389120 ----a-w e:\windows\System32\html.iec
2009-01-03 17:59 . 2004-08-04 07:56 24576 ------w e:\windows\System32\httpapi.dll
2009-01-03 17:59 . 2004-08-04 07:56 199680 ------w e:\windows\System32\iac25_32.ax
2009-01-03 17:59 . 2009-02-20 18:09 78336 ----a-w e:\windows\System32\ieencode.dll
2009-01-03 17:59 . 2004-08-04 07:56 848384 ------w e:\windows\System32\ir41_32.ax
2009-01-03 17:59 . 2004-08-04 07:56 120320 ------w e:\windows\System32\ir41_qc.dll
2009-01-03 17:59 . 2004-08-04 07:56 338432 ------w e:\windows\System32\ir41_qcx.dll
2009-01-03 17:59 . 2004-08-04 07:56 755200 ------w e:\windows\System32\ir50_32.dll
2009-01-03 17:59 . 2004-08-04 07:56 200192 ------w e:\windows\System32\ir50_qc.dll
2009-01-03 17:59 . 2004-08-04 07:56 183808 ------w e:\windows\System32\ir50_qcx.dll
2009-01-03 17:59 . 2004-08-04 07:56 380416 ------w e:\windows\System32\irprops.cpl
2009-01-03 17:59 . 2004-08-04 07:56 154624 ------w e:\windows\System32\ivfsrc.ax
2009-01-03 17:59 . 2004-08-04 07:56 7168 ------w e:\windows\System32\kbdfi1.dll
2009-01-03 17:59 . 2004-08-04 07:56 6144 ------w e:\windows\System32\kbdinbe1.dll
2009-01-03 17:59 . 2004-08-04 07:56 6656 ------w e:\windows\System32\kbdinben.dll
2009-01-03 17:59 . 2004-08-04 07:56 6656 ------w e:\windows\System32\kbdinmal.dll
2009-01-03 17:59 . 2004-08-04 07:56 5632 ------w e:\windows\System32\kbdmaori.dll
2009-01-03 17:59 . 2004-08-04 07:56 6144 ------w e:\windows\System32\kbdmlt47.dll
2009-01-03 17:59 . 2004-08-04 07:56 6144 ------w e:\windows\System32\kbdmlt48.dll
2009-01-03 17:59 . 2004-08-04 07:56 7168 ------w e:\windows\System32\kbdno1.dll
2009-01-03 17:59 . 2004-08-04 07:56 7680 ------w e:\windows\System32\kbdsmsfi.dll
2009-01-03 17:59 . 2004-08-04 07:56 7680 ------w e:\windows\System32\kbdsmsno.dll
2009-01-03 17:59 . 2004-08-04 07:56 7168 ------w e:\windows\System32\kbdukx.dll
2009-01-03 17:59 . 2004-08-04 07:56 86016 ------w e:\windows\System32\mdmxsdk.dll
2009-01-03 17:59 . 2004-08-04 07:56 310272 ------w e:\windows\System32\mp43dmod.dll
2009-01-03 17:59 . 2004-08-04 07:56 384512 ------w e:\windows\System32\mp4sdmod.dll
2009-01-03 17:59 . 2004-08-04 07:56 118784 ------w e:\windows\System32\msdadiag.dll
2009-01-03 17:59 . 2005-01-28 20:44 25088 -c--a-w e:\windows\System32\dllcache\mspmsnsv.dll
2009-01-03 17:59 . 2005-01-28 20:44 25088 ----a-w e:\windows\System32\MsPMSNSv.dll
2009-01-03 17:59 . 2004-08-04 07:56 1737856 ------w e:\windows\System32\mtxparhd.dll
2009-01-03 17:59 . 2004-08-04 07:56 25600 ------w e:\windows\System32\netsetup.cpl
2009-01-03 17:59 . 2004-08-04 07:56 116224 ------w e:\windows\System32\p2p.dll
2009-01-03 17:59 . 2004-08-04 07:56 86016 ------w e:\windows\System32\p2pgasvc.dll
2009-01-03 17:59 . 2004-08-04 07:56 312320 ------w e:\windows\System32\p2pgraph.dll
2009-01-03 17:59 . 2004-08-04 07:56 88064 ------w e:\windows\System32\p2pnetsh.dll
2009-01-03 17:59 . 2004-08-04 07:56 526848 ------w e:\windows\System32\p2psvc.dll
2009-01-03 17:59 . 2004-08-04 07:56 48640 ------w e:\windows\System32\pnrpnsp.dll
2009-01-03 17:59 . 2004-08-04 07:56 49152 ------w e:\windows\System32\powercfg.exe
2009-01-03 17:59 . 2004-08-04 07:56 397056 ------w e:\windows\System32\s3gnb.dll
2009-01-03 17:59 . 2004-08-04 07:56 29184 ------w e:\windows\System32\sdhcinst.dll
2009-01-03 17:59 . 2004-08-04 07:56 73832 ------w e:\windows\System32\slcoinst.dll
2009-01-03 17:59 . 2004-08-04 07:56 286792 ------w e:\windows\System32\slextspk.dll
2009-01-03 17:59 . 2004-08-04 07:56 188508 ------w e:\windows\System32\slgen.dll
2009-01-03 17:59 . 2004-08-04 07:56 32866 ------w e:\windows\System32\slrundll.exe
2009-01-03 17:59 . 2004-08-04 07:56 73796 ------w e:\windows\System32\slserv.exe
2009-01-03 17:59 . 2004-08-04 07:56 8192 ------w e:\windows\System32\smbinst.exe
2009-01-03 17:59 . 2004-08-04 07:56 75776 ------w e:\windows\System32\strmfilt.dll
2009-01-03 17:59 . 2004-08-04 07:56 44032 ------w e:\windows\System32\twext.dll
2009-01-03 17:59 . 2004-08-04 07:56 28672 ------w e:\windows\System32\vidcap.ax
2009-01-03 17:59 . 2004-08-04 07:56 15872 ------w e:\windows\System32\w3ssl.dll
2009-01-03 17:59 . 2004-08-04 07:56 17408 ------w e:\windows\System32\winshfhc.dll
2009-01-03 17:59 . 2005-01-28 20:44 189440 -c--a-w e:\windows\System32\dllcache\wmerror.dll
2009-01-03 17:59 . 2005-01-28 20:44 150016 -c--a-w e:\windows\System32\dllcache\wmidx.dll
2009-01-03 17:59 . 2005-01-28 20:44 189440 ----a-w e:\windows\System32\wmerror.dll
2009-01-03 17:59 . 2004-08-11 08:45 150016 ----a-w e:\windows\System32\wmidx.dll
2009-01-03 17:59 . 2007-04-30 15:20 5537792 -c--a-w e:\windows\System32\dllcache\wmp.dll
2009-01-03 17:59 . 2005-01-28 20:44 135168 -c--a-w e:\windows\System32\dllcache\wmpasf.dll
2009-01-03 17:59 . 2005-01-28 20:44 135168 ----a-w e:\windows\System32\wmpasf.dll
2009-01-03 17:59 . 2005-01-28 20:44 282624 -c--a-w e:\windows\System32\dllcache\wmpdxm.dll
2009-01-03 17:59 . 2005-01-28 20:44 282624 ----a-w e:\windows\System32\wmpdxm.dll
2009-01-03 17:59 . 2005-01-28 20:44 1119744 -c--a-w e:\windows\System32\dllcache\wmsdmoe2.dll
2009-01-03 17:59 . 2005-01-28 20:44 1119744 ----a-w e:\windows\System32\wmsdmoe2.dll
2009-01-03 17:59 . 2005-01-28 20:44 413944 -c--a-w e:\windows\System32\dllcache\wmspdmod.dll
2009-01-03 17:59 . 2005-01-28 20:44 413944 ----a-w e:\windows\System32\wmspdmod.dll
2009-01-03 17:59 . 2005-01-28 20:44 940544 -c--a-w e:\windows\System32\dllcache\wmspdmoe.dll
2009-01-03 17:59 . 2005-01-28 20:44 940544 ----a-w e:\windows\System32\wmspdmoe.dll
2009-01-03 17:59 . 2005-01-28 20:44 1003008 -c--a-w e:\windows\System32\dllcache\wmvdmoe2.dll
2009-01-03 17:59 . 2005-01-28 20:44 1003008 ----a-w e:\windows\System32\wmvdmoe2.dll
2009-01-03 17:59 . 2004-08-04 07:56 13824 ------w e:\windows\System32\wscntfy.exe
2009-01-03 17:59 . 2004-08-04 07:56 81408 ------w e:\windows\System32\wscsvc.dll
2009-01-03 17:59 . 2004-08-04 07:56 148480 ------w e:\windows\System32\wscui.cpl
2009-01-03 17:59 . 2004-08-04 07:56 108032 ------w e:\windows\System32\wshbth.dll
2009-01-03 17:59 . 2008-10-16 21:12 561688 -c--a-w e:\windows\System32\dllcache\wuapi.dll
2009-01-03 17:59 . 2008-10-16 21:12 561688 ----a-w e:\windows\System32\wuapi.dll
2009-01-03 17:59 . 2004-08-04 07:56 165888 ------w e:\windows\System32\wuauclt1.exe
2009-01-03 17:59 . 2008-10-16 21:12 213528 -c--a-w e:\windows\System32\dllcache\wuaucpl.cpl
2009-01-03 17:59 . 2008-10-16 21:12 213528 ----a-w e:\windows\System32\wuaucpl.cpl
2009-01-03 17:59 . 2004-08-04 07:56 183296 ------w e:\windows\System32\wuaueng1.dll
2009-01-03 17:59 . 2008-10-16 21:12 323608 -c--a-w e:\windows\System32\dllcache\wucltui.dll
2009-01-03 17:59 . 2008-10-16 21:08 34328 -c--a-w e:\windows\System32\dllcache\wups.dll
2009-01-03 17:59 . 2008-10-16 21:12 323608 ----a-w e:\windows\System32\wucltui.dll
2009-01-03 17:59 . 2008-10-16 21:08 34328 ----a-w e:\windows\System32\wups.dll
2009-01-03 17:59 . 2008-10-16 21:12 202776 -c--a-w e:\windows\System32\dllcache\wuweb.dll
2009-01-03 17:59 . 2008-10-16 21:12 202776 ----a-w e:\windows\System32\wuweb.dll
2009-01-03 17:59 . 2004-08-04 07:56 129536 ------w e:\windows\System32\xmlprov.dll
2009-01-03 17:59 . 2004-08-04 07:56 50176 ------w e:\windows\System32\xmlprovi.dll
2009-01-03 17:59 . 2004-08-04 07:56 438784 ------w e:\windows\System32\xpob2res.dll
2009-01-03 17:59 . 2004-08-04 06:56 32866 -c--a-w e:\windows\System32\dllcache\slrundll.exe
2009-01-03 17:59 . 2004-08-04 05:03 3201 ------w e:\windows\System32\oobe\agtscrp2.js
2009-01-03 17:59 . 2004-08-04 05:03 5579 ------w e:\windows\System32\oobe\setup\autoupdt.htm
2009-01-03 17:59 . 2004-08-04 05:03 5443 ------w e:\windows\System32\oobe\setup\au_plcy.htm
2009-01-03 17:59 . 2004-08-04 05:03 32004 ------w e:\windows\System32\oobe\updshell.htm
2009-01-03 17:59 . 2005-01-28 20:44 28672 -c--a-w e:\windows\System32\dllcache\custsat.dll
2009-01-03 17:59 . 2005-01-28 20:44 991232 -c--a-w e:\windows\System32\dllcache\migrate.exe
2009-01-03 17:59 . 2005-01-28 20:44 352256 -c--a-w e:\windows\System32\dllcache\mpvis.dll
2009-01-03 17:59 . 2005-01-28 20:44 77824 -c--a-w e:\windows\System32\dllcache\wmpband.dll
2009-01-03 17:59 . 2004-07-17 18:41 832872 ------w e:\windows\System32\Macromed\Flash\flash.ocx
2009-01-03 17:59 . 2004-07-17 18:44 2135 ------w e:\windows\System32\oobe\images\greenshd.gif
2009-01-03 17:59 . 2004-07-17 18:45 2119 ------w e:\windows\System32\oobe\images\redshd.gif
2009-01-03 17:58 . 2004-08-04 07:56 283648 -c--a-w e:\windows\System32\dllcache\winhlp32.exe
2009-01-03 17:58 . 2004-08-04 07:56 2897920 ------w e:\windows\System32\xpsp2res.dll
2009-01-03 17:57 . 2004-08-04 08:58 168806 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\startoc.cat
2009-01-03 17:57 . 2004-08-04 09:03 1042903 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sp2.cat
2009-01-03 17:57 . 2004-08-04 08:58 24209 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msn7.cat
2009-01-03 17:57 . 2004-08-04 08:57 11651 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msn9.cat
2009-01-03 17:57 . 2004-07-17 18:45 7334 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmerrenu.cat
2009-01-03 17:57 . 2007-07-27 16:41 16760 ------w e:\windows\System32\spmsg.dll
2009-01-03 17:57 . 2002-08-29 12:00 30592 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]002\DriverFiles\i386\processr.sys
2009-01-03 17:57 . 2002-08-29 12:00 5496 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]002\DriverFiles\cpu.inf
2009-01-03 17:57 . 2009-01-03 17:31 13400 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]002\DriverFiles\cpu.PNF
2009-01-03 17:57 . 2002-08-29 12:00 30592 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]001\DriverFiles\i386\processr.sys
2009-01-03 17:57 . 2002-08-29 12:00 5496 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]001\DriverFiles\cpu.inf
2009-01-03 17:57 . 2009-01-03 17:31 13400 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]001\DriverFiles\cpu.PNF
2009-01-03 17:34 . 2004-07-20 05:44 15843 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\dxbda.CAT
2009-01-03 17:34 . 2003-05-30 16:00 33181 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\dxxp.CAT
2009-01-03 17:34 . 2004-08-04 06:10 19328 ----a-w e:\windows\System32\drivers\wstcodec.sys
2009-01-03 17:34 . 2004-08-04 07:56 30720 ----a-w e:\windows\System32\vbisurf.ax
2009-01-03 17:34 . 2004-08-04 07:56 50688 ----a-w e:\windows\System32\wstdecod.dll
2009-01-03 17:34 . 2004-08-04 06:10 11136 ----a-w e:\windows\System32\drivers\slip.sys
2009-01-03 17:34 . 2004-08-04 06:10 15360 ----a-w e:\windows\System32\drivers\streamip.sys
2009-01-03 17:34 . 2004-08-04 07:56 33280 ----a-w e:\windows\System32\psisrndr.ax
2009-01-03 17:34 . 2004-08-04 06:10 10880 ----a-w e:\windows\System32\drivers\ndisip.sys
2009-01-03 17:34 . 2004-08-04 07:56 363520 ----a-w e:\windows\System32\psisdecd.dll
2009-01-03 17:34 . 2004-08-04 06:10 85376 ----a-w e:\windows\System32\drivers\nabtsfec.sys
2009-01-03 17:34 . 2004-08-04 07:56 17408 ----a-w e:\windows\System32\msyuv.dll
2009-01-03 17:34 . 2004-08-04 07:56 56832 ----a-w e:\windows\System32\msdvbnp.ax
2009-01-03 17:34 . 2004-08-04 07:56 1428480 ----a-w e:\windows\System32\msvidctl.dll
2009-01-03 17:34 . 2004-08-04 06:10 51328 ----a-w e:\windows\System32\drivers\msdv.sys
2009-01-03 17:34 . 2004-08-04 07:56 118272 ----a-w e:\windows\System32\mpeg2data.ax
2009-01-03 17:34 . 2004-08-04 06:10 17024 ----a-w e:\windows\System32\drivers\ccdecode.sys
2009-01-03 17:34 . 2004-08-04 06:10 15360 ----a-w e:\windows\System32\drivers\mpe.sys
2009-01-03 17:34 . 2004-08-04 07:56 16384 ----a-w e:\windows\System32\ipsink.ax
2009-01-03 17:34 . 2004-08-04 07:56 43008 ----a-w e:\windows\System32\ksxbar.ax
2009-01-03 17:34 . 2004-08-04 06:10 11776 ----a-w e:\windows\System32\drivers\bdasup.sys
2009-01-03 17:34 . 2004-08-04 07:56 18432 ----a-w e:\windows\System32\bdaplgin.ax
2009-01-03 17:34 . 2004-08-04 07:56 90624 ----a-w e:\windows\System32\kswdmcap.ax
2009-01-03 17:34 . 2004-08-04 07:56 61952 ----a-w e:\windows\System32\kstvtune.ax
2009-01-03 17:34 . 2004-08-04 05:58 4992 ----a-w e:\windows\System32\drivers\mspqm.sys
2009-01-03 17:34 . 2004-08-04 05:58 4352 ----a-w e:\windows\System32\drivers\swenum.sys
2009-01-03 17:34 . 2004-08-04 05:58 5504 ----a-w e:\windows\System32\drivers\mstee.sys
2009-01-03 17:34 . 2004-08-04 06:08 48640 ----a-w e:\windows\System32\drivers\stream.sys
2009-01-03 17:34 . 2004-08-04 05:58 7552 ----a-w e:\windows\System32\drivers\mskssrv.sys
2009-01-03 17:34 . 2004-08-04 05:58 5376 ----a-w e:\windows\System32\drivers\mspclock.sys
2009-01-03 17:34 . 2002-12-12 07:14 12288 ----a-w e:\windows\System32\ksolay.ax
2009-01-03 17:34 . 2004-08-04 07:56 4096 ----a-w e:\windows\System32\ksuser.dll
2009-01-03 17:34 . 2004-08-04 07:56 130048 ----a-w e:\windows\System32\ksproxy.ax
2009-01-03 17:34 . 2004-08-04 06:15 140928 ----a-w e:\windows\System32\drivers\ks.sys
2009-01-03 17:34 . 2004-08-04 07:56 733696 ----a-w e:\windows\System32\qedwipes.dll
2009-01-03 17:34 . 2004-08-04 07:56 562176 ----a-w e:\windows\System32\qedit.dll
2009-01-03 17:34 . 2005-01-28 20:44 221184 -c--a-w e:\windows\System32\dllcache\qasf.dll
2009-01-03 17:34 . 2005-01-28 20:44 221184 ----a-w e:\windows\System32\qasf.dll
2009-01-03 17:34 . 2002-12-12 07:14 83456 ----a-w e:\windows\System32\l3codecx.ax
2009-01-03 17:34 . 2004-08-04 07:56 14336 ----a-w e:\windows\System32\msdmo.dll
2009-01-03 17:34 . 2004-08-04 07:56 204288 ----a-w e:\windows\System32\mswebdvd.dll
2009-01-03 17:34 . 2008-12-20 22:43 1287680 ----a-w e:\windows\System32\quartz.dll
2009-01-03 17:34 . 2004-08-04 07:56 279040 ----a-w e:\windows\System32\qdv.dll
2009-01-03 17:34 . 2004-08-04 07:56 385024 ----a-w e:\windows\System32\qdvd.dll
2009-01-03 17:34 . 2004-08-04 07:56 20480 ----a-w e:\windows\System32\encapi.dll
2009-01-03 17:34 . 2004-08-04 07:56 35328 ----a-w e:\windows\System32\mciqtz32.dll
2009-01-03 17:34 . 2004-08-04 07:56 148992 ----a-w e:\windows\System32\mpg2splt.ax
2009-01-03 17:34 . 2004-08-04 07:56 192512 ----a-w e:\windows\System32\qcap.dll
2009-01-03 17:34 . 2004-08-04 07:56 59904 ----a-w e:\windows\System32\devenum.dll
2009-01-03 17:34 . 2004-08-04 07:56 70656 ----a-w e:\windows\System32\amstream.dll
2009-01-03 17:34 . 2004-08-04 07:56 105984 ----a-w e:\windows\System32\dmstyle.dll
2009-01-03 17:34 . 2004-08-04 07:56 103424 ----a-w e:\windows\System32\dmsynth.dll
2009-01-03 17:34 . 2004-08-04 07:56 104448 ----a-w e:\windows\System32\dmusic.dll
2009-01-03 17:34 . 2004-08-04 07:56 28672 ----a-w e:\windows\System32\dmband.dll
2009-01-03 17:34 . 2004-08-04 07:56 61440 ----a-w e:\windows\System32\dmcompos.dll
2009-01-03 17:34 . 2004-08-04 07:56 181248 ----a-w e:\windows\System32\dmime.dll
2009-01-03 17:34 . 2004-08-04 07:56 35840 ----a-w e:\windows\System32\dmloader.dll
2009-01-03 17:34 . 2004-08-04 07:56 19456 ----a-w e:\windows\System32\dswave.dll
2009-01-03 17:34 . 2004-08-04 07:56 82432 ----a-w e:\windows\System32\dmscript.dll
2009-01-03 17:33 . 2004-08-04 07:56 1689088 ----a-w e:\windows\System32\d3d9.dll
2009-01-03 17:33 . 2004-08-04 07:56 1179648 ----a-w e:\windows\System32\d3d8.dll
2009-01-03 17:33 . 2004-08-04 07:56 2113536 ----a-w e:\windows\System32\dxdiagn.dll
2009-01-03 17:33 . 2004-08-04 07:56 1298432 ----a-w e:\windows\System32\dxdiag.exe
2009-01-03 17:33 . 2004-08-04 07:56 71680 ----a-w e:\windows\System32\dsdmoprp.dll
2009-01-03 17:33 . 2002-12-12 07:14 46592 ----a-w e:\windows\System32\dxdllreg.exe
2009-01-03 17:33 . 2004-08-04 07:56 21504 ----a-w e:\windows\System32\dpvacm.dll
2009-01-03 17:33 . 2004-08-04 07:56 212480 ----a-w e:\windows\System32\dpvoice.dll
2009-01-03 17:33 . 2004-08-04 07:56 83456 ----a-w e:\windows\System32\dpvsetup.exe
2009-01-03 17:33 . 2004-08-04 07:56 116736 ----a-w e:\windows\System32\dpvvox.dll
2009-01-03 17:33 . 2004-08-04 07:56 181760 ----a-w e:\windows\System32\dsdmo.dll
2009-01-03 17:33 . 2004-08-04 07:56 375296 ----a-w e:\windows\System32\dpnet.dll
2009-01-03 17:33 . 2004-08-04 07:56 35328 ----a-w e:\windows\System32\dpnhpast.dll
2009-01-03 17:33 . 2004-08-04 07:56 3584 ----a-w e:\windows\System32\dpnlobby.dll
2009-01-03 17:33 . 2004-08-04 07:56 18432 ----a-w e:\windows\System32\dpnsvr.exe
2009-01-03 17:33 . 2004-08-04 07:56 60928 ----a-w e:\windows\System32\dpnhupnp.dll
2009-01-03 17:33 . 2004-08-04 07:56 3584 ----a-w e:\windows\System32\dpnaddr.dll
2009-01-03 17:33 . 2004-08-04 07:56 8192 ----a-w e:\windows\System32\d3d8thk.dll
2009-01-03 17:33 . 2004-08-04 07:56 1227264 ----a-w e:\windows\System32\dx8vb.dll
2009-01-03 17:33 . 2004-08-04 07:56 619008 ----a-w e:\windows\System32\dx7vb.dll
2009-01-03 17:33 . 2004-08-04 07:56 367616 ----a-w e:\windows\System32\dsound.dll
2009-01-03 17:33 . 2004-08-04 07:56 1294336 ----a-w e:\windows\System32\dsound3d.dll
2009-01-03 17:33 . 2004-08-04 07:56 30208 ----a-w e:\windows\System32\dplaysvr.exe
2009-01-03 17:33 . 2004-08-04 07:56 229888 ----a-w e:\windows\System32\dplayx.dll
2009-01-03 17:33 . 2004-08-04 07:56 23552 ----a-w e:\windows\System32\dpmodemx.dll
2009-01-03 17:33 . 2004-08-04 07:56 57344 ----a-w e:\windows\System32\dpwsockx.dll
2009-01-03 17:33 . 2004-08-04 07:56 266240 ----a-w e:\windows\System32\ddraw.dll
2009-01-03 17:33 . 2004-08-04 07:56 27136 ----a-w e:\windows\System32\ddrawex.dll
2009-01-03 17:33 . 2004-08-04 07:56 825344 ----a-w e:\windows\System32\d3dim700.dll
2009-01-03 17:33 . 2004-08-04 06:07 6400 ----a-w e:\windows\System32\drivers\splitter.sys
2009-01-03 17:33 . 2004-08-04 06:15 82944 ----a-w e:\windows\System32\drivers\wdmaud.sys
2009-01-03 17:33 . 2004-08-04 06:07 52864 ----a-w e:\windows\System32\drivers\dmusic.sys
2009-01-03 17:33 . 2001-08-17 21:00 54272 -c--a-w e:\windows\System32\dllcache\swmidi.sys
2009-01-03 17:33 . 2001-08-17 21:00 54272 ----a-w e:\windows\System32\drivers\swmidi.sys
2009-01-03 17:33 . 2004-08-04 05:39 142464 -c--a-w e:\windows\System32\dllcache\aec.sys
2009-01-03 17:33 . 2004-08-04 05:39 142464 ----a-w e:\windows\System32\drivers\aec.sys
2009-01-03 17:33 . 2004-08-04 06:07 171776 ----a-w e:\windows\System32\drivers\kmixer.sys
2009-01-03 17:33 . 2004-08-04 06:07 2944 ----a-w e:\windows\System32\drivers\drmkaud.sys
2009-01-03 17:33 . 2004-08-04 06:15 60800 ----a-w e:\windows\System32\drivers\sysaudio.sys
2009-01-03 17:32 . 2006-06-30 07:00 28160 ----a-r e:\windows\System32\PostProc.dll
2009-01-03 17:32 . 2006-08-06 22:57 93952 ----a-r e:\windows\System32\drivers\aeaudio.sys
2009-01-03 17:32 . 2006-12-08 09:06 139776 ----a-r e:\windows\System32\drivers\adidts.sys
2009-01-03 17:32 . 2007-01-16 01:09 293888 ----a-r e:\windows\System32\drivers\ADIHdAud.sys
2009-01-03 17:32 . 2004-08-04 06:08 60288 ----a-w e:\windows\System32\drivers\drmk.sys
2009-01-03 17:32 . 2004-08-04 07:56 23552 ----a-w e:\windows\System32\wdmaud.drv
2009-01-03 17:32 . 2007-01-26 04:57 13685 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT
2009-01-03 17:32 . 2005-05-04 15:20 53248 ------w e:\windows\System32\wdmioctl.dll
2009-01-03 17:32 . 2001-09-11 21:20 1285632 ------w e:\windows\System32\SMMedia.dll
2009-01-03 17:32 . 2006-07-10 21:42 49152 ------w e:\windows\System32\DSndUp.exe
2009-01-03 17:32 . 2002-04-17 21:05 45056 ------w e:\windows\System32\CleanUp.exe
2009-01-03 17:32 . 2004-10-27 23:55 35330 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB888111WXP.cat
2009-01-03 17:32 . 2008-07-09 07:38 26488 ----a-w e:\windows\System32\spupdsvc.exe
2009-01-03 17:31 . 2004-08-13 02:56 5810 ----a-r e:\windows\System32\drivers\ASACPI.sys
2009-01-03 17:31 . 2006-10-11 03:33 10288 ----a-w e:\windows\System32\drivers\ASUSHWIO.SYS
2009-01-03 17:27 . 2009-01-03 17:27 89102 ----a-w e:\windows\System32\Macromed\Flash\uninstall_activeX.exe
2009-01-03 17:20 . 2004-08-04 07:56 192000 ----a-w e:\windows\System32\iuengine.dll
2009-01-03 17:13 . 2008-09-17 16:55 122880 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvcod.dll
2009-01-03 17:13 . 2008-09-17 16:55 55444 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvwcplen.hlp
2009-01-03 17:13 . 2008-09-17 16:55 177897 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvcpl.hlp
2009-01-03 17:13 . 2008-09-17 16:55 2686976 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvwss.dll
2009-01-03 17:13 . 2008-09-17 16:55 3764224 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvvitvs.dll
2009-01-03 17:13 . 2008-09-17 16:55 1257472 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvmobls.dll
2009-01-03 17:13 . 2008-09-17 16:55 188416 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvmccss.dll
2009-01-03 17:13 . 2008-09-17 16:55 3444736 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvgames.dll
2009-01-03 17:13 . 2008-09-17 16:55 3989504 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvdisps.dll
2009-01-03 17:13 . 2008-09-17 16:55 229376 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvmccs.dll
2009-01-03 17:13 . 2008-09-17 16:55 286720 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvnt4cpl.dll
2009-01-03 17:13 . 2008-09-17 16:55 81920 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvwddi.dll
2009-01-03 17:13 . 2008-09-17 16:55 86016 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvmctray.dll
2009-01-03 17:13 . 2008-09-17 16:55 13574144 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvcpl.dll
2009-01-03 17:13 . 2008-09-17 16:55 8826880 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvoglnt.dll
2009-01-03 17:13 . 2008-09-17 16:55 1368064 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvcuda.dll
2009-01-03 17:13 . 2008-09-17 16:55 475136 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvapi.dll
2009-01-03 17:13 . 2008-09-17 16:55 163908 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nvsvc32.exe
2009-01-03 17:13 . 2008-09-17 16:55 6057472 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nv4_disp.dll
2009-01-03 17:13 . 2008-09-17 16:55 6132576 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nv4_mini.sys
2009-01-03 17:13 . 2008-09-23 05:42 32114 --s-a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\NV4_DISP.CAT
2009-01-03 17:13 . 2008-09-17 16:55 74564 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nv4_disp.inf
2009-01-03 17:13 . 2009-01-03 17:03 114676 ----a-w e:\windows\System32\ReinstallBackups\[u]0[/u]000\DriverFiles\nv4_disp.PNF
2009-01-03 17:12 . 2009-01-21 04:22 363 ----a-w e:\windows\System32\wbem\Logs\WinMgmt.log

Report •

#25
April 19, 2009 at 16:02:41
2009-01-03 17:06 . 2009-01-03 17:06 558 ----a-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ALSBIJMR\CodeSignPCA[1].crl
2009-01-03 17:06 . 2009-01-03 17:06 64 ----a-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YRKHEBU3\wpad[2].dat
2009-01-03 17:05 . 2007-02-21 13:38 10798 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT
2009-01-03 17:04 . 2009-04-04 05:27 24 --sha-w e:\windows\System32\Microsoft\Protect\S-1-5-18\User\Preferred
2009-01-03 17:04 . 2009-01-03 17:04 388 --sha-w e:\windows\System32\Microsoft\Protect\S-1-5-18\User\fe631e81-73b5-4a49-8ccc-f18bb98fb9d8
2009-01-03 17:03 . 2004-08-20 00:58 7790 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.CAT
2009-01-03 17:02 . 2009-01-03 17:02 552 ----a-w e:\windows\System32\d3d8caps.dat
2009-01-03 16:57 . 2009-04-19 03:20 84661 ----a-w e:\windows\System32\Macromed\Flash\uninstall_plugin.exe
2009-01-03 16:56 . 2009-04-19 03:20 42836 ----a-w e:\windows\System32\Macromed\Flash\install.log
2009-01-03 16:43 . 2009-04-18 00:16 2100 ----a-w e:\windows\System32\wbem\Logs\wmiadap.log
2009-01-03 16:43 . 2009-04-19 21:07 23848 ----a-w e:\windows\System32\wbem\Logs\wbemess.log
2009-01-03 16:43 . 2009-04-19 18:18 65575 ----a-w e:\windows\System32\wbem\Logs\wbemess.lo_
2009-01-03 16:42 . 2009-01-03 18:12 32768 ----a-w e:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009010320090104\index.dat
2009-01-03 16:41 . 2009-01-03 16:39 113 ----a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak
2009-01-03 16:41 . 2009-01-03 16:39 141 ----a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt
2009-01-03 16:41 . 2009-01-03 09:22 62 --sha-w e:\windows\System32\config\systemprofile\Application Data\desktop.ini
2009-01-03 16:41 . 2009-04-18 01:22 16384 ----a-w e:\windows\System32\config\systemprofile\Cookies\index.dat
2009-01-03 16:41 . 2009-01-03 16:39 113 --sh--w e:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
2009-01-03 16:41 . 2009-04-18 01:22 32768 ----a-w e:\windows\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2009-01-03 16:41 . 2009-01-03 16:39 113 --sh--w e:\windows\System32\config\systemprofile\Local Settings\History\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 67 --sha-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\21WNCB49\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 67 --sha-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ALSBIJMR\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 558 ----a-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O3MTG7E9\CodeSignPCA[1].crl
2009-01-03 16:41 . 2009-01-03 16:39 67 --sha-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O3MTG7E9\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 67 --sha-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YRKHEBU3\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 64 ----a-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YRKHEBU3\wpad[1].dat
2009-01-03 16:41 . 2009-01-03 16:39 67 --sh--w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
2009-01-03 16:41 . 2009-04-18 01:22 32768 ----a-w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
2009-01-03 16:41 . 2009-01-03 16:39 67 --sh--w e:\windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
2009-01-03 16:41 . 2009-01-03 09:22 62 --sha-w e:\windows\System32\config\systemprofile\Local Settings\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 0 ----a-w e:\windows\System32\config\systemprofile\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2009-01-03 16:41 . 2009-01-03 16:39 0 ----a-w e:\windows\System32\config\systemprofile\SendTo\Desktop (create shortcut).DeskLink
2009-01-03 16:41 . 2009-01-03 16:39 181 --sha-w e:\windows\System32\config\systemprofile\SendTo\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 0 ----a-w e:\windows\System32\config\systemprofile\SendTo\Mail Recipient.MAPIMail
2009-01-03 16:41 . 2009-01-03 16:39 348 --sha-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2009-01-03 16:41 . 2009-02-06 13:47 1491 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
2009-01-03 16:41 . 2009-02-06 13:47 1498 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2009-01-03 16:41 . 2009-02-06 13:47 1467 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2009-01-03 16:41 . 2009-02-06 13:47 1505 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
2009-01-03 16:41 . 2009-01-03 16:39 84 --sha-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2009-01-03 16:41 . 2009-01-04 16:16 1521 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk
2009-01-03 16:41 . 2009-01-03 16:39 482 --sha-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
2009-01-03 16:41 . 2009-01-04 16:16 1485 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk
2009-01-03 16:41 . 2009-01-03 16:39 386 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
2009-01-03 16:41 . 2009-01-04 16:16 1485 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk
2009-01-03 16:41 . 2009-01-04 16:16 1493 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk
2009-01-03 16:41 . 2009-01-04 16:16 1477 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk
2009-01-03 16:41 . 2009-01-03 16:39 84 --sha-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
2009-01-03 16:41 . 2009-01-03 16:39 206 --sha-w e:\windows\System32\config\systemprofile\Start Menu\Programs\desktop.ini
2009-01-03 16:41 . 2009-01-04 16:16 1565 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk
2009-01-03 16:41 . 2009-01-03 16:39 792 ----a-w e:\windows\System32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk
2009-01-03 16:41 . 2009-01-03 09:22 62 --sha-w e:\windows\System32\config\systemprofile\Start Menu\desktop.ini
2009-01-03 16:41 . 2002-08-29 12:00 4570 ----a-w e:\windows\System32\config\systemprofile\Templates\amipro.sam
2009-01-03 16:41 . 2002-08-29 12:00 5632 ----a-w e:\windows\System32\config\systemprofile\Templates\excel.xls
2009-01-03 16:41 . 2002-08-29 12:00 1518 ----a-w e:\windows\System32\config\systemprofile\Templates\excel4.xls
2009-01-03 16:41 . 2002-08-29 12:00 2448 ----a-w e:\windows\System32\config\systemprofile\Templates\lotus.wk4
2009-01-03 16:41 . 2002-08-29 12:00 12288 ----a-w e:\windows\System32\config\systemprofile\Templates\powerpnt.ppt
2009-01-03 16:41 . 2002-08-29 12:00 461 ----a-w e:\windows\System32\config\systemprofile\Templates\presenta.shw
2009-01-03 16:41 . 2002-08-29 12:00 4017 ----a-w e:\windows\System32\config\systemprofile\Templates\quattro.wb2
2009-01-03 16:41 . 2002-08-29 12:00 58 ----a-w e:\windows\System32\config\systemprofile\Templates\sndrec.wav
2009-01-03 16:41 . 2002-08-29 12:00 4608 ----a-w e:\windows\System32\config\systemprofile\Templates\winword.doc
2009-01-03 16:41 . 2002-08-29 12:00 1769 ----a-w e:\windows\System32\config\systemprofile\Templates\winword2.doc
2009-01-03 16:41 . 2002-08-29 12:00 30 ----a-r e:\windows\System32\config\systemprofile\Templates\wordpfct.wpd
2009-01-03 16:41 . 2002-08-29 12:00 57 ----a-r e:\windows\System32\config\systemprofile\Templates\wordpfct.wpg
2009-01-03 16:41 . 2004-08-04 06:04 156672 -c--a-w e:\windows\System32\dllcache\winzm.ime
2009-01-03 16:41 . 2004-08-04 06:04 156672 -c--a-w e:\windows\System32\dllcache\winsp.ime
2009-01-03 16:41 . 2004-08-04 06:04 156672 -c--a-w e:\windows\System32\dllcache\winpy.ime
2009-01-03 16:41 . 2004-08-04 06:04 65536 -c--a-w e:\windows\System32\dllcache\winime.ime
2009-01-03 16:41 . 2002-08-29 12:00 69120 -c--a-w e:\windows\System32\dllcache\wingb.ime
2009-01-03 16:41 . 2004-08-04 06:04 79360 -c--a-w e:\windows\System32\dllcache\winar30.ime
2009-01-03 16:41 . 2002-08-29 12:00 31232 -c--a-w e:\windows\System32\dllcache\weitekp9.sys
2009-01-03 16:41 . 2002-08-29 12:00 41600 -c--a-w e:\windows\System32\dllcache\weitekp9.dll
2009-01-03 16:41 . 2002-08-29 12:00 48256 -c--a-w e:\windows\System32\dllcache\w32.dll
2009-01-03 16:41 . 2004-08-04 05:32 86073 -c--a-w e:\windows\System32\dllcache\voicesub.dll
2009-01-03 16:41 . 2004-08-04 05:32 426041 -c--a-w e:\windows\System32\dllcache\voicepad.dll
2009-01-03 16:41 . 2004-08-04 06:04 76288 -c--a-w e:\windows\System32\dllcache\uniime.dll
2009-01-03 16:41 . 2004-08-04 06:04 65024 -c--a-w e:\windows\System32\dllcache\unicdime.ime
2009-01-03 16:41 . 2002-08-29 12:00 14336 -c--a-w e:\windows\System32\dllcache\tsprof.exe
2009-01-03 16:41 . 2002-08-29 12:00 10240 -c--a-w e:\windows\System32\dllcache\tmigrate.dll
2009-01-03 16:41 . 2002-08-29 12:00 455168 -c--a-w e:\windows\System32\dllcache\tintsetp.exe
2009-01-03 16:41 . 2002-08-29 12:00 44032 -c--a-w e:\windows\System32\dllcache\tintlphr.exe
2009-01-03 16:40 . 2004-08-04 05:32 571392 -c--a-w e:\windows\System32\dllcache\tintlgnt.ime
2009-01-03 16:40 . 2002-08-29 12:00 185344 -c--a-w e:\windows\System32\dllcache\thawbrkr.dll
2009-01-03 16:40 . 2002-08-29 12:00 19464 -c--a-w e:\windows\System32\dllcache\tdspx.sys
2009-01-03 16:40 . 2002-08-29 12:00 21896 -c--a-w e:\windows\System32\dllcache\tdipx.sys
2009-01-03 16:40 . 2002-08-29 12:00 13192 -c--a-w e:\windows\System32\dllcache\tdasync.sys
2009-01-03 16:40 . 2002-08-29 12:00 101376 -c--a-w e:\windows\System32\dllcache\srusbusd.dll
2009-01-03 16:40 . 2002-08-29 12:00 143422 -c--a-w e:\windows\System32\dllcache\softkey.dll
2009-01-03 16:40 . 2001-08-18 05:36 7168 -c--a-w e:\windows\System32\dllcache\EXCH_snprfdll.dll
2009-01-03 16:40 . 2002-08-29 12:00 10240 -c--a-w e:\windows\System32\dllcache\snmpstup.dll
2009-01-03 16:40 . 2001-08-18 05:36 12288 -c--a-w e:\windows\System32\dllcache\EXCH_smtpctrs.dll
2009-01-03 16:40 . 2001-08-18 05:36 9728 -c--a-w e:\windows\System32\dllcache\EXCH_smtpapi.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\smimsgif.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\smierrsy.dll
2009-01-03 16:40 . 2002-08-29 12:00 15872 -c--a-w e:\windows\System32\dllcache\smierrsm.dll
2009-01-03 16:40 . 2002-08-29 12:00 31744 -c--a-w e:\windows\System32\dllcache\smb6w.dll
2009-01-03 16:40 . 2002-08-29 12:00 31744 -c--a-w e:\windows\System32\dllcache\sma3w.dll
2009-01-03 16:40 . 2002-08-29 12:00 38912 -c--a-w e:\windows\System32\dllcache\sm9aw.dll
2009-01-03 16:40 . 2002-08-29 12:00 26624 -c--a-w e:\windows\System32\dllcache\sm93w.dll
2009-01-03 16:40 . 2002-08-29 12:00 26624 -c--a-w e:\windows\System32\dllcache\sm92w.dll
2009-01-03 16:40 . 2002-08-29 12:00 26112 -c--a-w e:\windows\System32\dllcache\sm90w.dll
2009-01-03 16:40 . 2002-08-29 12:00 26112 -c--a-w e:\windows\System32\dllcache\sm8dw.dll
2009-01-03 16:40 . 2002-08-29 12:00 29184 -c--a-w e:\windows\System32\dllcache\sm8cw.dll
2009-01-03 16:40 . 2002-08-29 12:00 26112 -c--a-w e:\windows\System32\dllcache\sm8aw.dll
2009-01-03 16:40 . 2002-08-29 12:00 26112 -c--a-w e:\windows\System32\dllcache\sm89w.dll
2009-01-03 16:40 . 2002-08-29 12:00 30208 -c--a-w e:\windows\System32\dllcache\sm87w.dll
2009-01-03 16:40 . 2002-08-29 12:00 30208 -c--a-w e:\windows\System32\dllcache\sm81w.dll
2009-01-03 16:40 . 2002-08-29 12:00 25088 -c--a-w e:\windows\System32\dllcache\sm59w.dll
2009-01-03 16:40 . 2002-08-29 12:00 18944 -c--a-w e:\windows\System32\dllcache\simptcp.dll
2009-01-03 16:40 . 2001-08-18 05:36 26112 -c--a-w e:\windows\System32\dllcache\EXCH_seos.dll
2009-01-03 16:40 . 2001-08-18 05:36 205824 -c--a-w e:\windows\System32\dllcache\EXCH_seo.dll
2009-01-03 16:40 . 2001-08-18 05:36 57856 -c--a-w e:\windows\System32\dllcache\EXCH_scripto.dll
2009-01-03 16:40 . 2001-08-18 05:36 9216 -c--a-w e:\windows\System32\dllcache\EXCH_rwnh.dll
2009-01-03 16:40 . 2002-08-29 12:00 79872 -c--a-w e:\windows\System32\dllcache\rwia330.dll
2009-01-03 16:40 . 2002-08-29 12:00 79872 -c--a-w e:\windows\System32\dllcache\rwia001.dll
2009-01-03 16:40 . 2002-08-29 12:00 26624 -c--a-w e:\windows\System32\dllcache\rw330ext.dll
2009-01-03 16:40 . 2002-08-29 12:00 24576 -c--a-w e:\windows\System32\dllcache\rw001ext.dll
2009-01-03 16:40 . 2004-08-04 06:04 26112 -c--a-w e:\windows\System32\dllcache\romanime.ime
2009-01-03 16:40 . 2001-08-18 05:36 23040 -c--a-w e:\windows\System32\dllcache\EXCH_regtrace.exe
2009-01-03 16:40 . 2002-08-29 12:00 14848 -c--a-w e:\windows\System32\dllcache\register.exe
2009-01-03 16:40 . 2002-08-29 12:00 16384 -c--a-w e:\windows\System32\dllcache\quser.exe
2009-01-03 16:40 . 2004-08-04 06:04 77824 -c--a-w e:\windows\System32\dllcache\quick.ime
2009-01-03 16:40 . 2002-08-29 12:00 9728 -c--a-w e:\windows\System32\dllcache\query.exe
2009-01-03 16:40 . 2002-08-29 12:00 131584 -c--a-w e:\windows\System32\dllcache\pmxviceo.dll
2009-01-03 16:40 . 2002-08-29 12:00 11264 -c--a-w e:\windows\System32\dllcache\pmxmcro.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\pmxgl.dll
2009-01-03 16:40 . 2002-08-29 12:00 67584 -c--a-w e:\windows\System32\dllcache\pmigrate.dll
2009-01-03 16:40 . 2002-08-29 12:00 70144 -c--a-w e:\windows\System32\dllcache\pintlphr.exe
2009-01-03 16:40 . 2004-08-04 05:31 482304 -c--a-w e:\windows\System32\dllcache\pintlgnt.ime
2009-01-03 16:40 . 2002-08-29 12:00 53760 -c--a-w e:\windows\System32\dllcache\pintlcsd.dll
2009-01-03 16:40 . 2002-08-29 12:00 175104 -c--a-w e:\windows\System32\dllcache\pintlcsa.dll
2009-01-03 16:40 . 2004-08-04 06:04 79360 -c--a-w e:\windows\System32\dllcache\phon.ime
2009-01-03 16:40 . 2002-08-29 12:00 15360 -c--a-w e:\windows\System32\dllcache\padrs804.dll
2009-01-03 16:40 . 2002-08-29 12:00 14336 -c--a-w e:\windows\System32\dllcache\padrs412.dll
2009-01-03 16:40 . 2002-08-29 12:00 36927 -c--a-w e:\windows\System32\dllcache\padrs411.dll
2009-01-03 16:40 . 2002-08-29 12:00 15872 -c--a-w e:\windows\System32\dllcache\padrs404.dll
2009-01-03 16:40 . 2001-08-18 05:36 38912 -c--a-w e:\windows\System32\dllcache\EXCH_ntfsdrv.dll
2009-01-03 16:40 . 2002-08-29 12:00 229439 -c--a-w e:\windows\System32\dllcache\multibox.dll
2009-01-03 16:40 . 2002-08-29 12:00 111104 -c--a-w e:\windows\System32\dllcache\mtstocom.exe
2009-01-03 16:40 . 2002-08-29 12:00 1875968 -c--a-w e:\windows\System32\dllcache\msir3jp.lex
2009-01-03 16:40 . 2002-08-29 12:00 98304 -c--a-w e:\windows\System32\dllcache\msir3jp.dll
2009-01-03 16:40 . 2002-08-29 12:00 92416 -c--a-w e:\windows\System32\dllcache\mga.sys
2009-01-03 16:40 . 2002-08-29 12:00 92032 -c--a-w e:\windows\System32\dllcache\mga.dll
2009-01-03 16:40 . 2001-08-18 05:36 65536 -c--a-w e:\windows\System32\dllcache\EXCH_mailmsg.dll
2009-01-03 16:40 . 2002-08-29 12:00 1158818 -c--a-w e:\windows\System32\dllcache\korwbrkr.lex
2009-01-03 16:40 . 2002-08-29 12:00 70656 -c--a-w e:\windows\System32\dllcache\korwbrkr.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdvntc.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdusa.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdurdu.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdth3.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdth2.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdth1.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdth0.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdsyr2.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdsyr1.dll
2009-01-03 16:40 . 2002-08-29 12:00 7680 -c--a-w e:\windows\System32\dllcache\kbdnecnt.dll
2009-01-03 16:40 . 2002-08-29 12:00 9216 -c--a-w e:\windows\System32\dllcache\kbdnecat.dll
2009-01-03 16:40 . 2002-08-29 12:00 7168 -c--a-w e:\windows\System32\dllcache\kbdnec95.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdlk41j.dll
2009-01-03 16:40 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdlk41a.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdintel.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdintam.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdinpun.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdinmar.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdinkan.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdinhin.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdinguj.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdindev.dll
2009-01-03 16:40 . 2002-08-29 12:00 7168 -c--a-w e:\windows\System32\dllcache\kbdibm02.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdheb.dll
2009-01-03 16:40 . 2002-08-29 12:00 5120 -c--a-w e:\windows\System32\dllcache\kbdgeo.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdfa.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbddiv2.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbddiv1.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdax2.dll
2009-01-03 16:40 . 2002-08-29 12:00 5120 -c--a-w e:\windows\System32\dllcache\kbdarmw.dll
2009-01-03 16:40 . 2002-08-29 12:00 5120 -c--a-w e:\windows\System32\dllcache\kbdarme.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbda3.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbda2.dll
2009-01-03 16:40 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbda1.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbd106n.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbd101a.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbd101.dll
2009-01-03 16:40 . 2002-08-29 12:00 18432 -c--a-w e:\windows\System32\dllcache\jupiw.dll
2009-01-03 16:40 . 2002-08-29 12:00 315452 -c--a-w e:\windows\System32\dllcache\imskf.dll
2009-01-03 16:40 . 2002-08-29 12:00 471102 -c--a-w e:\windows\System32\dllcache\imskdic.dll
2009-01-03 16:40 . 2002-08-29 12:00 59392 -c--a-w e:\windows\System32\dllcache\imscinst.exe
2009-01-03 16:40 . 2002-08-29 12:00 102456 -c--a-w e:\windows\System32\dllcache\imlang.dll
2009-01-03 16:40 . 2002-08-29 12:00 59904 -c--a-w e:\windows\System32\dllcache\imkrinst.exe
2009-01-03 16:40 . 2004-08-04 05:32 274489 -c--a-w e:\windows\System32\dllcache\imjputyc.dll
2009-01-03 16:40 . 2004-08-04 05:32 262200 -c--a-w e:\windows\System32\dllcache\imjputy.exe
2009-01-03 16:40 . 2002-08-29 12:00 45109 -c--a-w e:\windows\System32\dllcache\imjpuex.exe
2009-01-03 16:40 . 2004-08-04 05:32 233527 -c--a-w e:\windows\System32\dllcache\imjprw.exe
2009-01-03 16:40 . 2004-08-04 05:32 208952 -c--a-w e:\windows\System32\dllcache\imjpmig.exe
2009-01-03 16:40 . 2004-08-04 05:31 196665 -c--a-w e:\windows\System32\dllcache\imjpinst.exe
2009-01-03 16:40 . 2004-08-04 05:31 155705 -c--a-w e:\windows\System32\dllcache\imjpdsvr.exe
2009-01-03 16:40 . 2004-08-04 05:31 307257 -c--a-w e:\windows\System32\dllcache\imjpdct.exe
2009-01-03 16:40 . 2004-08-04 05:31 81976 -c--a-w e:\windows\System32\dllcache\imjpdct.dll
2009-01-03 16:40 . 2002-08-29 12:00 57398 -c--a-w e:\windows\System32\dllcache\imjpdadm.exe
2009-01-03 16:40 . 2004-08-04 05:31 716856 -c--a-w e:\windows\System32\dllcache\imjpcus.dll
2009-01-03 16:40 . 2004-08-04 05:31 368696 -c--a-w e:\windows\System32\dllcache\imjpcic.dll
2009-01-03 16:40 . 2004-08-04 05:31 811064 -c--a-w e:\windows\System32\dllcache\imjp81k.dll
2009-01-03 16:40 . 2004-08-04 05:31 340023 -c--a-w e:\windows\System32\dllcache\imjp81.ime
2009-01-03 16:40 . 2002-08-29 12:00 311359 -c--a-w e:\windows\System32\dllcache\imepadsv.exe
2009-01-03 16:40 . 2002-08-29 12:00 102463 -c--a-w e:\windows\System32\dllcache\imepadsm.dll
2009-01-03 16:40 . 2002-08-29 12:00 44032 -c--a-w e:\windows\System32\dllcache\imekrmig.exe
2009-01-03 16:40 . 2004-08-04 06:04 86016 -c--a-w e:\windows\System32\dllcache\imekrmbx.dll
2009-01-03 16:40 . 2004-08-04 06:04 106496 -c--a-w e:\windows\System32\dllcache\imekrcic.dll
2009-01-03 16:40 . 2004-08-04 06:04 94720 -c--a-w e:\windows\System32\dllcache\imekr61.ime
2009-01-03 16:40 . 2002-08-29 12:00 134339 -c--a-w e:\windows\System32\dllcache\imekr.lex
2009-01-03 16:40 . 2002-08-29 12:00 10129408 -c--a-w e:\windows\System32\dllcache\hwxkor.dll
2009-01-03 16:40 . 2002-08-29 12:00 13463552 -c--a-w e:\windows\System32\dllcache\hwxjpn.dll
2009-01-03 16:40 . 2002-08-29 12:00 10096640 -c--a-w e:\windows\System32\dllcache\hwxcht.dll
2009-01-03 16:40 . 2002-08-29 12:00 36864 -c--a-w e:\windows\System32\dllcache\hanjadic.dll
2009-01-03 16:40 . 2002-08-29 12:00 108827 -c--a-w e:\windows\System32\dllcache\hanja.lex
2009-01-03 16:40 . 2002-08-29 12:00 11264 -c--a-w e:\windows\System32\dllcache\fxssend.exe
2009-01-03 16:40 . 2002-08-29 12:00 31744 -c--a-w e:\windows\System32\dllcache\fxsroute.dll
2009-01-03 16:40 . 2002-08-29 12:00 132608 -c--a-w e:\windows\System32\dllcache\fxsclntr.dll
2009-01-03 16:40 . 2002-08-29 12:00 111104 -c--a-w e:\windows\System32\dllcache\fxscfgwz.dll
2009-01-03 16:40 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\ftlx041e.dll
2009-01-03 16:40 . 2002-08-29 12:00 14848 -c--a-w e:\windows\System32\dllcache\flattemp.exe
2009-01-03 16:40 . 2001-08-18 05:36 43520 -c--a-w e:\windows\System32\dllcache\EXCH_fcachdll.dll
2009-01-03 16:40 . 2002-08-29 12:00 7168 -c--a-w e:\windows\System32\dllcache\f3ahvoas.dll
2009-01-03 16:40 . 2002-08-29 12:00 25856 -c--a-w e:\windows\System32\dllcache\et4000.sys
2009-01-03 16:40 . 2002-08-29 12:00 45056 -c--a-w e:\windows\System32\dllcache\esunid.dll
2009-01-03 16:40 . 2002-08-29 12:00 57856 -c--a-w e:\windows\System32\dllcache\esuimgd.dll
2009-01-03 16:40 . 2002-08-29 12:00 31744 -c--a-w e:\windows\System32\dllcache\esucmd.dll
2009-01-03 16:40 . 2002-08-29 12:00 514587 -c--a-w e:\windows\System32\dllcache\edb500.dll
2009-01-03 16:40 . 2004-08-04 06:04 78848 -c--a-w e:\windows\System32\dllcache\dayi.ime
2009-01-03 16:40 . 2002-08-29 12:00 18944 -c--a-w e:\windows\System32\dllcache\cprofile.exe
2009-01-03 16:40 . 2004-08-04 05:31 57399 -c--a-w e:\windows\System32\dllcache\cplexe.exe
2009-01-03 16:40 . 2004-08-04 05:31 480256 -c--a-w e:\windows\System32\dllcache\cintsetp.exe
2009-01-03 16:40 . 2002-08-29 12:00 21504 -c--a-w e:\windows\System32\dllcache\cintlgnt.ime
2009-01-03 16:40 . 2004-08-04 05:31 198656 -c--a-w e:\windows\System32\dllcache\cintime.dll
2009-01-03 16:40 . 2002-08-29 12:00 173568 -c--a-w e:\windows\System32\dllcache\chtskf.dll
2009-01-03 16:40 . 2002-08-29 12:00 56320 -c--a-w e:\windows\System32\dllcache\chtskdic.dll
2009-01-03 16:40 . 2002-08-29 12:00 97792 -c--a-w e:\windows\System32\dllcache\chtmbx.dll
2009-01-03 16:40 . 2002-08-29 12:00 838144 -c--a-w e:\windows\System32\dllcache\chtbrkr.dll
2009-01-03 16:40 . 2002-08-29 12:00 1677824 -c--a-w e:\windows\System32\dllcache\chsbrkr.dll
2009-01-03 16:40 . 2002-08-29 12:00 14336 -c--a-w e:\windows\System32\dllcache\chgusr.exe
2009-01-03 16:40 . 2002-08-29 12:00 15872 -c--a-w e:\windows\System32\dllcache\chgport.exe
2009-01-03 16:40 . 2002-08-29 12:00 13312 -c--a-w e:\windows\System32\dllcache\chglogon.exe
2009-01-03 16:40 . 2002-08-29 12:00 9728 -c--a-w e:\windows\System32\dllcache\change.exe
2009-01-03 16:40 . 2004-08-04 06:04 78336 -c--a-w e:\windows\System32\dllcache\chajei.ime
2009-01-03 16:40 . 2002-08-29 12:00 54528 -c--a-w e:\windows\System32\dllcache\cap7146.sys
2009-01-03 16:40 . 2002-08-29 12:00 10752 -c--a-w e:\windows\System32\dllcache\c_iscii.dll
2009-01-03 16:40 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\c_is2022.dll
2009-01-03 16:40 . 2002-08-29 12:00 218112 -c--a-w e:\windows\System32\dllcache\c_g18030.dll
2009-01-03 16:40 . 2001-08-18 05:36 312832 -c--a-w e:\windows\System32\dllcache\EXCH_aqueue.dll
2009-01-03 16:40 . 2001-08-18 05:36 45056 -c--a-w e:\windows\System32\dllcache\EXCH_aqadmin.dll
2009-01-03 16:40 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0804.dll
2009-01-03 16:40 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0412.dll
2009-01-03 16:40 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0411.dll
2009-01-03 16:40 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt040d.dll
2009-01-03 16:40 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0404.dll
2009-01-03 16:40 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0401.dll
2009-01-03 16:40 . 2001-08-18 05:36 5632 -c--a-w e:\windows\System32\dllcache\EXCH_adsiisex.dll
2009-01-03 16:40 . 2001-08-18 05:36 2134528 -c--a-w e:\windows\System32\dllcache\EXCH_smtpsnap.dll
2009-01-03 16:40 . 2001-08-18 05:36 175104 -c--a-w e:\windows\System32\dllcache\EXCH_smtpadm.dll
2009-01-03 16:39 . 2009-01-03 19:26 2620 ----a-w e:\windows\System32\CONFIG.NT
2009-01-03 16:39 . 2009-01-03 16:44 25065 ----a-w e:\windows\System32\wmpscheme.xml
2009-01-03 16:39 . 2009-01-05 04:28 16832 ----a-w e:\windows\System32\amcompat.tlb
2009-01-03 16:39 . 2009-01-05 04:28 23392 ----a-w e:\windows\System32\nscompat.tlb
2009-01-03 16:39 . 2002-08-29 12:00 233472 ----a-w e:\windows\System32\ias\ias.mdb
2009-01-03 16:39 . 2009-01-03 16:39 488 ---ha-r e:\windows\System32\logonui.exe.manifest
2009-01-03 16:39 . 2009-01-03 16:39 488 ---ha-r e:\windows\System32\WindowsLogon.manifest
2009-01-03 16:39 . 2009-01-03 16:39 749 ---ha-r e:\windows\System32\cdplayer.exe.manifest
2009-01-03 16:39 . 2009-01-03 16:39 749 ---ha-r e:\windows\System32\ncpa.cpl.manifest
2009-01-03 16:39 . 2009-01-03 16:39 749 ---ha-r e:\windows\System32\nwc.cpl.manifest
2009-01-03 16:39 . 2009-01-03 16:39 749 ---ha-r e:\windows\System32\sapi.cpl.manifest
2009-01-03 16:39 . 2009-01-03 16:39 749 ---ha-r e:\windows\System32\wuaucpl.cpl.manifest
2009-01-03 16:38 . 2002-08-29 12:00 4399505 -c--a-w e:\windows\System32\dllcache\nls302en.lex

Report •

#26
April 19, 2009 at 16:03:44
2009-01-03 16:38 . 2002-08-29 12:00 4069 ----a-w e:\windows\System32\DirectX\Dinput\actc094.ini
2009-01-03 16:38 . 2002-08-29 12:00 96731 ----a-w e:\windows\System32\DirectX\Dinput\act_rs.png
2009-01-03 16:38 . 2002-08-29 12:00 27459 ----a-w e:\windows\System32\DirectX\Dinput\gr4001_g.png
2009-01-03 16:38 . 2002-08-29 12:00 14416 ----a-w e:\windows\System32\DirectX\Dinput\gr4001_g.ini
2009-01-03 16:38 . 2002-08-29 12:00 31621 ----a-w e:\windows\System32\DirectX\Dinput\gr4001.png
2009-01-03 16:38 . 2002-08-29 12:00 16226 ----a-w e:\windows\System32\DirectX\Dinput\gr4001.ini
2009-01-03 16:38 . 2002-08-29 12:00 34022 ----a-w e:\windows\System32\DirectX\Dinput\gr4005.png
2009-01-03 16:38 . 2002-08-29 12:00 2142 ----a-w e:\windows\System32\DirectX\Dinput\gr4005.ini
2009-01-03 16:38 . 2002-08-29 12:00 3865 ----a-w e:\windows\System32\DirectX\Dinput\gr3001_g.ini
2009-01-03 16:38 . 2002-08-29 12:00 37743 ----a-w e:\windows\System32\DirectX\Dinput\gr3001.png
2009-01-03 16:38 . 2002-08-29 12:00 5013 ----a-w e:\windows\System32\DirectX\Dinput\gr3001.ini
2009-01-03 16:38 . 2002-08-29 12:00 30100 ----a-w e:\windows\System32\DirectX\Dinput\gr4003.png
2009-01-03 16:38 . 2002-08-29 12:00 3529 ----a-w e:\windows\System32\DirectX\Dinput\gr4003.ini
2009-01-03 16:38 . 2002-08-29 12:00 3638 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_t.png
2009-01-03 16:38 . 2002-08-29 12:00 3431 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_m.png
2009-01-03 16:38 . 2002-08-29 12:00 7794 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_c.png
2009-01-03 16:38 . 2002-08-29 12:00 4381 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_a.png
2009-01-03 16:38 . 2002-08-29 12:00 2387 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_4.png
2009-01-03 16:38 . 2002-08-29 12:00 2313 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_3.png
2009-01-03 16:38 . 2002-08-29 12:00 2534 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_2.png
2009-01-03 16:38 . 2002-08-29 12:00 3109 ----a-w e:\windows\System32\DirectX\Dinput\ms3b_1.png
2009-01-03 16:38 . 2002-08-29 12:00 2078 ----a-w e:\windows\System32\DirectX\Dinput\ms3b.ini
2009-01-03 16:38 . 2002-08-29 12:00 43640 ----a-w e:\windows\System32\DirectX\Dinput\ms3b.png
2009-01-03 16:38 . 2002-08-29 12:00 1111 ----a-w e:\windows\System32\DirectX\Dinput\ms27_5.png
2009-01-03 16:38 . 2002-08-29 12:00 1136 ----a-w e:\windows\System32\DirectX\Dinput\ms27_4.png
2009-01-03 16:38 . 2002-08-29 12:00 1334 ----a-w e:\windows\System32\DirectX\Dinput\ms27_3.png
2009-01-03 16:38 . 2002-08-29 12:00 1389 ----a-w e:\windows\System32\DirectX\Dinput\ms27_2.png
2009-01-03 16:38 . 2002-08-29 12:00 3396 ----a-w e:\windows\System32\DirectX\Dinput\ms27_1.png
2009-01-03 16:38 . 2002-08-29 12:00 4510 ----a-w e:\windows\System32\DirectX\Dinput\ms27.ini
2009-01-03 16:38 . 2002-08-29 12:00 63020 ----a-w e:\windows\System32\DirectX\Dinput\ms27.png
2009-01-03 16:38 . 2002-08-29 12:00 1228 ----a-w e:\windows\System32\DirectX\Dinput\ms28_7.png
2009-01-03 16:38 . 2002-08-29 12:00 1135 ----a-w e:\windows\System32\DirectX\Dinput\ms28_6.png
2009-01-03 16:38 . 2002-08-29 12:00 1073 ----a-w e:\windows\System32\DirectX\Dinput\ms28_5.png
2009-01-03 16:38 . 2002-08-29 12:00 1014 ----a-w e:\windows\System32\DirectX\Dinput\ms28_4.png
2009-01-03 16:38 . 2002-08-29 12:00 883 ----a-w e:\windows\System32\DirectX\Dinput\ms28_3.png
2009-01-03 16:38 . 2002-08-29 12:00 932 ----a-w e:\windows\System32\DirectX\Dinput\ms28_2.png
2009-01-03 16:38 . 2002-08-29 12:00 790 ----a-w e:\windows\System32\DirectX\Dinput\ms28_1.png
2009-01-03 16:38 . 2002-08-29 12:00 68342 ----a-w e:\windows\System32\DirectX\Dinput\ms28.png
2009-01-03 16:38 . 2002-08-29 12:00 4372 ----a-w e:\windows\System32\DirectX\Dinput\ms28_8.png
2009-01-03 16:38 . 2002-08-29 12:00 3203 ----a-w e:\windows\System32\DirectX\Dinput\ms28.ini
2009-01-03 16:38 . 2002-08-29 12:00 1476 ----a-w e:\windows\System32\DirectX\Dinput\msprw_8.png
2009-01-03 16:38 . 2002-08-29 12:00 1697 ----a-w e:\windows\System32\DirectX\Dinput\msprw_7.png
2009-01-03 16:38 . 2002-08-29 12:00 1380 ----a-w e:\windows\System32\DirectX\Dinput\msprw_6.png
2009-01-03 16:38 . 2002-08-29 12:00 1423 ----a-w e:\windows\System32\DirectX\Dinput\msprw_5.png
2009-01-03 16:38 . 2002-08-29 12:00 1365 ----a-w e:\windows\System32\DirectX\Dinput\msprw_4.png
2009-01-03 16:38 . 2002-08-29 12:00 1444 ----a-w e:\windows\System32\DirectX\Dinput\msprw_3.png
2009-01-03 16:38 . 2002-08-29 12:00 6043 ----a-w e:\windows\System32\DirectX\Dinput\msprw_2.png
2009-01-03 16:38 . 2002-08-29 12:00 4040 ----a-w e:\windows\System32\DirectX\Dinput\msprw_1.png
2009-01-03 16:38 . 2002-08-29 12:00 51544 ----a-w e:\windows\System32\DirectX\Dinput\msprw.png
2009-01-03 16:38 . 2002-08-29 12:00 3951 ----a-w e:\windows\System32\DirectX\Dinput\msprw.ini
2009-01-03 16:38 . 2002-08-29 12:00 885 ----a-w e:\windows\System32\DirectX\Dinput\ms56_10.png
2009-01-03 16:38 . 2002-08-29 12:00 864 ----a-w e:\windows\System32\DirectX\Dinput\ms56_9.png
2009-01-03 16:38 . 2002-08-29 12:00 743 ----a-w e:\windows\System32\DirectX\Dinput\ms56_8.png
2009-01-03 16:38 . 2002-08-29 12:00 846 ----a-w e:\windows\System32\DirectX\Dinput\ms56_7.png
2009-01-03 16:38 . 2002-08-29 12:00 496 ----a-w e:\windows\System32\DirectX\Dinput\ms56_6.png
2009-01-03 16:38 . 2002-08-29 12:00 523 ----a-w e:\windows\System32\DirectX\Dinput\ms56_5.png
2009-01-03 16:38 . 2002-08-29 12:00 937 ----a-w e:\windows\System32\DirectX\Dinput\ms56_4.png
2009-01-03 16:38 . 2002-08-29 12:00 990 ----a-w e:\windows\System32\DirectX\Dinput\ms56_3.png
2009-01-03 16:38 . 2002-08-29 12:00 862 ----a-w e:\windows\System32\DirectX\Dinput\ms56_2.png
2009-01-03 16:38 . 2002-08-29 12:00 2796 ----a-w e:\windows\System32\DirectX\Dinput\ms56_1.png
2009-01-03 16:38 . 2002-08-29 12:00 59623 ----a-w e:\windows\System32\DirectX\Dinput\ms56.png
2009-01-03 16:38 . 2002-08-29 12:00 5848 ----a-w e:\windows\System32\DirectX\Dinput\ms56.ini
2009-01-03 16:38 . 2002-08-29 12:00 832 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_10.png
2009-01-03 16:38 . 2002-08-29 12:00 765 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_9.png
2009-01-03 16:38 . 2002-08-29 12:00 870 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_8.png
2009-01-03 16:38 . 2002-08-29 12:00 850 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_7.png
2009-01-03 16:38 . 2002-08-29 12:00 947 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_6.png
2009-01-03 16:38 . 2002-08-29 12:00 646 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_5.png
2009-01-03 16:38 . 2002-08-29 12:00 639 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_4.png
2009-01-03 16:38 . 2002-08-29 12:00 891 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_3.png
2009-01-03 16:38 . 2002-08-29 12:00 1125 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_2.png
2009-01-03 16:38 . 2002-08-29 12:00 1293 ----a-w e:\windows\System32\DirectX\Dinput\msf1f_1.png
2009-01-03 16:38 . 2002-08-29 12:00 60612 ----a-w e:\windows\System32\DirectX\Dinput\msf1f.png
2009-01-03 16:38 . 2002-08-29 12:00 5915 ----a-w e:\windows\System32\DirectX\Dinput\msf1f.ini
2009-01-03 16:38 . 2002-08-29 12:00 1414 ----a-w e:\windows\System32\DirectX\Dinput\ms6_10.png
2009-01-03 16:38 . 2002-08-29 12:00 2436 ----a-w e:\windows\System32\DirectX\Dinput\ms6_9.png
2009-01-03 16:38 . 2002-08-29 12:00 757 ----a-w e:\windows\System32\DirectX\Dinput\ms6_8.png
2009-01-03 16:38 . 2002-08-29 12:00 774 ----a-w e:\windows\System32\DirectX\Dinput\ms6_7.png
2009-01-03 16:38 . 2002-08-29 12:00 753 ----a-w e:\windows\System32\DirectX\Dinput\ms6_6.png
2009-01-03 16:38 . 2002-08-29 12:00 792 ----a-w e:\windows\System32\DirectX\Dinput\ms6_5.png
2009-01-03 16:38 . 2002-08-29 12:00 511 ----a-w e:\windows\System32\DirectX\Dinput\ms6_4.png
2009-01-03 16:38 . 2002-08-29 12:00 510 ----a-w e:\windows\System32\DirectX\Dinput\ms6_3.png
2009-01-03 16:38 . 2002-08-29 12:00 681 ----a-w e:\windows\System32\DirectX\Dinput\ms6_2.png
2009-01-03 16:38 . 2002-08-29 12:00 1130 ----a-w e:\windows\System32\DirectX\Dinput\ms6_1.png
2009-01-03 16:38 . 2002-08-29 12:00 58484 ----a-w e:\windows\System32\DirectX\Dinput\ms6.png
2009-01-03 16:38 . 2002-08-29 12:00 5171 ----a-w e:\windows\System32\DirectX\Dinput\ms6.ini
2009-01-03 16:38 . 2002-08-29 12:00 1207 ----a-w e:\windows\System32\DirectX\Dinput\ms7_9.png
2009-01-03 16:38 . 2002-08-29 12:00 829 ----a-w e:\windows\System32\DirectX\Dinput\ms7_8.png
2009-01-03 16:38 . 2002-08-29 12:00 1071 ----a-w e:\windows\System32\DirectX\Dinput\ms7_7.png
2009-01-03 16:38 . 2002-08-29 12:00 982 ----a-w e:\windows\System32\DirectX\Dinput\ms7_6.png
2009-01-03 16:38 . 2002-08-29 12:00 963 ----a-w e:\windows\System32\DirectX\Dinput\ms7_5.png
2009-01-03 16:38 . 2002-08-29 12:00 1301 ----a-w e:\windows\System32\DirectX\Dinput\ms7_4.png
2009-01-03 16:38 . 2002-08-29 12:00 1278 ----a-w e:\windows\System32\DirectX\Dinput\ms7_3.png
2009-01-03 16:38 . 2002-08-29 12:00 1254 ----a-w e:\windows\System32\DirectX\Dinput\ms7_2.png
2009-01-03 16:38 . 2002-08-29 12:00 4412 ----a-w e:\windows\System32\DirectX\Dinput\ms7_1.png
2009-01-03 16:38 . 2002-08-29 12:00 65985 ----a-w e:\windows\System32\DirectX\Dinput\ms7.png
2009-01-03 16:38 . 2002-08-29 12:00 3068 ----a-w e:\windows\System32\DirectX\Dinput\ms7_g.ini
2009-01-03 16:38 . 2002-08-29 12:00 3106 ----a-w e:\windows\System32\DirectX\Dinput\ms7.ini
2009-01-03 16:38 . 2002-08-29 12:00 1518 ----a-w e:\windows\System32\DirectX\Dinput\ms8_10.png
2009-01-03 16:38 . 2002-08-29 12:00 769 ----a-w e:\windows\System32\DirectX\Dinput\ms8_9.png
2009-01-03 16:38 . 2002-08-29 12:00 769 ----a-w e:\windows\System32\DirectX\Dinput\ms8_8.png
2009-01-03 16:38 . 2002-08-29 12:00 748 ----a-w e:\windows\System32\DirectX\Dinput\ms8_7.png
2009-01-03 16:38 . 2002-08-29 12:00 715 ----a-w e:\windows\System32\DirectX\Dinput\ms8_6.png
2009-01-03 16:38 . 2002-08-29 12:00 495 ----a-w e:\windows\System32\DirectX\Dinput\ms8_5.png
2009-01-03 16:38 . 2002-08-29 12:00 450 ----a-w e:\windows\System32\DirectX\Dinput\ms8_4.png
2009-01-03 16:38 . 2002-08-29 12:00 1091 ----a-w e:\windows\System32\DirectX\Dinput\ms8_3.png
2009-01-03 16:38 . 2002-08-29 12:00 681 ----a-w e:\windows\System32\DirectX\Dinput\ms8_2.png
2009-01-03 16:38 . 2002-08-29 12:00 2355 ----a-w e:\windows\System32\DirectX\Dinput\ms8_1.png
2009-01-03 16:38 . 2002-08-29 12:00 55905 ----a-w e:\windows\System32\DirectX\Dinput\ms8.png
2009-01-03 16:38 . 2002-08-29 12:00 5832 ----a-w e:\windows\System32\DirectX\Dinput\ms8_g.ini
2009-01-03 16:38 . 2002-08-29 12:00 6073 ----a-w e:\windows\System32\DirectX\Dinput\ms8.ini
2009-01-03 16:38 . 2002-08-29 12:00 1113 ----a-w e:\windows\System32\DirectX\Dinput\mse_10.png
2009-01-03 16:38 . 2002-08-29 12:00 1721 ----a-w e:\windows\System32\DirectX\Dinput\mse_9.png
2009-01-03 16:38 . 2002-08-29 12:00 892 ----a-w e:\windows\System32\DirectX\Dinput\mse_8.png
2009-01-03 16:38 . 2002-08-29 12:00 1277 ----a-w e:\windows\System32\DirectX\Dinput\mse_7.png
2009-01-03 16:38 . 2002-08-29 12:00 1241 ----a-w e:\windows\System32\DirectX\Dinput\mse_6.png
2009-01-03 16:38 . 2002-08-29 12:00 1322 ----a-w e:\windows\System32\DirectX\Dinput\mse_5.png
2009-01-03 16:38 . 2002-08-29 12:00 1154 ----a-w e:\windows\System32\DirectX\Dinput\mse_4.png
2009-01-03 16:38 . 2002-08-29 12:00 1294 ----a-w e:\windows\System32\DirectX\Dinput\mse_3.png
2009-01-03 16:38 . 2002-08-29 12:00 1204 ----a-w e:\windows\System32\DirectX\Dinput\mse_2.png
2009-01-03 16:38 . 2002-08-29 12:00 3973 ----a-w e:\windows\System32\DirectX\Dinput\mse_1.png
2009-01-03 16:38 . 2002-08-29 12:00 69437 ----a-w e:\windows\System32\DirectX\Dinput\mse.png
2009-01-03 16:38 . 2002-08-29 12:00 4543 ----a-w e:\windows\System32\DirectX\Dinput\mse.ini
2009-01-03 16:38 . 2002-08-29 12:00 6085 ----a-w e:\windows\System32\DirectX\Dinput\mse_g.ini
2009-01-03 16:38 . 2002-08-29 12:00 910 ----a-w e:\windows\System32\DirectX\Dinput\ms26_08.png
2009-01-03 16:38 . 2002-08-29 12:00 962 ----a-w e:\windows\System32\DirectX\Dinput\ms26_07.png
2009-01-03 16:38 . 2002-08-29 12:00 1099 ----a-w e:\windows\System32\DirectX\Dinput\ms26_06.png
2009-01-03 16:38 . 2002-08-29 12:00 1132 ----a-w e:\windows\System32\DirectX\Dinput\ms26_05.png
2009-01-03 16:38 . 2002-08-29 12:00 1150 ----a-w e:\windows\System32\DirectX\Dinput\ms26_04.png
2009-01-03 16:38 . 2002-08-29 12:00 1216 ----a-w e:\windows\System32\DirectX\Dinput\ms26_03.png
2009-01-03 16:38 . 2002-08-29 12:00 1535 ----a-w e:\windows\System32\DirectX\Dinput\ms26_02.png
2009-01-03 16:38 . 2002-08-29 12:00 3084 ----a-w e:\windows\System32\DirectX\Dinput\ms26_01.png
2009-01-03 16:38 . 2002-08-29 12:00 66085 ----a-w e:\windows\System32\DirectX\Dinput\ms26.png
2009-01-03 16:38 . 2002-08-29 12:00 8389 ----a-w e:\windows\System32\DirectX\Dinput\ms26.ini
2009-01-03 16:38 . 2002-08-29 12:00 641 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_10.png
2009-01-03 16:38 . 2002-08-29 12:00 645 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_09.png
2009-01-03 16:38 . 2002-08-29 12:00 576 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_08.png
2009-01-03 16:38 . 2002-08-29 12:00 575 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_07.png
2009-01-03 16:38 . 2002-08-29 12:00 406 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_06.png
2009-01-03 16:38 . 2002-08-29 12:00 380 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_05.png
2009-01-03 16:38 . 2002-08-29 12:00 788 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_04.png
2009-01-03 16:38 . 2002-08-29 12:00 581 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_03.png
2009-01-03 16:38 . 2002-08-29 12:00 739 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_02.png
2009-01-03 16:38 . 2002-08-29 12:00 2018 ----a-w e:\windows\System32\DirectX\Dinput\ms1b_01.png
2009-01-03 16:38 . 2002-08-29 12:00 50325 ----a-w e:\windows\System32\DirectX\Dinput\ms1b.png
2009-01-03 16:38 . 2002-08-29 12:00 14450 ----a-w e:\windows\System32\DirectX\Dinput\ms1b.ini
2009-01-03 16:38 . 2002-08-29 12:00 585 ----a-w e:\windows\System32\DirectX\Dinput\ms34_08.png
2009-01-03 16:38 . 2002-08-29 12:00 592 ----a-w e:\windows\System32\DirectX\Dinput\ms34_07.png
2009-01-03 16:38 . 2002-08-29 12:00 575 ----a-w e:\windows\System32\DirectX\Dinput\ms34_06.png
2009-01-03 16:38 . 2002-08-29 12:00 1152 ----a-w e:\windows\System32\DirectX\Dinput\ms34_05.png
2009-01-03 16:38 . 2002-08-29 12:00 1006 ----a-w e:\windows\System32\DirectX\Dinput\ms34_04.png
2009-01-03 16:38 . 2002-08-29 12:00 595 ----a-w e:\windows\System32\DirectX\Dinput\ms34_03.png
2009-01-03 16:38 . 2002-08-29 12:00 3382 ----a-w e:\windows\System32\DirectX\Dinput\ms34_02.png
2009-01-03 16:38 . 2002-08-29 12:00 5085 ----a-w e:\windows\System32\DirectX\Dinput\ms34_01.png
2009-01-03 16:38 . 2002-08-29 12:00 58085 ----a-w e:\windows\System32\DirectX\Dinput\ms34.png
2009-01-03 16:38 . 2002-08-29 12:00 6761 ----a-w e:\windows\System32\DirectX\Dinput\ms34.ini
2009-01-03 16:38 . 2002-08-29 12:00 29503 ----a-w e:\windows\System32\DirectX\Dinput\lgc291.png
2009-01-03 16:38 . 2002-08-29 12:00 2409 ----a-w e:\windows\System32\DirectX\Dinput\lgc291.ini
2009-01-03 16:38 . 2002-08-29 12:00 39453 ----a-w e:\windows\System32\DirectX\Dinput\lgc20a.png
2009-01-03 16:38 . 2002-08-29 12:00 6735 ----a-w e:\windows\System32\DirectX\Dinput\lgc20a.ini
2009-01-03 16:38 . 2002-08-29 12:00 38899 ----a-w e:\windows\System32\DirectX\Dinput\lgc209.png
2009-01-03 16:38 . 2002-08-29 12:00 3971 ----a-w e:\windows\System32\DirectX\Dinput\lgc209.ini
2009-01-03 16:38 . 2002-08-29 12:00 36408 ----a-w e:\windows\System32\DirectX\Dinput\lgc207.png
2009-01-03 16:38 . 2002-08-29 12:00 13610 ----a-w e:\windows\System32\DirectX\Dinput\lgc207.ini
2009-01-03 16:38 . 2002-08-29 12:00 31539 ----a-w e:\windows\System32\DirectX\Dinput\lgc202.png
2009-01-03 16:38 . 2002-08-29 12:00 5809 ----a-w e:\windows\System32\DirectX\Dinput\lgc202.ini
2009-01-03 16:38 . 2002-08-29 12:00 51179 ----a-w e:\windows\System32\DirectX\Dinput\ia3002_2.png
2009-01-03 16:38 . 2002-08-29 12:00 59005 ----a-w e:\windows\System32\DirectX\Dinput\ia3002_1.png
2009-01-03 16:38 . 2002-08-29 12:00 11865 ----a-w e:\windows\System32\DirectX\Dinput\ia3002.ini
2009-01-03 16:38 . 2002-08-29 12:00 90339 ----a-w e:\windows\System32\DirectX\Dinput\sv2512.png
2009-01-03 16:38 . 2002-08-29 12:00 42674 ----a-w e:\windows\System32\DirectX\Dinput\sv2511.png
2009-01-03 16:38 . 2002-08-29 12:00 24142 ----a-w e:\windows\System32\DirectX\Dinput\raiderpd.ini
2009-01-03 16:38 . 2002-08-29 12:00 92178 ----a-w e:\windows\System32\DirectX\Dinput\SV-262e4.png
2009-01-03 16:38 . 2002-08-29 12:00 53104 ----a-w e:\windows\System32\DirectX\Dinput\SV-262e3.png
2009-01-03 16:38 . 2002-08-29 12:00 52876 ----a-w e:\windows\System32\DirectX\Dinput\SV-262e1.png
2009-01-03 16:38 . 2002-08-29 12:00 18594 ----a-w e:\windows\System32\DirectX\Dinput\hammer.ini
2009-01-03 16:38 . 2002-08-29 12:00 73786 ----a-w e:\windows\System32\DirectX\Dinput\glmdiggp.png
2009-01-03 16:38 . 2002-08-29 12:00 11886 ----a-w e:\windows\System32\DirectX\Dinput\glmdiggp.ini
2009-01-03 16:38 . 2002-08-29 12:00 74585 ----a-w e:\windows\System32\DirectX\Dinput\glmda.png
2009-01-03 16:38 . 2002-08-29 12:00 13804 ----a-w e:\windows\System32\DirectX\Dinput\glmda.ini
2009-01-03 16:38 . 2002-08-29 12:00 3621 ----a-w e:\windows\System32\oobe\html\sconnect\scntlast.htm
2009-01-03 16:38 . 2002-08-29 12:00 3332 ----a-w e:\windows\System32\oobe\html\sconnect\sconnect.htm
2009-01-03 16:38 . 2002-08-29 12:00 5183 ----a-w e:\windows\System32\oobe\html\isptype\isptype.htm
2009-01-03 16:38 . 2002-08-29 12:00 6445 ----a-w e:\windows\System32\oobe\html\dslmain\dsl_b.htm
2009-01-03 16:38 . 2002-08-29 12:00 7746 ----a-w e:\windows\System32\oobe\html\dslmain\dsl_a.htm
2009-01-03 16:38 . 2002-08-29 12:00 4587 ----a-w e:\windows\System32\oobe\html\dslmain\dslmain.htm
2009-01-03 16:38 . 2002-08-29 12:00 3362 ----a-w e:\windows\System32\oobe\html\iconnect\icntlast.htm
2009-01-03 16:38 . 2002-08-29 12:00 11205 ----a-w e:\windows\System32\oobe\html\iconnect\iconnect.htm
2009-01-03 16:38 . 2004-08-04 05:03 17301 ----a-w e:\windows\System32\oobe\setup\welcome.htm
2009-01-03 16:38 . 2002-08-29 12:00 5932 ----a-w e:\windows\System32\oobe\setup\username.htm
2009-01-03 16:38 . 2002-08-29 12:00 3099 ----a-w e:\windows\System32\oobe\setup\timezone.htm
2009-01-03 16:38 . 2002-08-29 12:00 3700 ----a-w e:\windows\System32\oobe\setup\security.htm
2009-01-03 16:38 . 2002-08-29 12:00 2411 ----a-w e:\windows\System32\oobe\setup\regdial.htm
2009-01-03 16:38 . 2002-08-29 12:00 8477 ----a-w e:\windows\System32\oobe\setup\reg3.htm
2009-01-03 16:38 . 2002-08-29 12:00 6457 ----a-w e:\windows\System32\oobe\setup\reg1.htm
2009-01-03 16:38 . 2002-08-29 12:00 9849 ----a-w e:\windows\System32\oobe\setup\refdial.htm
2009-01-03 16:38 . 2002-08-29 12:00 4864 ----a-w e:\windows\System32\oobe\setup\prvcyms.htm
2009-01-03 16:38 . 2002-08-29 12:00 10971 ----a-w e:\windows\System32\oobe\setup\prodkey.htm
2009-01-03 16:38 . 2002-08-29 12:00 2153 ----a-w e:\windows\System32\oobe\setup\oempriv.htm
2009-01-03 16:38 . 2002-08-29 12:00 3214 ----a-w e:\windows\System32\oobe\setup\neweula2.htm
2009-01-03 16:38 . 2002-08-29 12:00 3619 ----a-w e:\windows\System32\oobe\setup\migpage.htm
2009-01-03 16:38 . 2002-08-29 12:00 4353 ----a-w e:\windows\System32\oobe\setup\miglist.htm
2009-01-03 16:38 . 2002-08-29 12:00 2268 ----a-w e:\windows\System32\oobe\setup\migdial.htm
2009-01-03 16:38 . 2002-08-29 12:00 2865 ----a-w e:\windows\System32\oobe\setup\keybdcmt.htm
2009-01-03 16:38 . 2002-08-29 12:00 4288 ----a-w e:\windows\System32\oobe\setup\keybd.htm
2009-01-03 16:38 . 2002-08-29 12:00 3306 ----a-w e:\windows\System32\oobe\setup\jndom_a.htm
2009-01-03 16:38 . 2002-08-29 12:00 4072 ----a-w e:\windows\System32\oobe\setup\jndomain.htm
2009-01-03 16:38 . 2002-08-29 12:00 1143 ----a-w e:\windows\System32\oobe\setup\ispwait.htm
2009-01-03 16:38 . 2002-08-29 12:00 4739 ----a-w e:\windows\System32\oobe\setup\isp.htm
2009-01-03 16:38 . 2002-08-29 12:00 8348 ----a-w e:\windows\System32\oobe\setup\ident2.htm
2009-01-03 16:38 . 2002-08-29 12:00 3728 ----a-w e:\windows\System32\oobe\setup\ident1.htm
2009-01-03 16:38 . 2004-08-04 05:03 7608 ----a-w e:\windows\System32\oobe\setup\ics.htm
2009-01-03 16:38 . 2002-08-29 12:00 3394 ----a-w e:\windows\System32\oobe\setup\iconn.htm
2009-01-03 16:38 . 2002-08-29 12:00 2549 ----a-w e:\windows\System32\oobe\setup\hnwprmpt.htm
2009-01-03 16:38 . 2002-08-29 12:00 3216 ----a-w e:\windows\System32\oobe\setup\fini.htm
2009-01-03 16:38 . 2002-08-29 12:00 926 ----a-w e:\windows\System32\oobe\setup\dtiwait.htm
2009-01-03 16:38 . 2002-08-29 12:00 7325 ----a-w e:\windows\System32\oobe\setup\drdyref.htm
2009-01-03 16:38 . 2002-08-29 12:00 5337 ----a-w e:\windows\System32\oobe\setup\drdyoem.htm
2009-01-03 16:38 . 2002-08-29 12:00 5356 ----a-w e:\windows\System32\oobe\setup\drdymig.htm
2009-01-03 16:38 . 2002-08-29 12:00 5462 ----a-w e:\windows\System32\oobe\setup\drdyisp.htm
2009-01-03 16:38 . 2002-08-29 12:00 2171 ----a-w e:\windows\System32\oobe\setup\dialup.htm
2009-01-03 16:38 . 2002-08-29 12:00 5404 ----a-w e:\windows\System32\oobe\setup\compname.htm
2009-01-03 16:38 . 2002-08-29 12:00 3615 ----a-w e:\windows\System32\oobe\setup\badeula.htm
2009-01-03 16:38 . 2002-08-29 12:00 4101 ----a-w e:\windows\System32\oobe\setup\badpkey.htm
2009-01-03 16:38 . 2002-08-29 12:00 7132 ----a-w e:\windows\System32\oobe\setup\oobestyl.css
2009-01-03 16:38 . 2002-08-29 12:00 4138 ----a-w e:\windows\System32\oobe\setup\activate.htm
2009-01-03 16:38 . 2002-08-29 12:00 3815 ----a-w e:\windows\System32\oobe\setup\acterror.htm
2009-01-03 16:38 . 2002-08-29 12:00 4200 ----a-w e:\windows\System32\oobe\setup\act_plcy.htm
2009-01-03 16:38 . 2002-08-29 12:00 2329 ----a-w e:\windows\System32\oobe\isperror\ispsbusy.htm
2009-01-03 16:38 . 2002-08-29 12:00 6180 ----a-w e:\windows\System32\oobe\isperror\ispphbsy.htm
2009-01-03 16:38 . 2002-08-29 12:00 6494 ----a-w e:\windows\System32\oobe\isperror\ispnoanw.htm
2009-01-03 16:38 . 2002-08-29 12:00 2542 ----a-w e:\windows\System32\oobe\isperror\ispins.htm
2009-01-03 16:38 . 2002-08-29 12:00 2310 ----a-w e:\windows\System32\oobe\isperror\isphdshk.htm
2009-01-03 16:38 . 2002-08-29 12:00 2200 ----a-w e:\windows\System32\oobe\isperror\isppberr.htm
2009-01-03 16:38 . 2002-08-29 12:00 3015 ----a-w e:\windows\System32\oobe\isperror\ispdtone.htm
2009-01-03 16:38 . 2002-08-29 12:00 3359 ----a-w e:\windows\System32\oobe\isperror\ispcnerr.htm
2009-01-03 16:38 . 2002-08-29 12:00 3286 ----a-w e:\windows\System32\oobe\icserror\icsdc.htm
2009-01-03 16:38 . 2002-08-29 12:00 30177 ----a-w e:\windows\System32\oobe\html\mouse\images\veronam.jpg
2009-01-03 16:38 . 2002-08-29 12:00 52203 ----a-w e:\windows\System32\oobe\html\mouse\images\verona.jpg
2009-01-03 16:38 . 2002-08-29 12:00 27707 ----a-w e:\windows\System32\oobe\html\mouse\images\venicem.jpg
2009-01-03 16:38 . 2002-08-29 12:00 49251 ----a-w e:\windows\System32\oobe\html\mouse\images\venice.jpg
2009-01-03 16:38 . 2002-08-29 12:00 33735 ----a-w e:\windows\System32\oobe\html\mouse\images\tyrolm.jpg
2009-01-03 16:38 . 2002-08-29 12:00 63016 ----a-w e:\windows\System32\oobe\html\mouse\images\tyrol.jpg
2009-01-03 16:38 . 2002-08-29 12:00 23646 ----a-w e:\windows\System32\oobe\html\mouse\images\praguem.jpg
2009-01-03 16:38 . 2002-08-29 12:00 38850 ----a-w e:\windows\System32\oobe\html\mouse\images\prague.jpg
2009-01-03 16:38 . 2002-08-29 12:00 22602 ----a-w e:\windows\System32\oobe\html\mouse\images\pisam.jpg
2009-01-03 16:38 . 2002-08-29 12:00 39156 ----a-w e:\windows\System32\oobe\html\mouse\images\pisa.jpg
2009-01-03 16:38 . 2002-08-29 12:00 25628 ----a-w e:\windows\System32\oobe\html\mouse\images\parism.jpg
2009-01-03 16:38 . 2002-08-29 12:00 42189 ----a-w e:\windows\System32\oobe\html\mouse\images\paris.jpg
2009-01-03 16:38 . 2002-08-29 12:00 4361 ----a-w e:\windows\System32\oobe\html\mouse\images\mouseimg.gif
2009-01-03 16:38 . 2002-08-29 12:00 47282 ----a-w e:\windows\System32\oobe\html\mouse\images\mouse4.gif
2009-01-03 16:38 . 2002-08-29 12:00 20512 ----a-w e:\windows\System32\oobe\html\mouse\images\heidelbm.jpg
2009-01-03 16:38 . 2002-08-29 12:00 35268 ----a-w e:\windows\System32\oobe\html\mouse\images\heidelb.jpg
2009-01-03 16:38 . 2002-08-29 12:00 17486 ----a-w e:\windows\System32\oobe\html\mouse\images\desktop3.gif
2009-01-03 16:38 . 2002-08-29 12:00 6829 ----a-w e:\windows\System32\oobe\html\mouse\images\clicking.gif
2009-01-03 16:38 . 2002-08-29 12:00 823 ----a-w e:\windows\System32\oobe\html\mouse\images\but4_up.gif
2009-01-03 16:38 . 2002-08-29 12:00 436 ----a-w e:\windows\System32\oobe\html\mouse\images\but4_idl.gif
2009-01-03 16:38 . 2002-08-29 12:00 825 ----a-w e:\windows\System32\oobe\html\mouse\images\but4_dwn.gif
2009-01-03 16:38 . 2002-08-29 12:00 983 ----a-w e:\windows\System32\oobe\html\mouse\images\but3_up.gif
2009-01-03 16:38 . 2002-08-29 12:00 590 ----a-w e:\windows\System32\oobe\html\mouse\images\but3_idl.gif
2009-01-03 16:38 . 2002-08-29 12:00 981 ----a-w e:\windows\System32\oobe\html\mouse\images\but3_dwn.gif
2009-01-03 16:38 . 2002-08-29 12:00 753 ----a-w e:\windows\System32\oobe\html\mouse\images\but2_up.gif
2009-01-03 16:38 . 2002-08-29 12:00 409 ----a-w e:\windows\System32\oobe\html\mouse\images\but2_idl.gif
2009-01-03 16:38 . 2002-08-29 12:00 751 ----a-w e:\windows\System32\oobe\html\mouse\images\but2_dwn.gif
2009-01-03 16:38 . 2002-08-29 12:00 1190 ----a-w e:\windows\System32\oobe\html\mouse\images\but1_up.gif
2009-01-03 16:38 . 2002-08-29 12:00 543 ----a-w e:\windows\System32\oobe\html\mouse\images\but1_idl.gif
2009-01-03 16:38 . 2002-08-29 12:00 1188 ----a-w e:\windows\System32\oobe\html\mouse\images\but1_dwn.gif
2009-01-03 16:38 . 2002-08-29 12:00 40046 ----a-w e:\windows\System32\oobe\html\mouse\images\bulzanom.jpg
2009-01-03 16:38 . 2002-08-29 12:00 72921 ----a-w e:\windows\System32\oobe\html\mouse\images\bulzano.jpg
2009-01-03 16:38 . 2002-08-29 12:00 2729 ----a-w e:\windows\System32\oobe\html\mouse\mouse_k.htm
2009-01-03 16:38 . 2002-08-29 12:00 2805 ----a-w e:\windows\System32\oobe\html\mouse\mouse_j.htm
2009-01-03 16:38 . 2002-08-29 12:00 3250 ----a-w e:\windows\System32\oobe\html\mouse\mouse_i.htm
2009-01-03 16:38 . 2002-08-29 12:00 2837 ----a-w e:\windows\System32\oobe\html\mouse\mouse_h.htm
2009-01-03 16:38 . 2002-08-29 12:00 3255 ----a-w e:\windows\System32\oobe\html\mouse\mouse_g.htm
2009-01-03 16:38 . 2002-08-29 12:00 2275 ----a-w e:\windows\System32\oobe\html\mouse\mouse_f.htm
2009-01-03 16:38 . 2002-08-29 12:00 3663 ----a-w e:\windows\System32\oobe\html\mouse\mouse_e.htm
2009-01-03 16:38 . 2002-08-29 12:00 2244 ----a-w e:\windows\System32\oobe\html\mouse\mouse_d.htm
2009-01-03 16:38 . 2002-08-29 12:00 3622 ----a-w e:\windows\System32\oobe\html\mouse\mouse_c.htm
2009-01-03 16:38 . 2002-08-29 12:00 2338 ----a-w e:\windows\System32\oobe\html\mouse\mouse_b.htm
2009-01-03 16:38 . 2002-08-29 12:00 2299 ----a-w e:\windows\System32\oobe\html\mouse\mouse_a.htm
2009-01-03 16:38 . 2002-08-29 12:00 3972 ----a-w e:\windows\System32\oobe\html\mouse\mouse.htm
2009-01-03 16:38 . 2002-08-29 12:00 7187 ----a-w e:\windows\System32\oobe\actsetup\ausrinfo.htm
2009-01-03 16:38 . 2002-08-29 12:00 2277 ----a-w e:\windows\System32\oobe\actsetup\aregstyl.css
2009-01-03 16:38 . 2002-08-29 12:00 2286 ----a-w e:\windows\System32\oobe\actsetup\aregsty2.css
2009-01-03 16:38 . 2002-08-29 12:00 1891 ----a-w e:\windows\System32\oobe\actsetup\aregdone.htm
2009-01-03 16:38 . 2002-08-29 12:00 2182 ----a-w e:\windows\System32\oobe\actsetup\aregdial.htm
2009-01-03 16:38 . 2002-08-29 12:00 4007 ----a-w e:\windows\System32\oobe\actsetup\areg1.htm
2009-01-03 16:38 . 2002-08-29 12:00 4700 ----a-w e:\windows\System32\oobe\actsetup\aprvcyms.htm
2009-01-03 16:38 . 2002-08-29 12:00 3924 ----a-w e:\windows\System32\oobe\actsetup\apolicy.htm
2009-01-03 16:38 . 2002-08-29 12:00 4706 ----a-w e:\windows\System32\oobe\actsetup\adrdyreg.htm
2009-01-03 16:38 . 2002-08-29 12:00 2018 ----a-w e:\windows\System32\oobe\actsetup\activerr.htm
2009-01-03 16:38 . 2002-08-29 12:00 1829 ----a-w e:\windows\System32\oobe\actsetup\actdone.htm
2009-01-03 16:38 . 2002-08-29 12:00 3196 ----a-w e:\windows\System32\oobe\actsetup\actconn.htm
2009-01-03 16:38 . 2002-08-29 12:00 5998 ----a-w e:\windows\System32\oobe\regerror\rtoobusy.htm
2009-01-03 16:38 . 2002-08-29 12:00 2292 ----a-w e:\windows\System32\oobe\regerror\rpulse.htm
2009-01-03 16:38 . 2002-08-29 12:00 1769 ----a-w e:\windows\System32\oobe\regerror\rpberr.htm
2009-01-03 16:38 . 2002-08-29 12:00 1750 ----a-w e:\windows\System32\oobe\regerror\rnomdm.htm
2009-01-03 16:38 . 2002-08-29 12:00 6067 ----a-w e:\windows\System32\oobe\regerror\rnoansw.htm
2009-01-03 16:38 . 2002-08-29 12:00 1895 ----a-w e:\windows\System32\oobe\regerror\rhndshk.htm
2009-01-03 16:38 . 2002-08-29 12:00 2597 ----a-w e:\windows\System32\oobe\regerror\rdtone.htm
2009-01-03 16:38 . 2002-08-29 12:00 2909 ----a-w e:\windows\System32\oobe\regerror\rcnterr.htm
2009-01-03 16:38 . 2002-08-29 12:00 17719 ----a-w e:\windows\System32\oobe\images\wpatop.jpg
2009-01-03 16:38 . 2002-08-29 12:00 25759 ----a-w e:\windows\System32\oobe\images\wpakey.jpg
2009-01-03 16:38 . 2002-08-29 12:00 5823 ----a-w e:\windows\System32\oobe\images\wpaflag.jpg
2009-01-03 16:38 . 2002-08-29 12:00 11746 ----a-w e:\windows\System32\oobe\images\wpabtm.jpg
2009-01-03 16:38 . 2002-08-29 12:00 44244 ----a-w e:\windows\System32\oobe\images\wpaback.jpg
2009-01-03 16:38 . 2002-08-29 12:00 2624518 ----a-w e:\windows\System32\oobe\images\title.wma
2009-01-03 16:38 . 2002-08-29 12:00 26392 ----a-w e:\windows\System32\oobe\images\thanks8.png
2009-01-03 16:38 . 2002-08-29 12:00 38558 ----a-w e:\windows\System32\oobe\images\thanks10.png
2009-01-03 16:38 . 2002-08-29 12:00 3483 ----a-w e:\windows\System32\oobe\images\skipup.jpg
2009-01-03 16:38 . 2002-08-29 12:00 3485 ----a-w e:\windows\System32\oobe\images\skipover.jpg
2009-01-03 16:38 . 2002-08-29 12:00 2759 ----a-w e:\windows\System32\oobe\images\skipoff.jpg
2009-01-03 16:38 . 2002-08-29 12:00 3556 ----a-w e:\windows\System32\oobe\images\skipdown.jpg
2009-01-03 16:38 . 2002-08-29 12:00 2479 ----a-w e:\windows\System32\oobe\images\qmark.gif
2009-01-03 16:38 . 2002-08-29 12:00 1174050 ----a-w e:\windows\System32\oobe\images\qmark.acs
2009-01-03 16:38 . 2002-08-29 12:00 1230 ----a-w e:\windows\System32\oobe\images\progress.gif
2009-01-03 16:38 . 2002-08-29 12:00 993 ----a-w e:\windows\System32\oobe\images\prodkey.gif
2009-01-03 16:38 . 2002-08-29 12:00 3343 ----a-w e:\windows\System32\oobe\images\oemlogo.gif
2009-01-03 16:38 . 2002-08-29 12:00 3364 ----a-w e:\windows\System32\oobe\images\oemcoa.jpg
2009-01-03 16:38 . 2002-08-29 12:00 3539 ----a-w e:\windows\System32\oobe\images\nextup.jpg
2009-01-03 16:38 . 2002-08-29 12:00 3554 ----a-w e:\windows\System32\oobe\images\nextover.jpg
2009-01-03 16:38 . 2002-08-29 12:00 2705 ----a-w e:\windows\System32\oobe\images\nextoff.jpg
2009-01-03 16:38 . 2002-08-29 12:00 3439 ----a-w e:\windows\System32\oobe\images\nextdown.jpg
2009-01-03 16:38 . 2002-08-29 12:00 8048 ----a-w e:\windows\System32\oobe\images\newtop8.jpg
2009-01-03 16:38 . 2002-08-29 12:00 8806 ----a-w e:\windows\System32\oobe\images\newtop1.jpg
2009-01-03 16:38 . 2002-08-29 12:00 38987 ----a-w e:\windows\System32\oobe\images\newmark8.jpg
2009-01-03 16:38 . 2002-08-29 12:00 56043 ----a-w e:\windows\System32\oobe\images\newmark1.jpg
2009-01-03 16:38 . 2002-08-29 12:00 8727 ----a-w e:\windows\System32\oobe\images\newbtm8.jpg
2009-01-03 16:38 . 2002-08-29 12:00 9131 ----a-w e:\windows\System32\oobe\images\newbtm1.jpg
2009-01-03 16:38 . 2002-08-29 12:00 14679 ----a-w e:\windows\System32\oobe\images\mslogo.jpg
2009-01-03 16:38 . 2002-08-29 12:00 10567 ----a-w e:\windows\System32\oobe\images\mousewn1.gif
2009-01-03 16:38 . 2002-08-29 12:00 2730 ----a-w e:\windows\System32\oobe\images\mouse.gif
2009-01-03 16:38 . 2002-08-29 12:00 21991 ----a-w e:\windows\System32\oobe\images\monitor2.gif
2009-01-03 16:38 . 2002-08-29 12:00 17745 ----a-w e:\windows\System32\oobe\images\monitor.gif
2009-01-03 16:38 . 2002-08-29 12:00 2700 ----a-w e:\windows\System32\oobe\images\merlin.gif
2009-01-03 16:38 . 2002-08-29 12:00 7972 ----a-w e:\windows\System32\oobe\images\magnify.gif
2009-01-03 16:38 . 2002-08-29 12:00 665107 ----a-w e:\windows\System32\oobe\images\intro.wmv
2009-01-03 16:38 . 2002-08-29 12:00 9257 ----a-w e:\windows\System32\oobe\images\hand2.gif
2009-01-03 16:38 . 2002-08-29 12:00 9513 ----a-w e:\windows\System32\oobe\images\hand1.gif
2009-01-03 16:38 . 2002-08-29 12:00 1234 ----a-w e:\windows\System32\oobe\images\grn_btn.gif
2009-01-03 16:38 . 2002-08-29 12:00 124383 ----a-w e:\windows\System32\oobe\images\dialup.gif
2009-01-03 16:38 . 2002-08-29 12:00 4795 ----a-w e:\windows\System32\oobe\images\dialtone.gif
2009-01-03 16:38 . 2002-08-29 12:00 559 ----a-w e:\windows\System32\oobe\images\clickhr.gif
2009-01-03 16:38 . 2002-08-29 12:00 4616 ----a-w e:\windows\System32\oobe\images\clickerx.wav
2009-01-03 16:38 . 2002-08-29 12:00 54 ----a-w e:\windows\System32\oobe\images\bullet1.gif
2009-01-03 16:38 . 2002-08-29 12:00 978 ----a-w e:\windows\System32\oobe\images\btn3.gif
2009-01-03 16:38 . 2002-08-29 12:00 978 ----a-w e:\windows\System32\oobe\images\btn2.gif
2009-01-03 16:38 . 2002-08-29 12:00 978 ----a-w e:\windows\System32\oobe\images\btn1.gif
2009-01-03 16:38 . 2002-08-29 12:00 3540 ----a-w e:\windows\System32\oobe\images\backup.jpg
2009-01-03 16:38 . 2002-08-29 12:00 3557 ----a-w e:\windows\System32\oobe\images\backover.jpg
2009-01-03 16:38 . 2002-08-29 12:00 2817 ----a-w e:\windows\System32\oobe\images\backoff.jpg
2009-01-03 16:38 . 2002-08-29 12:00 3461 ----a-w e:\windows\System32\oobe\images\backdown.jpg
2009-01-03 16:38 . 2002-08-29 12:00 300 ----a-w e:\windows\System32\oobe\images\arrow.gif
2009-01-03 16:38 . 2002-08-29 12:00 6128 ----a-w e:\windows\System32\oobe\error\toobusy.htm
2009-01-03 16:38 . 2002-08-29 12:00 2663 ----a-w e:\windows\System32\oobe\error\pulse.htm
2009-01-03 16:38 . 2002-08-29 12:00 2044 ----a-w e:\windows\System32\oobe\error\pberr.htm
2009-01-03 16:38 . 2002-08-29 12:00 6328 ----a-w e:\windows\System32\oobe\error\noanswer.htm
2009-01-03 16:38 . 2002-08-29 12:00 2163 ----a-w e:\windows\System32\oobe\error\isp2busy.htm
2009-01-03 16:38 . 2002-08-29 12:00 2255 ----a-w e:\windows\System32\oobe\error\hndshake.htm
2009-01-03 16:38 . 2002-08-29 12:00 3039 ----a-w e:\windows\System32\oobe\error\dialtone.htm
2009-01-03 16:38 . 2002-08-29 12:00 3384 ----a-w e:\windows\System32\oobe\error\cnncterr.htm
2009-01-03 16:38 . 2004-08-04 07:56 16384 ----a-w e:\windows\System32\oobe\msobdl.dll
2009-01-03 16:38 . 2004-08-04 07:56 30720 ----a-w e:\windows\System32\oobe\msobshel.dll
2009-01-03 16:38 . 2004-08-04 07:56 18944 ----a-w e:\windows\System32\oobe\msobweb.dll
2009-01-03 16:38 . 2002-08-29 12:00 28160 -c--a-w e:\windows\System32\dllcache\msoobe.exe
2009-01-03 16:38 . 2002-08-29 12:00 28160 ----a-w e:\windows\System32\oobe\msoobe.exe
2009-01-03 16:38 . 2009-01-03 16:40 255 ----a-w e:\windows\System32\oobe\oobeinfo.ini
2009-01-03 16:38 . 2002-08-29 12:00 124 ----a-w e:\windows\System32\oobe\reg.isp
2009-01-03 16:38 . 2004-07-17 18:44 269 ----a-w e:\windows\System32\oobe\msobe.isp
2009-01-03 16:38 . 2002-08-29 12:00 242 ----a-w e:\windows\System32\oobe\migrate.isp
2009-01-03 16:38 . 2002-08-29 12:00 576 ----a-w e:\windows\System32\oobe\migx25c.dun
2009-01-03 16:38 . 2002-08-29 12:00 627 ----a-w e:\windows\System32\oobe\migx25b.dun
2009-01-03 16:38 . 2002-08-29 12:00 576 ----a-w e:\windows\System32\oobe\migx25a.dun
2009-01-03 16:38 . 2004-07-17 18:44 339 ----a-w e:\windows\System32\oobe\migip.dun
2009-01-03 16:38 . 2004-08-04 05:03 9607 ----a-w e:\windows\System32\oobe\oobeutil.js
2009-01-03 16:38 . 2002-08-29 12:00 11257 ----a-w e:\windows\System32\oobe\mousetut.js
2009-01-03 16:38 . 2002-08-29 12:00 1249 ----a-w e:\windows\System32\oobe\isptype.js
2009-01-03 16:38 . 2002-08-29 12:00 16987 ----a-w e:\windows\System32\oobe\dslmain.js
2009-01-03 16:38 . 2002-08-29 12:00 1044 ----a-w e:\windows\System32\oobe\sconnect.js
2009-01-03 16:38 . 2002-08-29 12:00 13137 ----a-w e:\windows\System32\oobe\iconnect.js
2009-01-03 16:38 . 2004-08-04 05:03 19191 ----a-w e:\windows\System32\oobe\error.js
2009-01-03 16:38 . 2002-08-29 12:00 18843 ----a-w e:\windows\System32\oobe\dialmgr.js
2009-01-03 16:38 . 2004-08-04 05:03 267850 ----a-w e:\windows\System32\oobe\agtscrpt.js
2009-01-03 16:38 . 2002-08-29 12:00 48410 ----a-w e:\windows\System32\oobe\agtcore.js
2009-01-03 16:38 . 2004-08-04 05:03 42593 ----a-w e:\windows\System32\oobe\dtsgnup.htm

Report •

#27
April 19, 2009 at 16:22:42
2009-01-03 16:36 . 2002-08-29 12:00 12288 -c--a-w e:\windows\System32\dllcache\wbemads.dll
2009-01-03 16:36 . 2002-08-29 12:00 12288 ----a-w e:\windows\System32\wbem\wbemads.dll
2009-01-03 16:36 . 2004-08-04 07:56 131584 ----a-w e:\windows\System32\wbem\viewprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 116224 -c--a-w e:\windows\System32\dllcache\updprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 116224 ----a-w e:\windows\System32\wbem\updprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 16896 -c--a-w e:\windows\System32\dllcache\unsecapp.exe
2009-01-03 16:36 . 2002-08-29 12:00 16896 ----a-w e:\windows\System32\wbem\unsecapp.exe
2009-01-03 16:36 . 2002-08-29 12:00 59904 -c--a-w e:\windows\System32\dllcache\trnsprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 59904 ----a-w e:\windows\System32\wbem\trnsprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 61952 -c--a-w e:\windows\System32\dllcache\tmplprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 61952 ----a-w e:\windows\System32\wbem\tmplprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 40960 -c--a-w e:\windows\System32\dllcache\smtpcons.dll
2009-01-03 16:36 . 2002-08-29 12:00 40960 ----a-w e:\windows\System32\wbem\smtpcons.dll
2009-01-03 16:36 . 2004-08-04 07:56 36864 ----a-w e:\windows\System32\wbem\scrcons.exe
2009-01-03 16:36 . 2004-08-04 07:56 237056 ----a-w e:\windows\System32\wbem\provthrd.dll
2009-01-03 16:36 . 2004-08-04 07:56 212992 ----a-w e:\windows\System32\wbem\ntevt.dll
2009-01-03 16:36 . 2002-08-29 12:00 273920 -c--a-w e:\windows\System32\dllcache\msiprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 273920 ----a-w e:\windows\System32\wbem\msiprov.dll
2009-01-03 16:36 . 2004-08-04 07:56 24576 ----a-w e:\windows\System32\wbem\krnlprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 53248 -c--a-w e:\windows\System32\dllcache\fwdprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 53248 ----a-w e:\windows\System32\wbem\fwdprov.dll
2009-01-03 16:36 . 2004-08-04 07:56 185856 ----a-w e:\windows\System32\wbem\framedyn.dll
2009-01-03 16:36 . 2002-08-29 12:00 120320 -c--a-w e:\windows\System32\dllcache\dsprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 120320 ----a-w e:\windows\System32\wbem\dsprov.dll
2009-01-03 16:36 . 2002-08-29 12:00 63488 ----a-w e:\windows\System32\wmimgmt.msc
2009-01-03 16:36 . 2004-08-04 07:56 56320 ----a-w e:\windows\System32\servdeps.dll
2009-01-03 16:36 . 2004-08-04 07:56 17408 ----a-w e:\windows\System32\mmfutil.dll
2009-01-03 16:36 . 2004-08-04 07:56 185344 ----a-w e:\windows\System32\cmprops.dll
2009-01-03 16:36 . 2004-08-04 07:56 123392 ----a-w e:\windows\System32\mplay32.exe
2009-01-03 16:36 . 2008-10-16 21:09 51224 -c--a-w e:\windows\System32\dllcache\wuauclt.exe
2009-01-03 16:36 . 2008-10-16 21:09 51224 ----a-w e:\windows\System32\wuauclt.exe
2009-01-03 16:36 . 2008-10-16 21:13 1809944 -c--a-w e:\windows\System32\dllcache\wuaueng.dll
2009-01-03 16:36 . 2008-10-16 21:13 1809944 ----a-w e:\windows\System32\wuaueng.dll
2009-01-03 16:36 . 2004-08-04 07:56 6656 ----a-w e:\windows\System32\wuauserv.dll
2009-01-03 16:36 . 2004-08-04 05:01 58096 ----a-w e:\windows\System32\wbem\tscfgwmi.mfl
2009-01-03 16:36 . 2004-08-04 05:01 99750 ----a-w e:\windows\System32\wbem\tscfgwmi.mof
2009-01-03 16:36 . 2004-08-04 08:01 139400 ----a-w e:\windows\System32\drivers\rdpwd.sys
2009-01-03 16:36 . 2004-08-04 07:56 93696 ----a-w e:\windows\System32\tscfgwmi.dll
2009-01-03 16:36 . 2004-08-04 05:59 655360 ----a-w e:\windows\System32\mstscax.dll
2009-01-03 16:36 . 2004-08-04 05:59 407552 ----a-w e:\windows\System32\mstsc.exe
2009-01-03 16:36 . 2004-08-04 07:56 60416 ----a-w e:\windows\System32\remotepg.dll
2009-01-03 16:36 . 2004-08-04 07:56 13824 ----a-w e:\windows\System32\rdsaddin.exe
2009-01-03 16:36 . 2004-08-04 07:56 140800 ----a-w e:\windows\System32\sessmgr.exe
2009-01-03 16:36 . 2004-08-04 07:56 147968 ----a-w e:\windows\System32\rdchost.dll
2009-01-03 16:36 . 2004-08-04 05:59 44544 ----a-w e:\windows\System32\tscupgrd.exe
2009-01-03 16:36 . 2004-08-04 07:56 295424 ----a-w e:\windows\System32\termsrv.dll
2009-01-03 16:36 . 2004-08-04 08:01 87176 ----a-w e:\windows\System32\rdpwsx.dll
2009-01-03 16:36 . 2004-08-04 07:56 19968 ----a-w e:\windows\System32\rdpsnd.dll
2009-01-03 16:36 . 2004-08-04 07:56 62464 ----a-w e:\windows\System32\rdpclip.exe
2009-01-03 16:36 . 2004-08-04 07:56 11264 ----a-w e:\windows\System32\icaapi.dll
2009-01-03 16:36 . 2004-08-04 07:56 38912 ----a-w e:\windows\System32\cfgbkend.dll
2009-01-03 16:36 . 2002-08-29 12:00 27818 ----a-w e:\windows\System32\MsDtc\Trace\msdtctr.mof
2009-01-03 16:36 . 2008-06-12 14:16 428032 ----a-w e:\windows\System32\msdtcprx.dll
2009-01-03 16:36 . 2004-08-04 07:56 195584 ----a-w e:\windows\System32\Com\comadmin.dll
2009-01-03 16:36 . 2004-08-04 07:56 628224 ----a-w e:\windows\System32\catsrvut.dll
2009-01-03 16:36 . 2004-08-04 07:56 1251840 ----a-w e:\windows\System32\comsvcs.dll
2009-01-03 16:36 . 2002-08-29 12:00 10688 ----a-w e:\windows\System32\wbem\wmi.mof
2009-01-03 16:36 . 2002-08-29 12:00 15586 ----a-w e:\windows\System32\wbem\licwmi.mof
2009-01-03 16:36 . 2002-08-29 12:00 9748 ----a-w e:\windows\System32\wbem\licwmi.mfl
2009-01-03 16:36 . 2004-08-04 07:56 95232 ----a-w e:\windows\System32\wbem\wmiutils.dll
2009-01-03 16:36 . 2004-08-04 07:56 144896 ----a-w e:\windows\System32\wbem\wmisvc.dll
2009-01-03 16:36 . 2004-08-04 07:56 41472 ----a-w e:\windows\System32\wbem\wmipsess.dll
2009-01-03 16:36 . 2009-02-06 16:39 227840 ----a-w e:\windows\System32\wbem\wmiprvse.exe
2009-01-03 16:36 . 2009-02-09 10:20 453120 ----a-w e:\windows\System32\wbem\wmiprvsd.dll
2009-01-03 16:36 . 2004-08-04 07:56 144896 ----a-w e:\windows\System32\wbem\wmiprov.dll
2009-01-03 16:36 . 2004-08-04 07:56 156672 ----a-w e:\windows\System32\wbem\wmipcima.dll
2009-01-03 16:36 . 2004-08-04 07:56 140800 ----a-w e:\windows\System32\wbem\wmidcprv.dll
2009-01-03 16:36 . 2004-08-04 07:56 60928 ----a-w e:\windows\System32\wbem\wmicookr.dll
2009-01-03 16:36 . 2004-08-04 07:56 197120 ----a-w e:\windows\System32\wbem\wbemupgd.dll
2009-01-03 16:36 . 2004-08-04 07:56 18944 ----a-w e:\windows\System32\wbem\wbemprox.dll
2009-01-03 16:36 . 2004-08-04 07:56 273920 ----a-w e:\windows\System32\wbem\wbemess.dll
2009-01-03 16:36 . 2004-08-04 07:56 530944 ----a-w e:\windows\System32\wbem\wbemcore.dll
2009-01-03 16:36 . 2004-08-04 07:56 214528 ----a-w e:\windows\System32\wbem\wbemcomn.dll
2009-01-03 16:36 . 2004-08-04 07:56 86528 ----a-w e:\windows\System32\wbem\stdprov.dll
2009-01-03 16:36 . 2004-08-04 07:56 177152 ----a-w e:\windows\System32\wbem\repdrvfs.dll
2009-01-03 16:36 . 2004-08-04 07:56 47104 ----a-w e:\windows\System32\wbem\ncprov.dll
2009-01-03 16:36 . 2004-08-04 07:56 123904 ----a-w e:\windows\System32\wbem\mofd.dll
2009-01-03 16:36 . 2004-08-04 07:56 16384 ----a-w e:\windows\System32\wbem\mofcomp.exe
2009-01-03 16:36 . 2009-02-09 10:20 473088 ----a-w e:\windows\System32\wbem\fastprox.dll
2009-01-03 16:36 . 2004-08-04 07:56 247808 ----a-w e:\windows\System32\wbem\esscli.dll
2009-01-03 16:36 . 2004-08-04 07:56 1352192 ----a-w e:\windows\System32\wbem\cimwin32.dll
2009-01-03 16:36 . 2004-08-04 07:56 58880 ----a-w e:\windows\System32\licwmi.dll
2009-01-03 16:36 . 2004-08-04 08:01 40840 ----a-w e:\windows\System32\drivers\termdd.sys
2009-01-03 16:36 . 2004-08-04 06:01 196864 ----a-w e:\windows\System32\drivers\rdpdr.sys
2009-01-03 09:30 . 2009-01-03 09:30 0 ----a-w e:\windows\System32\h323log.txt
2009-01-03 09:25 . 2001-08-17 13:59 3072 ----a-w e:\windows\System32\drivers\audstub.sys
2009-01-03 09:25 . 2004-08-04 07:56 21504 ----a-w e:\windows\System32\hidserv.dll
2009-01-03 09:24 . 2004-08-04 05:59 57472 ----a-w e:\windows\System32\drivers\redbook.sys
2009-01-03 09:24 . 2001-08-17 13:46 6400 ----a-w e:\windows\System32\drivers\enum1394.sys
2009-01-03 09:24 . 2004-08-04 05:31 20992 ----a-w e:\windows\System32\drivers\rtl8139.sys
2009-01-03 09:23 . 2004-08-04 07:56 74240 ----a-w e:\windows\System32\usbui.dll
2009-01-03 09:23 . 2009-04-18 00:59 522208 ----a-w e:\windows\System32\PerfStringBackup.INI
2009-01-03 09:23 . 2002-08-29 12:00 61440 -c--a-w e:\windows\System32\dllcache\spcplui.dll
2009-01-03 09:23 . 2002-08-29 12:00 77824 -c--a-w e:\windows\System32\dllcache\spcommon.dll
2009-01-03 09:23 . 2002-08-29 12:00 1685606 -c--a-w e:\windows\System32\dllcache\sam.spd
2009-01-03 09:23 . 2002-08-29 12:00 888 -c--a-w e:\windows\System32\dllcache\sam.sdf
2009-01-03 09:23 . 2002-08-29 12:00 774144 -c--a-w e:\windows\System32\dllcache\spttseng.dll
2009-01-03 09:23 . 2002-08-29 12:00 605050 -c--a-w e:\windows\System32\dllcache\r1033tts.lxa
2009-01-03 09:23 . 2002-08-29 12:00 643717 -c--a-w e:\windows\System32\dllcache\ltts1033.lxa
2009-01-03 09:23 . 2002-08-29 12:00 36864 -c--a-w e:\windows\System32\dllcache\sapisvr.exe
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_28603.nls
2009-01-03 09:22 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt041f.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdazel.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdazel.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdtuq.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 ----a-r e:\windows\System32\kbdtuq.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdtuf.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 ----a-r e:\windows\System32\kbdtuf.dll
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_28599.nls
2009-01-03 09:22 . 2002-08-29 12:00 66594 ----a-w e:\windows\System32\c_857.nls
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_10081.nls
2009-01-03 09:22 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0419.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdkyr.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdkyr.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdmon.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdmon.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdtat.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdtat.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdaze.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdaze.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbduzb.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbduzb.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdkaz.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdkaz.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdur.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdur.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdycc.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdycc.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdru1.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdru1.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdru.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdru.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdbu.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdbu.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdblr.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdblr.dll
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\C_28595.NLS
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_10017.nls
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_10007.nls
2009-01-03 09:22 . 2002-08-29 12:00 22016 -c--a-w e:\windows\System32\dllcache\agt0408.dll
2009-01-03 09:22 . 2002-08-29 12:00 8192 -c--a-w e:\windows\System32\dllcache\kbdhept.dll
2009-01-03 09:22 . 2002-08-29 12:00 8192 ----a-r e:\windows\System32\kbdhept.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdhela3.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdhela3.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdhe319.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdhela2.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdhe319.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 ----a-r e:\windows\System32\kbdhela2.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdhe220.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdhe220.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdgkl.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 ----a-r e:\windows\System32\kbdgkl.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdhe.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdhe.dll
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\C_28597.NLS
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_10006.nls
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_875.nls
2009-01-03 09:22 . 2002-08-29 12:00 66594 ----a-w e:\windows\System32\c_737.nls
2009-01-03 09:22 . 2002-08-29 12:00 66594 ----a-w e:\windows\System32\c_869.nls
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdlt1.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdlt1.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdlt.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdlt.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdlv1.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 ----a-r e:\windows\System32\kbdlv1.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdlv.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 ----a-r e:\windows\System32\kbdlv.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 -c--a-w e:\windows\System32\dllcache\kbdest.dll
2009-01-03 09:22 . 2002-08-29 12:00 6144 ----a-r e:\windows\System32\kbdest.dll
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\C_28594.NLS
2009-01-03 09:22 . 2002-08-29 12:00 66594 ----a-w e:\windows\System32\c_866.nls
2009-01-03 09:22 . 2002-08-29 12:00 66594 ----a-w e:\windows\System32\c_855.nls
2009-01-03 09:22 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0415.dll
2009-01-03 09:22 . 2002-08-29 12:00 19968 -c--a-w e:\windows\System32\dllcache\agt040e.dll
2009-01-03 09:22 . 2002-08-29 12:00 19456 -c--a-w e:\windows\System32\dllcache\agt0405.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdsl1.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdsl1.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdsl.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdsl.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdpl.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdro.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdpl.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdro.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdpl1.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdpl1.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 -c--a-w e:\windows\System32\dllcache\kbdhu1.dll
2009-01-03 09:22 . 2002-08-29 12:00 5632 ----a-r e:\windows\System32\kbdhu1.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdhu.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdhu.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdcz2.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdcz2.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdcz1.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdcz1.dll
2009-01-03 09:22 . 2002-08-29 12:00 7168 -c--a-w e:\windows\System32\dllcache\kbdcz.dll
2009-01-03 09:22 . 2002-08-29 12:00 7168 ----a-r e:\windows\System32\kbdcz.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdcr.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdcr.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdal.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\KBDAL.DLL
2009-01-03 09:22 . 2002-08-29 12:00 6656 -c--a-w e:\windows\System32\dllcache\kbdycl.dll
2009-01-03 09:22 . 2002-08-29 12:00 6656 ----a-r e:\windows\System32\kbdycl.dll
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_10082.nls
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_10029.nls
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_10010.nls
2009-01-03 09:22 . 2002-08-29 12:00 66594 ----a-w e:\windows\System32\c_852.nls
2009-01-03 09:22 . 2002-08-29 12:00 66082 ----a-w e:\windows\System32\c_20127.nls
2009-01-03 09:22 . 2002-08-29 12:00 13312 -c--a-w e:\windows\System32\dllcache\irclass.dll
2009-01-03 09:22 . 2002-08-29 12:00 13312 ----a-w e:\windows\System32\irclass.dll
2009-01-03 09:22 . 2004-08-04 06:00 11264 ----a-w e:\windows\System32\drivers\irenum.sys
2009-01-03 09:22 . 2002-08-29 12:00 176157 -c--a-w e:\windows\System32\dllcache\dgrpsetu.dll
2009-01-03 09:22 . 2002-08-29 12:00 176157 ----a-w e:\windows\System32\dgrpsetu.dll
2009-01-03 09:22 . 2002-08-29 12:00 85020 -c--a-w e:\windows\System32\dllcache\dgsetup.dll
2009-01-03 09:22 . 2002-08-29 12:00 85020 ----a-w e:\windows\System32\dgsetup.dll
2009-01-03 09:22 . 2002-08-29 12:00 24661 -c--a-w e:\windows\System32\dllcache\spxcoins.dll
2009-01-03 09:22 . 2002-08-29 12:00 24661 ----a-w e:\windows\System32\spxcoins.dll
2009-01-03 09:22 . 2002-08-29 12:00 103424 -c--a-w e:\windows\System32\dllcache\eqnclass.dll
2009-01-03 09:22 . 2002-08-29 12:00 103424 ----a-w e:\windows\System32\EqnClass.Dll
2009-01-03 09:22 . 2002-08-29 12:00 13600 -c--a-w e:\windows\System32\dllcache\wfwnet.drv
2009-01-03 09:22 . 2002-08-29 12:00 2176 -c--a-w e:\windows\System32\dllcache\vga.drv
2009-01-03 09:22 . 2002-08-29 12:00 9008 -c--a-w e:\windows\System32\dllcache\ver.dll
2009-01-03 09:22 . 2002-08-29 12:00 4048 -c--a-w e:\windows\System32\dllcache\timer.drv
2009-01-03 09:22 . 2002-08-29 12:00 19200 -c--a-w e:\windows\System32\dllcache\tapi.dll
2009-01-03 09:22 . 2002-08-29 12:00 3360 -c--a-w e:\windows\System32\dllcache\system.drv
2009-01-03 09:22 . 2002-08-29 12:00 1744 -c--a-w e:\windows\System32\dllcache\sound.drv
2009-01-03 09:22 . 2002-08-29 12:00 5120 -c--a-w e:\windows\System32\dllcache\shell.dll
2009-01-03 09:22 . 2002-08-29 12:00 24064 -c--a-w e:\windows\System32\dllcache\olesvr.dll
2009-01-03 09:22 . 2002-08-29 12:00 82944 -c--a-w e:\windows\System32\dllcache\olecli.dll
2009-01-03 09:22 . 2002-08-29 12:00 126912 -c--a-w e:\windows\System32\dllcache\msvideo.dll
2009-01-03 09:22 . 2002-08-29 12:00 2032 -c--a-w e:\windows\System32\dllcache\mouse.drv
2009-01-03 09:22 . 2002-08-29 12:00 1152 -c--a-w e:\windows\System32\dllcache\mmtask.tsk
2009-01-03 09:22 . 2002-08-29 12:00 28160 -c--a-w e:\windows\System32\dllcache\mciwave.drv
2009-01-03 09:22 . 2002-08-29 12:00 25264 -c--a-w e:\windows\System32\dllcache\mciseq.drv
2009-01-03 09:22 . 2002-08-29 12:00 73376 -c--a-w e:\windows\System32\dllcache\mciavi.drv
2009-01-03 09:22 . 2002-08-29 12:00 2000 -c--a-w e:\windows\System32\dllcache\keyboard.drv
2009-01-03 09:22 . 2002-08-29 12:00 9936 -c--a-w e:\windows\System32\dllcache\lzexpand.dll
2009-01-03 09:22 . 2002-08-29 12:00 32816 -c--a-w e:\windows\System32\dllcache\commdlg.dll
2009-01-03 09:22 . 2002-08-29 12:00 109456 -c--a-w e:\windows\System32\dllcache\avifile.dll
2009-01-03 09:22 . 2002-08-29 12:00 69584 -c--a-w e:\windows\System32\dllcache\avicap.dll
2009-01-03 09:22 . 2002-08-29 12:00 15360 -c--a-w e:\windows\System32\dllcache\taskman.exe
2009-01-03 09:22 . 2002-08-29 12:00 2577 ------w e:\windows\System32\CONFIG.TMP
2009-01-03 09:22 . 2002-08-29 12:00 1688 ----a-w e:\windows\System32\AUTOEXEC.NT
2009-01-03 09:22 . 2004-08-04 07:56 8704 ----a-w e:\windows\System32\batt.dll
2009-01-03 09:22 . 2004-08-04 07:56 74752 ----a-w e:\windows\System32\storprop.dll
2009-01-03 09:22 . 2002-08-29 12:00 7382 -c--a-w e:\windows\System32\dllcache\OEMBIOS.CAT
2009-01-03 09:22 . 2002-08-29 12:00 8574 -c--a-w e:\windows\System32\dllcache\IASNT4.CAT
2009-01-03 09:22 . 2002-08-29 12:00 37484 -c--a-w e:\windows\System32\dllcache\MW770.CAT
2009-01-03 09:22 . 2002-08-29 12:00 13472 -c--a-w e:\windows\System32\dllcache\HPCRDP.CAT
2009-01-03 09:22 . 2002-08-29 12:00 21281 -c--a-w e:\windows\System32\dllcache\XMLDSOC.CAT
2009-01-03 09:22 . 2002-08-29 12:00 390168 -c--a-w e:\windows\System32\dllcache\WFC.CAT
2009-01-03 09:22 . 2002-08-29 12:00 22151 -c--a-w e:\windows\System32\dllcache\TCLASSES.CAT
2009-01-03 09:22 . 2002-08-29 12:00 14031 -c--a-w e:\windows\System32\dllcache\MSJDBC.CAT
2009-01-03 09:22 . 2002-08-29 12:00 52311 -c--a-w e:\windows\System32\dllcache\DX3.CAT
2009-01-03 09:22 . 2002-08-29 12:00 56081 -c--a-w e:\windows\System32\dllcache\DAJAVAC.CAT
2009-01-03 09:22 . 2002-08-29 12:00 657548 -c--a-w e:\windows\System32\dllcache\CLASSES.CAT
2009-01-03 09:22 . 2002-08-29 12:00 399645 -c--a-w e:\windows\System32\dllcache\MAPIMIG.CAT
2009-01-03 09:22 . 2002-08-29 12:00 797189 -c--a-w e:\windows\System32\dllcache\NT5IIS.CAT
2009-01-03 09:22 . 2002-08-29 12:00 7382 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\OEMBIOS.CAT
2009-01-03 09:22 . 2004-08-04 08:58 7245 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mstsweb.cat
2009-01-03 09:22 . 2002-08-29 12:00 8574 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IASNT4.CAT
2009-01-03 09:22 . 2002-08-29 12:00 37484 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MW770.CAT
2009-01-03 09:22 . 2002-08-29 12:00 13472 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HPCRDP.CAT
2009-01-03 09:22 . 2002-08-29 12:00 21281 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\XMLDSOC.CAT
2009-01-03 09:22 . 2002-08-29 12:00 390168 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WFC.CAT
2009-01-03 09:22 . 2002-08-29 12:00 22151 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TCLASSES.CAT
2009-01-03 09:22 . 2004-08-04 08:58 9581 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msmsgs.cat
2009-01-03 09:22 . 2002-08-29 12:00 14031 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSJDBC.CAT
2009-01-03 09:22 . 2004-08-04 08:58 13753 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ims.cat
2009-01-03 09:22 . 2004-08-04 08:58 31281 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\fp4.cat
2009-01-03 09:22 . 2002-08-29 12:00 52311 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DX3.CAT
2009-01-03 09:22 . 2002-08-29 12:00 56081 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DAJAVAC.CAT
2009-01-03 09:22 . 2002-08-29 12:00 657548 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CLASSES.CAT
2009-01-03 09:22 . 2002-08-29 12:00 399645 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MAPIMIG.CAT
2009-01-03 09:22 . 2002-08-29 12:00 797189 --s-a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5IIS.CAT
2009-01-03 09:22 . 2004-08-04 08:57 1086058 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntprint.cat
2009-01-03 09:22 . 2004-08-04 08:58 2012670 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat
2009-01-03 09:22 . 2004-08-04 08:57 382952 --s---w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5inf.cat
2009-01-03 09:22 . 2009-04-18 12:59 8 ----a-w e:\windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp
2009-01-03 09:22 . 2009-04-18 12:59 8 ----a-w e:\windows\System32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp
2009-01-03 09:22 . 2009-04-19 21:05 6299648 ----a-w e:\windows\System32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2009-01-03 09:22 . 2009-04-19 21:07 85612 ----a-w e:\windows\System32\CatRoot2\dberr.txt
2009-01-03 09:22 . 2009-01-04 21:36 8 ----a-w e:\windows\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp
2009-01-03 09:22 . 2009-01-04 21:36 8 ----a-w e:\windows\System32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp
2009-01-03 09:22 . 2009-04-19 21:05 1056768 ----a-w e:\windows\System32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2009-01-03 09:22 . 2009-04-19 21:06 8192 ----a-w e:\windows\System32\CatRoot2\edb.chk
2009-01-03 09:22 . 2009-01-03 18:12 131072 ----a-w e:\windows\System32\CatRoot2\res1.log
2009-01-03 09:22 . 2009-01-03 18:12 131072 ----a-w e:\windows\System32\CatRoot2\res2.log
2009-01-03 09:22 . 2009-04-19 21:06 131072 ----a-w e:\windows\System32\CatRoot2\edb.log
2009-01-03 09:22 . 2009-04-18 00:15 131072 ----a-w e:\windows\System32\CatRoot2\edb00107.log
2009-01-03 09:21 . 2009-04-19 18:36 524288 ----a-w e:\windows\System32\config\SysEvent.Evt
2009-01-03 09:21 . 2009-04-19 18:26 524288 ----a-w e:\windows\System32\config\AppEvent.Evt
2009-01-03 09:21 . 2009-04-19 18:36 524288 ----a-w e:\windows\System32\config\SecEvent.Evt
2009-01-03 09:21 . 2009-04-11 17:15 1500768 ----a-w e:\windows\System32\FNTCACHE.DAT
2009-01-03 09:21 . 2009-04-19 18:36 262144 ----a-w e:\windows\System32\config\SAM
2009-01-03 09:21 . 2009-04-19 18:38 1024 ---ha-w e:\windows\System32\config\SAM.LOG
2009-01-03 09:21 . 2009-04-19 18:36 262144 ----a-w e:\windows\System32\config\SECURITY
2009-01-03 09:21 . 2009-04-19 18:39 1024 ---ha-w e:\windows\System32\config\SECURITY.LOG
2009-01-03 09:13 . 2009-01-03 09:13 94208 ----a-w e:\windows\System32\config\default.sav
2009-01-03 09:13 . 2009-01-03 09:13 602112 ----a-w e:\windows\System32\config\software.sav
2009-01-03 09:13 . 2009-01-03 09:13 434176 ----a-w e:\windows\System32\config\system.sav
2009-01-03 09:13 . 2009-01-03 09:13 1024 ---ha-w e:\windows\System32\config\TempKey.LOG
2009-01-03 09:13 . 2009-01-03 16:41 261 ----a-w e:\windows\System32\$winnt$.inf
2009-01-03 09:13 . 2009-04-19 18:39 1024 ---ha-w e:\windows\System32\config\default.LOG
2009-01-03 09:13 . 2009-04-19 21:07 704512 ---ha-w e:\windows\System32\config\software.LOG
2009-01-03 09:13 . 2009-04-19 21:07 110592 ---ha-w e:\windows\System32\config\system.LOG
2009-01-03 09:13 . 2009-01-03 09:13 1024 ---ha-w e:\windows\System32\config\userdiff.LOG
2009-01-03 09:13 . 2009-01-03 09:13 262144 ----a-w e:\windows\System32\config\userdiff
2009-01-03 09:13 . 2009-04-19 18:26 524288 ----a-w e:\windows\System32\config\default
2009-01-03 09:13 . 2009-04-19 18:36 36438016 ----a-w e:\windows\System32\config\software
2009-01-03 09:13 . 2009-04-19 18:37 6029312 ----a-w e:\windows\System32\config\system
2008-12-28 16:09 . 2008-12-28 16:09 2711 ----a-w e:\windows\System32\ba79pyw5re17z8.ocx
2008-12-22 11:15 . 2008-12-22 11:15 5061 ----a-w e:\windows\System32\2227959z8a.cpl

Report •

#28
April 19, 2009 at 16:26:28
I hope this helps there is al ot more but it seems that it is all at start of the folder

Report •

#29
April 19, 2009 at 18:55:31
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
e:\windows\System32\4878spzr9e2455.ocx
e:\windows\System32\5b6bs9ywzre5649.bin
e:\windows\System32\948105zrm2e.ocx
e:\windows\System32\z5eth5ef9199.ocx
e:\windows\System32\13059troj5z9.bin
e:\windows\System32\1fzead5ware9997.cpl
e:\windows\System32\z578s9ea51669.exe
e:\windows\System32\199059pambot59z.bin
e:\windows\System32\5f29threa5293z29.exe
e:\windows\System32\7e0z5hief9810.exe
e:\windows\System32\94bfthreat3025z5.cpl
e:\windows\System32\1591worz991.cpl
e:\windows\System32\32ef9hreat9185z.exe
e:\windows\System32\4235hackz95l1da.exe
e:\windows\System32\13890hack5ozl419.ocx
e:\windows\System32\5564troz9c9.bin
e:\windows\System32\11866not-a5virzs6379.exe
e:\windows\System32\3518viz1946.bin
e:\windows\System32\7e5fthzea97355.exe
e:\windows\System32\1z134worm5d9.ocx
e:\windows\System32\5dcfvz92704.cpl
e:\windows\System32\6415down5oaderz9.bin
e:\windows\System32\1z129ackd5or1450.dll
e:\windows\System32\5bb9zhreat91265.exe
e:\windows\System32\75z8sparse5759.ocx
e:\windows\System32\4837thz5at30499.ocx
e:\windows\System32\6339v59us6z9.bin
e:\windows\System32\20695tr5j4a9z.bin
e:\windows\System32\2b0b5ddwaze22329.cpl
e:\windows\System32\389zspywa5e898.exe
e:\windows\System32\5c9aadd5are1z99.bin
e:\windows\System32\5z19thief2291.exe
e:\windows\System32\966z9y258.bin
e:\windows\System32\7949ha5ktoolzb2.bin
e:\windows\System32\5cafaddware169z.cpl
e:\windows\System32\944495zyfd.ocx
e:\windows\System32\z49c5ir3269.cpl
e:\windows\System32\6dz4add9are85.cpl
e:\windows\System32\zb0daddw5r91674.exe
e:\windows\System32\34915ackdoor3z71.bin
e:\windows\System32\56d5back9oor306z.bin
e:\windows\System32\24668ha9zto5l87.dll
e:\windows\System32\2916spamzo5949.dll
e:\windows\System32\15459szam95t329.bin
e:\windows\System32\92bdaddwzre20365.exe
e:\windows\System32\17768n59-a-zirus3a5.cpl
e:\windows\System32\435ctzi9f1322.bin
e:\windows\System32\6170hacktoo957z.cpl
e:\windows\System32\9a2dthiefz485.bin
e:\windows\System32\19924zpy945.bin
e:\windows\System32\92e8spywarz1545.bin
e:\windows\System32\66a1downloa9zr1456.dll
e:\windows\System32\8591trojzbc.bin
e:\windows\System32\21z93wor5107.cpl
e:\windows\System32\e32b9c5door1z56.bin
e:\windows\System32\z56f59r3228.bin
e:\windows\System32\1590spyware275z.ocx
e:\windows\System32\1735zn9t-5-virus22c.cpl
e:\windows\System32\17365hzcktool239.bin
e:\windows\System32\29596hackt5oz4cc.ocx
e:\windows\System32\5494szambot959.bin
e:\windows\System32\75bzspa9se1650.cpl
e:\windows\System32\61f1threaz24599.exe
e:\windows\System32\77285ir9s396z.ocx

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Then look and see if that deleted them all.


Report •

#30
April 19, 2009 at 20:10:28
I did what you suggested and after that I did another combo fix with this cmd.

DIRLOOK::
E:\Windows\System32

And it found this

2009-01-03 09:22 . 2009-04-18 00:15 131072 ----a-w e:\windows\System32\CatRoot2\edb00107.log
2009-01-03 09:21 . 2009-04-20 02:15 524288 ----a-w e:\windows\System32\config\SysEvent.Evt
2009-01-03 09:21 . 2009-04-20 02:15 524288 ----a-w e:\windows\System32\config\AppEvent.Evt
2009-01-03 09:21 . 2009-04-20 02:15 524288 ----a-w e:\windows\System32\config\SecEvent.Evt
2009-01-03 09:21 . 2009-04-11 17:15 1500768 ----a-w e:\windows\System32\FNTCACHE.DAT
2009-01-03 09:21 . 2009-04-20 02:15 262144 ----a-w e:\windows\System32\config\SAM
2009-01-03 09:21 . 2009-04-20 02:16 1024 ---ha-w e:\windows\System32\config\SAM.LOG
2009-01-03 09:21 . 2009-04-20 02:15 262144 ----a-w e:\windows\System32\config\SECURITY
2009-01-03 09:21 . 2009-04-20 02:16 1024 ---ha-w e:\windows\System32\config\SECURITY.LOG
2009-01-03 09:13 . 2009-01-03 09:13 94208 ----a-w e:\windows\System32\config\default.sav
2009-01-03 09:13 . 2009-01-03 09:13 602112 ----a-w e:\windows\System32\config\software.sav
2009-01-03 09:13 . 2009-01-03 09:13 434176 ----a-w e:\windows\System32\config\system.sav
2009-01-03 09:13 . 2009-01-03 09:13 1024 ---ha-w e:\windows\System32\config\TempKey.LOG
2009-01-03 09:13 . 2009-01-03 16:41 261 ----a-w e:\windows\System32\$winnt$.inf
2009-01-03 09:13 . 2009-04-20 02:17 1024 ---ha-w e:\windows\System32\config\default.LOG
2009-01-03 09:13 . 2009-04-20 02:29 720896 ---ha-w e:\windows\System32\config\software.LOG
2009-01-03 09:13 . 2009-04-20 02:29 118784 ---ha-w e:\windows\System32\config\system.LOG
2009-01-03 09:13 . 2009-01-03 09:13 1024 ---ha-w e:\windows\System32\config\userdiff.LOG
2009-01-03 09:13 . 2009-01-03 09:13 262144 ----a-w e:\windows\System32\config\userdiff
2009-01-03 09:13 . 2009-04-20 02:15 524288 ----a-w e:\windows\System32\config\default
2009-01-03 09:13 . 2009-04-20 02:15 36438016 ----a-w e:\windows\System32\config\software
2009-01-03 09:13 . 2009-04-20 02:16 6029312 ----a-w e:\windows\System32\config\system
2008-12-28 16:09 . 2008-12-28 16:09 2711 ----a-w e:\windows\System32\ba79pyw5re17z8.ocx
2008-12-22 11:15 . 2008-12-22 11:15 5061 ----a-w e:\windows\System32\2227959z8a.cpl
2008-12-19 07:11 . 2008-12-19 07:11 17382 ----a-w e:\windows\System32\2d55sparze13919.ocx
2008-12-16 12:47 . 2008-12-16 12:47 351232 -c----w e:\windows\System32\dllcache\winhttp.dll
2008-12-13 20:00 . 2008-12-13 20:00 17141 ----a-w e:\windows\System32\7d87szywa5e27779.ocx
2008-12-12 17:18 . 2008-12-12 17:18 87336 ----a-w e:\windows\System32\dns-sd.exe
2008-12-12 17:11 . 2008-12-12 17:11 61440 ----a-w e:\windows\System32\dnssd.dll
2008-12-11 05:02 . 2008-12-11 05:02 3091 ----a-w e:\windows\System32\510729pamboz1e.ocx
2008-12-10 03:45 . 2008-12-10 03:45 9730 ----a-w e:\windows\System32\4929sze59155.bin
2008-12-08 08:45 . 2008-12-08 08:45 18067 ----a-w e:\windows\System32\74zfthie52951.cpl
2008-12-05 11:42 . 2008-12-05 11:42 16701 ----a-w e:\windows\System32\4a41az9ware6915.cpl
2008-12-05 11:14 . 2008-12-05 11:14 7039 ----a-w e:\windows\System32\25despz5se957.bin
2008-12-05 08:21 . 2008-12-05 08:21 13723 ----a-w e:\windows\System32\zbabspy5ar91049.exe
2008-12-02 13:55 . 2008-12-02 13:55 17511 ----a-w e:\windows\System32\z599ba5kdoor3017.ocx
2008-11-28 01:42 . 2008-11-28 01:42 3816 ----a-w e:\windows\System32\31z90hac9tool555.cpl
2008-11-27 00:25 . 2008-11-27 00:25 3832 ----a-w e:\windows\System32\269759ozm2ec.dll
2008-11-22 11:40 . 2008-11-22 11:40 14611 ----a-w e:\windows\System32\6356vi93531z.cpl
2008-11-20 09:12 . 2008-11-20 09:12 16544 ----a-w e:\windows\System32\3171695zm6f9.dll
2008-11-19 15:01 . 2008-11-19 15:01 2539 ----a-w e:\windows\System32\57c7back9oor221z.bin
2008-11-13 03:07 . 2008-11-13 03:07 7129 ----a-w e:\windows\System32\4c6spywaz922755.cpl
2008-11-12 21:03 . 2008-11-12 21:03 15359 ----a-w e:\windows\System32\65e9steaz15285.exe
2008-11-10 12:32 . 2008-11-10 12:32 17638 ----a-w e:\windows\System32\z69fd5wnloader1181.dll
2008-11-07 16:46 . 2008-11-07 16:46 3509 ----a-w e:\windows\System32\z8052not-a-v9rus257.exe
2008-11-05 13:09 . 2008-11-05 13:09 3461 ----a-w e:\windows\System32\19225pambot7fz.cpl
2008-10-28 22:28 . 2008-10-28 22:28 65320 ----a-w e:\windows\System32\sbbd.exe
2008-10-27 03:53 . 2008-10-27 03:53 3192 ----a-w e:\windows\System32\3d5zth9eat31991.cpl
2008-10-25 02:53 . 2008-10-25 02:53 54280 ----a-w e:\windows\System32\drivers\epfwtdi.sys
2008-10-25 02:53 . 2008-10-25 02:53 31240 ----a-w e:\windows\System32\drivers\epfwndis.sys
2008-10-25 02:53 . 2008-10-25 02:53 73224 ----a-w e:\windows\System32\drivers\epfw.sys
2008-10-25 02:46 . 2008-10-25 02:46 53256 ----a-w e:\windows\System32\drivers\easdrv.sys
2008-10-25 02:45 . 2008-10-25 02:45 39944 ----a-w e:\windows\System32\drivers\eamon.sys
2008-10-24 23:08 . 2008-10-24 23:08 17578 ----a-w e:\windows\System32\324489zrus1195.bin
2008-10-23 18:13 . 2008-10-23 18:13 3051 ----a-w e:\windows\System32\190z5spy595.ocx
2008-10-23 13:12 . 2008-10-23 13:12 11638 ----a-w e:\windows\System32\e3spy5are9z79.bin
2008-10-23 13:01 . 2008-10-23 13:01 283648 -c----w e:\windows\System32\dllcache\gdi32.dll
2008-10-23 10:09 . 2008-10-23 10:09 92464 ----a-w e:\windows\System32\drivers\SBREDrv.sys
2008-10-22 09:47 . 2008-10-22 09:47 62976 ------w e:\windows\System32\tzchange.exe
2008-10-20 12:06 . 2008-10-20 12:06 6097 ----a-w e:\windows\System32\2006vir1z959.dll
2008-10-19 04:46 . 2008-10-19 04:46 15332 ----a-w e:\windows\System32\15975s5zm9ot8.exe
2008-10-19 04:05 . 2008-10-19 04:05 3840 ----a-w e:\windows\System32\1555t9oj450z.dll
2008-10-16 12:15 . 2008-10-16 12:15 2612 ----a-w e:\windows\System32\295bb9czdoor1296.dll
2008-10-15 09:26 . 2008-10-15 09:26 16252 ----a-w e:\windows\System32\92057spy2e9z.bin
2008-10-14 08:51 . 2008-10-14 08:51 4732 ----a-w e:\windows\System32\9ca55pywaze517.bin
2008-10-12 14:52 . 2008-10-12 14:52 3944 ----a-w e:\windows\System32\15152hacktoolz19.bin
2008-10-12 00:32 . 2008-10-12 00:32 18392 ----a-w e:\windows\System32\91199irus5z3.exe
2008-10-11 15:55 . 2008-10-11 15:55 9585 ----a-w e:\windows\System32\25865z9t-5-virus569.ocx
2008-10-09 16:43 . 2008-10-09 16:43 11114 ----a-w e:\windows\System32\661zvir16459.exe
2008-10-08 11:51 . 2008-10-08 11:51 13341 ----a-w e:\windows\System32\9z3915roj75d.exe
2008-10-06 10:16 . 2008-10-06 10:16 13133 ----a-w e:\windows\System32\975avirz522.bin
2008-10-06 09:38 . 2008-10-06 09:38 4717 ----a-w e:\windows\System32\7059virz199.ocx
2008-10-05 03:16 . 2008-10-05 03:16 3789728 ----a-r e:\windows\System32\Macromed\Flash\Flash10a.ocx
2008-10-05 03:16 . 2008-10-05 03:16 235936 ----a-r e:\windows\System32\Macromed\Flash\FlashUtil10a.exe
2008-10-04 23:15 . 2008-10-04 23:15 18026 ----a-w e:\windows\System32\19975zr5j90e.ocx
2008-10-04 16:53 . 2008-10-04 16:53 5180 ----a-w e:\windows\System32\79z5ir2830.ocx
2008-10-03 09:26 . 2008-10-03 09:26 8922 ----a-w e:\windows\System32\66525orz99e.dll
2008-10-03 06:41 . 2008-10-03 06:41 3656 ----a-w e:\windows\System32\4535tzie9378.dll
2008-10-02 00:28 . 2008-10-02 00:28 13706 ----a-w e:\windows\System32\5e92threa5262z5.cpl
2008-09-26 02:45 . 2008-09-26 02:45 5770 ----a-w e:\windows\System32\9517zroj424.ocx
2008-09-21 10:04 . 2008-09-21 10:04 18373 ----a-w e:\windows\System32\z25905irus60d.ocx
2008-09-19 13:25 . 2008-09-19 13:25 11982 ----a-w e:\windows\System32\694zaddware22155.exe
2008-09-17 22:29 . 2008-09-17 22:29 20040 ----a-w e:\windows\System32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2008-09-17 16:55 . 2008-09-17 16:55 436768 ----a-w e:\windows\System32\keystone.exe
2008-09-17 16:55 . 2008-09-17 16:55 475136 ----a-w e:\windows\System32\nvapi.dll
2008-09-17 16:55 . 2008-09-17 16:55 449056 ----a-w e:\windows\System32\nvappbar.exe
2008-09-17 16:55 . 2008-09-17 16:55 122880 ----a-w e:\windows\System32\nvcod.dll
2008-09-17 16:55 . 2008-09-17 16:55 122880 ----a-w e:\windows\System32\nvcodins.dll
2008-09-17 16:55 . 2008-09-17 16:55 143360 ----a-w e:\windows\System32\nvcolor.exe
2008-09-17 16:55 . 2008-09-17 16:55 420384 ----a-w e:\windows\System32\nvcpl.cpl
2008-09-17 16:55 . 2008-09-17 16:55 13574144 ----a-w e:\windows\System32\nvcpl.dll
2008-09-17 16:55 . 2008-09-17 16:55 797216 ----a-w e:\windows\System32\nvcplui.exe
2008-09-17 16:55 . 2008-09-17 16:55 1368064 ----a-w e:\windows\System32\nvcuda.dll
2008-09-17 16:55 . 2008-09-17 16:55 3989504 ----a-w e:\windows\System32\nvdisps.dll
2008-09-17 16:55 . 2008-09-17 16:55 1346080 ----a-w e:\windows\System32\nvdspsch.exe
2008-09-17 16:55 . 2008-09-17 16:55 3444736 ----a-w e:\windows\System32\nvgames.dll
2008-09-17 16:55 . 2008-09-17 16:55 1503232 ----a-w e:\windows\System32\nview.dll
2008-09-17 16:55 . 2008-09-17 16:55 229376 ----a-w e:\windows\System32\nvmccs.dll
2008-09-17 16:55 . 2008-09-17 16:55 45056 ----a-w e:\windows\System32\nvmccsrs.dll
2008-09-17 16:55 . 2008-09-17 16:55 188416 ----a-w e:\windows\System32\nvmccss.dll
2008-09-17 16:55 . 2008-09-17 16:55 86016 ----a-w e:\windows\System32\nvmctray.dll
2008-09-17 16:55 . 2008-09-17 16:55 1257472 ----a-w e:\windows\System32\nvmobls.dll
2008-09-17 16:55 . 2008-09-17 16:55 286720 ----a-w e:\windows\System32\nvnt4cpl.dll
2008-09-17 16:55 . 2008-09-17 16:55 8826880 ----a-w e:\windows\System32\nvoglnt.dll
2008-09-17 16:55 . 2008-09-17 16:55 466944 ----a-w e:\windows\System32\nvshell.dll
2008-09-17 16:55 . 2008-09-17 16:55 163908 ----a-w e:\windows\System32\nvsvc32.exe
2008-09-17 16:55 . 2008-09-17 16:55 73728 ----a-w e:\windows\System32\nvtuicpl.cpl
2008-09-17 16:55 . 2008-09-17 16:55 3764224 ----a-w e:\windows\System32\nvvitvs.dll
2008-09-17 16:55 . 2008-09-17 16:55 81920 ----a-w e:\windows\System32\nvwddi.dll
2008-09-17 16:55 . 2008-09-17 16:55 1724416 ----a-w e:\windows\System32\nvwdmcpl.dll
2008-09-17 16:55 . 2008-09-17 16:55 1101824 ----a-w e:\windows\System32\nvwimg.dll
2008-09-17 16:55 . 2008-09-17 16:55 2686976 ----a-w e:\windows\System32\nvwss.dll
2008-09-17 16:55 . 2008-09-17 16:55 1657376 ----a-w e:\windows\System32\nwiz.exe
2008-09-12 13:29 . 2008-09-12 13:29 15443 ----a-w e:\windows\System32\67a8tz59at31457.bin
2008-09-12 12:24 . 2008-09-12 12:24 3974 ----a-w e:\windows\System32\1d85t5reat3z96.exe
2008-09-12 09:37 . 2008-09-12 09:37 13204 ----a-w e:\windows\System32\13634noz-a5v9rus551.ocx
2008-09-10 06:14 . 2008-09-10 06:14 4232 ----a-w e:\windows\System32\35f9ste9l18z05.dll
2008-09-08 10:03 . 2008-09-08 10:03 15338 ----a-w e:\windows\System32\69bz9d5ware2985.cpl
2008-09-07 19:43 . 2008-09-07 19:43 17862 ----a-w e:\windows\System32\1z558v9rus1c5.exe
2008-09-07 16:07 . 2008-09-07 16:07 3905 ----a-w e:\windows\System32\65bfbac95oorz850.ocx
2008-09-06 22:26 . 2008-09-06 22:26 4382 ----a-w e:\windows\System32\2cz9thief11955.cpl
2008-09-06 07:20 . 2008-09-06 07:20 11142 ----a-w e:\windows\System32\19zebackdoor1059.exe
2008-09-04 16:31 . 2008-09-04 16:31 288024 ----a-w e:\windows\System32\PhysXCplUI.exe
2008-09-04 16:31 . 2008-09-04 16:31 181528 ----a-w e:\windows\System32\PhysX.cpl
2008-08-30 03:06 . 2008-08-30 03:06 1350664 ----a-w e:\windows\System32\msxml6.dll
2008-08-29 15:57 . 2008-08-29 15:57 70936 ----a-w e:\windows\System32\PhysXLoader.dll
2008-08-24 21:23 . 2008-08-24 21:23 15565 ----a-w e:\windows\System32\1217zsp9mbot75e.exe
2008-08-21 19:50 . 2008-08-21 19:50 3938 ----a-w e:\windows\System32\z569s9y220.dll
2008-08-20 02:21 . 2008-08-20 02:21 9959 ----a-w e:\windows\System32\6178za5ktool329.dll
2008-08-16 09:56 . 2008-08-16 09:56 9552 ----a-w e:\windows\System32\5z575spy589.exe
2008-08-12 20:47 . 2008-08-12 20:47 2816 ----a-w e:\windows\System32\2ze1b9ckd5or1848.dll
2008-08-12 19:56 . 2008-08-12 19:56 2684 ----a-w e:\windows\System32\z5779irus61.bin
2008-08-06 21:25 . 2008-08-06 21:25 4322 ----a-w e:\windows\System32\f5asp9zse1171.bin
2008-07-25 01:06 . 2008-07-25 01:06 12488 ----a-w e:\windows\System32\681aspyza9e5006.dll
2008-07-23 07:18 . 2008-07-23 07:18 8969 ----a-w e:\windows\System32\49c5stza51614.ocx
2008-07-22 07:58 . 2008-07-22 07:58 15470 ----a-w e:\windows\System32\4895spy6z0.exe
2008-07-19 07:28 . 2008-07-19 07:28 9905 ----a-w e:\windows\System32\5085addwarz3919.cpl
2008-07-18 14:17 . 2008-07-18 14:17 4479 ----a-w e:\windows\System32\12985viru9z52.exe
2008-07-15 08:33 . 2008-07-15 08:33 5017 ----a-w e:\windows\System32\2c8b5h9eat163z3.exe
2008-07-07 20:32 . 2008-07-07 20:32 253952 -c----w e:\windows\System32\dllcache\es.dll
2008-07-07 06:04 . 2008-07-07 06:04 12533 ----a-w e:\windows\System32\502a59yware216z.ocx
2008-07-06 04:48 . 2008-07-06 04:48 4728 ----a-w e:\windows\System32\30z859rus55e.dll
2008-07-05 07:14 . 2008-07-05 07:14 17781 ----a-w e:\windows\System32\345bt5i9z2214.cpl
2008-07-03 13:16 . 2008-07-03 13:16 8454656 -c----w e:\windows\System32\dllcache\shell32.dll
2008-07-03 04:26 . 2008-07-03 04:26 12785 ----a-w e:\windows\System32\7145oz-a-virus795.dll
2008-07-01 19:14 . 2008-07-01 19:14 8287 ----a-w e:\windows\System32\18ze5hief2918.ocx
2008-07-01 17:44 . 2008-07-01 17:44 4828 ----a-w e:\windows\System32\7459v5rusz9f.cpl
2008-06-28 13:02 . 2008-06-28 13:02 12808 ----a-w e:\windows\System32\965aaddwa5e2z99.exe
2008-06-28 09:54 . 2008-06-28 09:54 14570 ----a-w e:\windows\System32\5202th5e9t27870z.dll
2008-06-25 18:03 . 2008-06-25 18:03 3244 ----a-w e:\windows\System32\784cspyw5r9z805.cpl
2008-06-24 16:23 . 2008-06-24 16:23 74240 -c----w e:\windows\System32\dllcache\mscms.dll
2008-06-24 13:21 . 2008-06-24 13:21 7570 ----a-w e:\windows\System32\1517n9t-z-virus43a.cpl
2008-06-23 10:22 . 2008-06-23 10:22 12153 ----a-w e:\windows\System32\15963zorm4e5.cpl
2008-06-21 13:43 . 2008-06-21 13:43 15671 ----a-w e:\windows\System32\15915zroj289.dll
2008-06-20 17:41 . 2008-06-20 17:41 148992 -c----w e:\windows\System32\dllcache\dnsapi.dll
2008-06-20 17:41 . 2008-06-20 17:41 245248 -c----w e:\windows\System32\dllcache\mswsock.dll
2008-06-20 10:45 . 2008-06-20 10:45 360320 -c----w e:\windows\System32\dllcache\tcpip.sys
2008-06-20 09:52 . 2008-06-20 09:52 225920 -c----w e:\windows\System32\dllcache\tcpip6.sys
2008-06-20 01:09 . 2008-06-20 01:09 16713 ----a-w e:\windows\System32\3b49downl5adez1815.bin
2008-06-17 14:07 . 2008-06-17 14:07 7718 ----a-w e:\windows\System32\576stea91329z.dll
2008-06-17 08:09 . 2008-06-17 08:09 6020 ----a-w e:\windows\System32\z9595spy2905.cpl
2008-06-15 09:15 . 2008-06-15 09:15 16167 ----a-w e:\windows\System32\11adbackdoo51869z.bin
2008-06-12 14:16 . 2008-06-12 14:16 58880 -c----w e:\windows\System32\dllcache\msdtclog.dll
2008-06-12 14:16 . 2008-06-12 14:16 428032 -c----w e:\windows\System32\dllcache\msdtcprx.dll
2008-06-12 14:16 . 2008-06-12 14:16 956928 -c----w e:\windows\System32\dllcache\msdtctm.dll
2008-06-12 14:16 . 2008-06-12 14:16 161792 -c----w e:\windows\System32\dllcache\msdtcuiu.dll
2008-06-12 14:16 . 2008-06-12 14:16 66560 -c----w e:\windows\System32\dllcache\mtxclu.dll
2008-06-12 14:16 . 2008-06-12 14:16 91648 -c----w e:\windows\System32\dllcache\mtxoci.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelKorean.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelPortugese.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelSimplifiedChinese.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelSpanish.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelSwedish.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelTraditionalChinese.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelFrench.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelGerman.dll
2008-06-11 16:02 . 2008-06-11 16:02 58648 ----a-w e:\windows\System32\AgCPanelJapanese.dll
2008-06-10 17:58 . 2008-06-10 17:58 8000 ----a-w e:\windows\System32\55zc9parse2995.dll
2008-06-10 00:01 . 2008-06-10 00:01 10552 ----a-w e:\windows\System32\6071s5arse317z9.bin
2008-06-09 05:18 . 2008-06-09 05:18 18068 ----a-w e:\windows\System32\5be6spar5ez6039.bin
2008-06-05 15:58 . 2008-06-05 15:58 197912 ----a-w e:\windows\System32\physxcudart_20.dll
2008-06-05 08:43 . 2008-06-05 08:43 16118 ----a-w e:\windows\System32\4956tzreat9820.dll
2008-06-05 06:11 . 2008-06-05 06:11 8686 ----a-w e:\windows\System32\9zft5ief3034.exe
2008-06-05 04:30 . 2008-06-05 04:30 3686 ----a-w e:\windows\System32\9952zor546c.bin
2008-06-01 06:08 . 2008-06-01 06:08 3073 ----a-w e:\windows\System32\1897addwaze945.exe
2008-05-28 01:49 . 2008-05-28 01:49 7262 ----a-w e:\windows\System32\1zf5spa5s9782.ocx
2008-05-25 14:16 . 2008-05-25 14:16 12836 ----a-w e:\windows\System32\128809irus2z5.dll
2008-05-20 23:25 . 2008-05-20 23:25 2519 ----a-w e:\windows\System32\3410thre5910z63.exe
2008-05-18 16:22 . 2008-05-18 16:22 17196 ----a-w e:\windows\System32\5535doznloade91710.bin
2008-05-16 21:01 . 2008-09-17 16:55 6057472 -c--a-w e:\windows\System32\dllcache\nv4_disp.dll
2008-05-16 21:01 . 2008-09-17 16:55 6132576 -c--a-w e:\windows\System32\dllcache\nv4_mini.sys
2008-05-16 21:01 . 2008-09-17 16:55 6132576 ----a-w e:\windows\System32\drivers\nv4_mini.sys
2008-05-16 21:01 . 2008-09-17 16:55 6057472 ----a-w e:\windows\System32\nv4_disp.dll
2008-05-14 20:37 . 2008-05-14 20:37 6762 ----a-w e:\windows\System32\2z943tr5j3c9.ocx
2008-05-14 18:17 . 2008-05-14 18:17 13416 ----a-w e:\windows\System32\7z95vi589.dll
2008-05-11 18:20 . 2008-05-11 18:20 5655 ----a-w e:\windows\System32\16379hzck9o5l188.cpl
2008-05-08 16:32 . 2008-05-08 16:32 13319 ----a-w e:\windows\System32\913edoznl5ader708.exe
2008-05-07 05:18 . 2008-12-20 22:43 1287680 -c----w e:\windows\System32\dllcache\quartz.dll
2008-05-06 12:34 . 2008-05-06 12:34 5090 ----a-w e:\windows\System32\5055spzrs92397.dll
2008-05-02 21:31 . 2008-05-02 21:31 14050 ----a-w e:\windows\System32\15091n59-azvirus5ed.ocx
2008-04-28 12:32 . 2008-04-28 12:32 6528 ----a-w e:\windows\System32\5fd0spyzare3009.exe
2008-04-28 00:09 . 2008-04-28 00:09 7256 ----a-w e:\windows\System32\59z59hief598.dll
2008-04-25 17:05 . 2008-04-25 17:05 18061 ----a-w e:\windows\System32\5e72thz95392.dll
2008-04-24 00:34 . 2008-04-24 00:34 176128 ----a-w e:\windows\System32\txmlutil.dll
2008-04-23 22:55 . 2008-04-23 22:55 15479 ----a-w e:\windows\System32\311z7s9y355.dll
2008-04-23 22:25 . 2008-04-23 22:25 8533 ----a-w e:\windows\System32\4040s5y39z.dll
2008-04-23 13:27 . 2008-04-23 13:27 8804 ----a-w e:\windows\System32\54bcb5ckdo9r233z.bin
2008-04-22 06:53 . 2008-04-22 06:53 9924 ----a-w e:\windows\System32\491azd95re540.bin
2008-04-17 12:36 . 2008-04-17 12:36 8104 ----a-w e:\windows\System32\21e0t95eaz14291.exe
2008-04-16 13:29 . 2008-04-16 13:29 3025 ----a-w e:\windows\System32\z0f9v5r9909.dll
2008-04-16 03:38 . 2008-04-16 03:38 11853 ----a-w e:\windows\System32\25987zpambot52d.exe
2008-04-16 00:26 . 2008-04-16 00:26 15205 ----a-w e:\windows\System32\5az0addware9559.exe
2008-04-15 12:36 . 2008-04-15 12:36 11825 ----a-w e:\windows\System32\z095hacktool93.dll
2008-04-14 10:43 . 2008-04-14 10:43 7191 ----a-w e:\windows\System32\zc6s5arse496.exe
2008-04-14 07:29 . 2008-04-14 07:29 4944 ----a-w e:\windows\System32\97dvi52691z.bin
2008-04-10 00:40 . 2008-04-10 00:40 8588 ----a-w e:\windows\System32\5285zpambot2b69.ocx
2008-04-07 19:45 . 2008-04-07 19:45 15175 ----a-w e:\windows\System32\52z55o9ma5.bin
2008-04-07 00:53 . 2008-04-07 00:53 16448 ----a-w e:\windows\System32\600ezt5al292.ocx
2008-04-04 06:31 . 2008-04-04 06:31 2582 ----a-w e:\windows\System32\9380z5orm1c8.dll
2008-04-02 18:49 . 2008-04-02 18:49 6758 ----a-w e:\windows\System32\614259y229z.ocx
2008-04-01 21:29 . 2008-04-01 21:29 13521 ----a-w e:\windows\System32\28514zac9too5200.ocx
2008-03-28 10:25 . 2008-03-28 10:25 7399 ----a-w e:\windows\System32\7239viz54789.dll
2008-03-28 02:06 . 2008-03-28 02:06 10786 ----a-w e:\windows\System32\91598troj5f5z.bin
2008-03-20 15:24 . 2008-03-20 15:24 116977 ----a-w e:\windows\System32\AGEIA\AG1021\diag.bin
2008-03-18 16:36 . 2008-03-18 16:36 3660 ----a-w e:\windows\System32\35z07virus7fb9.bin
2008-03-15 08:02 . 2008-03-15 08:02 12592 ----a-w e:\windows\System32\zaffbackdo9r556.bin
2008-03-13 22:51 . 2008-03-13 22:51 16747 ----a-w e:\windows\System32\241795zambo969a.cpl
2008-03-09 01:27 . 2008-03-09 01:27 6857 ----a-w e:\windows\System32\z8028not-a-5irus99b.bin
2008-03-06 15:49 . 2008-03-06 15:49 12784 ----a-w e:\windows\System32\1az1a59ware2727.dll
2008-03-05 01:55 . 2008-03-05 01:55 2729 ----a-w e:\windows\System32\z1654hacktool5399.ocx
2008-03-02 20:05 . 2008-03-02 20:05 6624 ----a-w e:\windows\System32\492n5t-z-virus1c0.exe
2008-03-02 00:41 . 2008-03-02 00:41 9954 ----a-w e:\windows\System32\7z9cba9kdoo5849.exe
2008-03-01 07:22 . 2008-03-01 07:22 14475 ----a-w e:\windows\System32\69z7threat202135.ocx
2008-02-29 17:18 . 2008-02-29 17:18 119473 ----a-w e:\windows\System32\AGEIA\AG1011\diag.bin
2008-02-29 17:18 . 2008-02-29 17:18 214629 ----a-w e:\windows\System32\AGEIA\AG1021\app.bin
2008-02-27 01:09 . 2008-02-27 01:09 14541 ----a-w e:\windows\System32\13355wor5z09.cpl
2008-02-24 13:16 . 2008-02-24 13:16 5229 ----a-w e:\windows\System32\1591not-a-viru92f5z.bin
2008-02-23 23:06 . 2008-02-23 23:06 2919 ----a-w e:\windows\System32\3509steal15z3.bin
2008-02-23 22:43 . 2008-02-23 22:43 17497 ----a-w e:\windows\System32\2825tro95cfz.ocx
2008-02-22 08:50 . 2008-02-22 08:50 18211 ----a-w e:\windows\System32\2303sza5bot5179.bin
2008-02-21 06:10 . 2008-02-21 06:10 7064 ----a-w e:\windows\System32\55z5spars91148.cpl
2008-02-20 08:30 . 2008-02-20 08:30 6511 ----a-w e:\windows\System32\56efdoznloader469.dll
2008-02-19 05:48 . 2008-02-19 05:48 16830 ----a-w e:\windows\System32\275zthief9849.bin
2008-02-17 22:11 . 2008-02-17 22:11 18193 ----a-w e:\windows\System32\45ce9pywa5z2636.exe
2008-02-06 10:22 . 2008-02-06 10:22 18117 ----a-w e:\windows\System32\29d3t5ief26z5.ocx
2008-02-06 02:42 . 2008-02-06 02:42 16679 ----a-w e:\windows\System32\z025thre9t16058.dll
2008-02-01 18:58 . 2008-02-01 18:58 15632 ----a-w e:\windows\System32\59fds5y9are1z45.cpl
2008-01-28 06:06 . 2008-01-28 06:06 8162 ----a-w e:\windows\System32\z3581wo9m7d5.cpl
2008-01-28 01:53 . 2008-01-28 01:53 6359 ----a-w e:\windows\System32\5c06s9eal2z89.bin
2008-01-25 15:08 . 2008-01-25 15:08 8701 ----a-w e:\windows\System32\97533spambotz4b.bin
2008-01-23 02:46 . 2008-01-23 02:46 7770 ----a-w e:\windows\System32\28988spy6z65.ocx
2008-01-18 08:27 . 2008-01-18 08:27 5284 ----a-w e:\windows\System32\z49ds5arse863.cpl
2008-01-16 20:30 . 2008-01-16 20:30 14049 ----a-w e:\windows\System32\z4689ot-a-viru52a7.cpl
2008-01-16 17:19 . 2008-01-16 17:19 6791 ----a-w e:\windows\System32\2z922hacktoo953b.bin
2008-01-15 16:34 . 2005-01-28 20:44 3371008 -c--a-w e:\windows\System32\dllcache\wmploc.dll


Report •

#31
April 19, 2009 at 20:11:08
More:


2008-01-15 16:34 . 2005-01-28 20:44 3371008 ----a-w e:\windows\System32\wmploc.dll
2008-01-15 04:54 . 2008-01-15 04:54 7667 ----a-w e:\windows\System32\35b8addwzre5979.dll
2008-01-14 23:24 . 2008-01-14 23:24 3948 ----a-w e:\windows\System32\7582s9amzotb.bin
2008-01-06 22:03 . 2008-01-06 22:03 6932 ----a-w e:\windows\System32\z5295not-a9virus5dd.cpl
2008-01-05 14:56 . 2008-01-05 14:56 3121 ----a-w e:\windows\System32\57z97s9ambot67c.ocx
2008-01-04 03:47 . 2008-01-04 03:47 14807 ----a-w e:\windows\System32\94a6steal185z5.bin
2008-01-02 05:46 . 2008-01-02 05:46 4996 ----a-w e:\windows\System32\10925not-a-5irus9z4.dll
2007-10-24 08:47 . 2007-10-24 08:47 15360 ----a-w e:\windows\System32\mui\[u]0[/u]409\mscorees.dll
2007-10-24 08:47 . 2007-10-24 08:47 282112 ----a-w e:\windows\System32\mscoree.dll
2007-10-24 08:47 . 2007-10-24 08:47 158720 ----a-w e:\windows\System32\mscorier.dll
2007-10-24 08:47 . 2007-10-24 08:47 84480 ----a-w e:\windows\System32\mscories.dll
2007-10-24 08:47 . 2007-10-24 08:47 96760 ----a-w e:\windows\System32\dfshim.dll
2007-10-18 18:31 . 2007-10-18 18:31 51224 ----a-w e:\windows\System32\sirenacm.dll
2007-09-14 03:41 . 2007-09-14 03:41 51608 ----a-w e:\windows\System32\drivers\WmXlCore.sys
2007-09-14 03:41 . 2007-09-14 03:41 14744 ----a-w e:\windows\System32\drivers\WmVirHid.sys
2007-09-14 03:41 . 2007-09-14 03:41 29208 ----a-w e:\windows\System32\drivers\WmHidLo.sys
2007-09-14 03:41 . 2007-09-14 03:41 29976 ----a-w e:\windows\System32\drivers\WmFilter.sys
2007-09-14 03:40 . 2007-09-14 03:40 19352 ----a-w e:\windows\System32\drivers\WmBEnum.sys
2007-09-14 03:40 . 2007-09-14 03:40 234008 ----a-w e:\windows\System32\WmJoyFrc.dll
2007-08-14 01:54 . 2008-05-27 17:23 765952 -c----w e:\windows\System32\dllcache\vgx.dll
2007-08-14 01:54 . 2009-02-20 18:09 233472 -c----w e:\windows\System32\dllcache\webcheck.dll
2007-08-14 01:54 . 2009-02-20 18:09 6066176 ----a-w e:\windows\System32\ieframe.dll
2007-08-14 01:54 . 2007-08-14 01:54 180736 ------w e:\windows\System32\ieui.dll
2007-08-14 01:54 . 2009-02-20 18:09 459264 ----a-w e:\windows\System32\msfeeds.dll
2007-08-14 01:54 . 2009-02-20 18:09 52224 ----a-w e:\windows\System32\msfeedsbs.dll
2007-08-14 01:45 . 2009-02-20 18:09 78336 -c----w e:\windows\System32\dllcache\ieencode.dll
2007-08-14 01:45 . 2007-08-14 01:45 10752 ------w e:\windows\System32\en-US\html.iec.mui
2007-08-14 01:45 . 2007-08-14 01:45 206336 ------w e:\windows\System32\WinFXDocObj.exe
2007-08-14 01:45 . 2007-08-14 01:45 6144 ------w e:\windows\System32\en-US\WinFXDocObj.exe.mui
2007-08-14 01:45 . 2009-02-20 18:09 1830912 -c----w e:\windows\System32\dllcache\inetcpl.cpl
2007-08-14 01:44 . 2007-08-14 01:44 1273856 ------w e:\windows\System32\en-US\inetcpl.cpl.mui
2007-08-14 01:44 . 2007-08-14 01:44 40960 -c----w e:\windows\System32\dllcache\licmgr10.dll
2007-08-14 01:44 . 2007-08-14 01:44 4096 ------w e:\windows\System32\en-US\licmgr10.dll.mui
2007-08-14 01:44 . 2007-08-14 01:44 94208 ------w e:\windows\System32\en-US\webcheck.dll.mui
2007-08-14 01:44 . 2009-02-20 18:09 102912 -c----w e:\windows\System32\dllcache\occache.dll
2007-08-14 01:44 . 2007-08-14 01:44 90112 ------w e:\windows\System32\en-US\msrating.dll.mui
2007-08-14 01:43 . 2009-02-28 04:54 636072 -c----w e:\windows\System32\dllcache\iexplore.exe
2007-08-14 01:43 . 2007-08-14 01:43 34304 ------w e:\windows\System32\en-US\extmgr.dll.mui
2007-08-14 01:43 . 2007-08-14 01:43 32768 ------w e:\windows\System32\en-US\occache.dll.mui
2007-08-14 01:42 . 2007-08-14 01:42 17408 -c----w e:\windows\System32\dllcache\corpol.dll
2007-08-14 01:40 . 2008-07-09 14:30 991232 ------w e:\windows\System32\en-US\ieframe.dll.mui
2007-08-14 01:40 . 2008-07-09 14:30 991232 ----a-w e:\windows\System32\ieframe.dll.mui
2007-08-14 01:40 . 2007-08-14 01:40 131072 ------w e:\windows\System32\en-US\wininet.dll.mui
2007-08-14 01:40 . 2007-08-14 01:40 331776 ------w e:\windows\System32\en-US\urlmon.dll.mui
2007-08-14 01:40 . 2007-08-14 01:40 2560 ------w e:\windows\System32\en-US\ieunatt.exe.mui
2007-08-14 01:39 . 2009-02-20 18:09 230400 -c----w e:\windows\System32\dllcache\ieaksie.dll
2007-08-14 01:39 . 2009-02-20 18:09 385024 -c----w e:\windows\System32\dllcache\iedkcs32.dll
2007-08-14 01:39 . 2007-08-14 01:39 102400 ------w e:\windows\System32\en-US\ieaksie.dll.mui
2007-08-14 01:39 . 2009-02-20 18:09 153088 -c----w e:\windows\System32\dllcache\ieakeng.dll
2007-08-14 01:39 . 2007-08-14 01:39 7680 ------w e:\windows\System32\en-US\ieakeng.dll.mui
2007-08-14 01:39 . 2007-08-14 01:39 55296 -c----w e:\windows\System32\dllcache\iesetup.dll
2007-08-14 01:39 . 2007-08-14 01:39 5632 ------w e:\windows\System32\en-US\admparse.dll.mui
2007-08-14 01:39 . 2007-08-14 01:39 81920 ------w e:\windows\System32\en-US\iedkcs32.dll.mui
2007-08-14 01:39 . 2009-02-20 18:09 44544 -c----w e:\windows\System32\dllcache\iernonce.dll
2007-08-14 01:39 . 2009-02-20 10:20 13824 ----a-w e:\windows\System32\ieudinit.exe
2007-08-14 01:39 . 2009-02-20 10:20 70656 -c----w e:\windows\System32\dllcache\ie4uinit.exe
2007-08-14 01:39 . 2007-08-14 01:39 4096 ------w e:\windows\System32\en-US\ie4uinit.exe.mui
2007-08-14 01:39 . 2007-08-14 01:39 16896 ------w e:\windows\System32\en-US\iesetup.dll.mui
2007-08-14 01:39 . 2007-08-14 01:39 5120 ------w e:\windows\System32\en-US\iernonce.dll.mui
2007-08-14 01:38 . 2007-08-14 01:38 3584 ------w e:\windows\System32\en-US\inseng.dll.mui
2007-08-14 01:38 . 2007-08-14 01:38 10240 ------w e:\windows\System32\advpack.dll.mui
2007-08-14 01:36 . 2007-08-14 01:36 12288 ------w e:\windows\System32\msfeedssync.exe
2007-08-14 01:36 . 2007-08-14 01:36 2560 ------w e:\windows\System32\en-US\msfeedsbs.dll.mui
2007-08-14 01:36 . 2009-02-20 18:09 63488 ----a-w e:\windows\System32\icardie.dll
2007-08-14 01:36 . 2007-08-14 01:36 8704 ------w e:\windows\System32\en-US\icardie.dll.mui
2007-08-14 01:36 . 2007-08-14 01:36 4608 ------w e:\windows\System32\en-US\iepeers.dll.mui
2007-08-14 01:36 . 2007-08-14 01:36 36352 -c----w e:\windows\System32\dllcache\imgutil.dll
2007-08-14 01:34 . 2009-02-20 18:09 268288 ----a-w e:\windows\System32\iertutil.dll
2007-08-14 01:32 . 2007-08-14 01:32 3584 ------w e:\windows\System32\en-US\mshtmled.dll.mui
2007-08-14 01:32 . 2007-08-14 01:32 237568 ------w e:\windows\System32\en-US\mshtml.dll.mui
2007-08-14 01:32 . 2007-08-14 01:32 45568 -c----w e:\windows\System32\dllcache\mshta.exe
2007-08-14 01:32 . 2007-08-14 01:32 2560 ------w e:\windows\System32\en-US\mshta.exe.mui
2007-08-14 01:32 . 2007-08-14 01:32 66560 -c----w e:\windows\System32\dllcache\tdc.ocx
2007-08-14 01:18 . 2007-08-14 01:18 60416 -c----w e:\windows\System32\dllcache\hmmapi.dll
2007-08-14 01:11 . 2007-08-14 01:11 3584 ------w e:\windows\System32\en-US\ieui.dll.mui
2007-08-14 01:01 . 2007-08-14 01:01 48128 -c----w e:\windows\System32\dllcache\mshtmler.dll
2007-08-14 01:01 . 2007-08-14 01:01 57344 ------w e:\windows\System32\en-US\mshtmler.dll.mui
2007-08-14 00:56 . 2007-08-14 00:56 266240 ------w e:\windows\System32\en-US\ieakui.dll.mui
2007-08-14 00:50 . 2007-08-14 00:50 1383424 -c----w e:\windows\System32\dllcache\mshtml.tlb
2007-07-23 16:02 . 2007-07-23 16:02 199885 ----a-w e:\windows\System32\AGEIA\AG1011\app.bin
2007-07-11 19:27 . 2009-02-20 18:09 383488 ----a-w e:\windows\System32\ieapfltr.dll
2007-07-04 01:43 . 2007-07-04 01:43 11304 ----a-w e:\windows\System32\drivers\imagedrv.sys
2007-07-04 01:43 . 2007-07-04 01:43 132904 ----a-w e:\windows\System32\drivers\imagesrv.sys
2007-06-06 08:53 . 2007-06-06 08:53 1195888 ----a-w e:\windows\System32\FM20.DLL
2007-05-16 16:18 . 2007-05-16 16:18 95864 ----a-w e:\windows\System32\NeroCo.dll
2007-04-11 17:11 . 2007-04-11 17:11 511328 ----a-w e:\windows\System32\capicom.dll
2007-04-02 22:49 . 2005-01-28 20:44 73728 -c--a-w e:\windows\System32\dllcache\wmplayer.exe
2007-03-22 17:17 . 2007-03-22 17:17 35440 ----a-w e:\windows\System32\FM20ENU.DLL
2007-03-22 03:54 . 2007-03-22 03:54 77312 ----a-w e:\windows\System32\TWAIN_32.DLL
2007-03-22 03:54 . 2007-03-22 03:54 48560 ----a-w e:\windows\System32\TWUNK_16.EXE
2007-03-22 03:54 . 2007-03-22 03:54 69632 ----a-w e:\windows\System32\TWUNK_32.EXE
2007-03-07 18:41 . 2007-03-07 18:41 6630 ----a-w e:\windows\System32\Macromed\Flash\FlashPlayerTrust\AcrobatConnect.cfg
2007-02-15 16:43 . 2007-02-15 16:43 2404 ----a-w e:\windows\System32\spool\drivers\color\sm940T.icm
2007-02-12 23:10 . 2008-07-09 14:25 2455488 ----a-w e:\windows\System32\ieapfltr.dat
2007-01-10 23:03 . 2007-01-10 23:03 493400 ----a-w e:\windows\System32\XceedZip.dll
2006-10-30 10:33 . 2006-10-30 10:33 572176 ----a-w e:\windows\System32\mui\[u]0[/u]409\icardres.dll.mui
2006-10-30 10:33 . 2006-10-30 10:33 556296 ----a-w e:\windows\System32\icardagt.exe
2006-10-30 10:33 . 2006-10-30 10:33 9480 ----a-w e:\windows\System32\icardres.dll
2006-10-30 10:33 . 2006-10-30 10:33 572176 ----a-w e:\windows\System32\icardres.dll.mui
2006-10-30 10:33 . 2006-10-30 10:33 83968 ----a-w e:\windows\System32\infocardapi.dll
2006-10-30 10:33 . 2006-10-30 10:33 26112 ----a-w e:\windows\System32\infocardcpl.cpl
2006-10-24 19:30 . 2006-10-24 19:30 412160 ------w e:\windows\System32\photometadatahandler.dll
2006-10-24 19:30 . 2006-10-24 19:30 716288 ------w e:\windows\System32\WindowsCodecs.dll
2006-10-24 19:30 . 2006-10-24 19:30 276992 ------w e:\windows\System32\WMPhoto.dll
2006-10-24 19:29 . 2006-10-24 19:29 352256 ------w e:\windows\System32\WindowsCodecsExt.dll
2006-10-21 04:30 . 2006-10-21 04:30 1980704 ----a-w e:\windows\System32\milcore.dll
2006-10-21 04:30 . 2006-10-21 04:30 769312 ----a-w e:\windows\System32\PresentationNative_v0300.dll
2006-10-21 04:30 . 2006-10-21 04:30 478496 ----a-w e:\windows\System32\evr.dll
2006-10-21 04:29 . 2006-10-21 04:29 344352 ----a-w e:\windows\System32\PresentationHost.exe
2006-10-21 04:29 . 2006-10-21 04:29 304928 ----a-w e:\windows\System32\XPSViewer\XPSViewer.exe
2006-10-21 04:29 . 2006-10-21 04:29 159008 ----a-w e:\windows\System32\UIAutomationCore.dll
2006-10-21 04:29 . 2006-10-21 04:29 104224 ----a-w e:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2006-10-21 04:29 . 2006-10-21 04:29 69408 ----a-w e:\windows\System32\dxva2.dll
2006-10-21 04:29 . 2006-10-21 04:29 20768 ----a-w e:\windows\System32\PresentationHostProxy.dll
2006-10-21 03:06 . 2006-10-21 03:06 3584 ----a-w e:\windows\System32\XPSViewer\en-us\XPSViewer.exe.mui
2006-10-21 03:06 . 2006-10-21 03:06 3584 ----a-w e:\windows\System32\en-US\PresentationHost.exe.mui
2006-10-21 03:05 . 2006-10-21 03:05 4096 ----a-w e:\windows\System32\en-US\UIAutomationCore.dll.mui
2006-10-15 03:22 . 2006-10-15 03:22 1698048 -c----w e:\windows\System32\dllcache\XpsSvcs.dll
2006-10-15 03:22 . 2006-10-15 03:22 1698048 ----a-w e:\windows\System32\spool\drivers\w32x86\3\XpsSvcs.dll
2006-10-15 03:22 . 2006-10-15 03:22 1698048 ------w e:\windows\System32\XpsSvcs.dll
2006-10-15 03:21 . 2006-10-15 03:21 580352 -c----w e:\windows\System32\dllcache\XPSSHHDR.dll
2006-10-15 03:21 . 2006-10-15 03:21 580352 ------w e:\windows\System32\XPSSHHDR.dll
2006-10-14 23:44 . 2006-10-14 23:44 671744 -c----w e:\windows\System32\dllcache\PrintFilterPipelineSvc.exe
2006-10-14 23:44 . 2006-10-14 23:44 671744 ------w e:\windows\System32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
2006-10-14 23:43 . 2006-10-14 23:43 124416 ------w e:\windows\System32\prntvpt.dll
2006-10-14 23:43 . 2006-10-14 23:43 27648 -c----w e:\windows\System32\dllcache\FilterPipelinePrintProc.dll
2006-10-14 23:43 . 2006-10-14 23:43 751104 ----a-w e:\windows\System32\spool\drivers\w32x86\3\mxdwdrv.dll
2006-10-14 23:42 . 2006-10-14 23:42 131584 ----a-w e:\windows\System32\spool\drivers\w32x86\3\mxdwdui.dll
2006-10-14 23:42 . 2006-10-14 23:42 510464 ----a-w e:\windows\System32\spool\drivers\w32x86\3\unidrvui.dll
2006-10-14 23:42 . 2006-10-14 23:42 376320 ----a-w e:\windows\System32\spool\drivers\w32x86\3\unidrv.dll
2006-10-14 23:40 . 2006-10-14 23:40 619008 ----a-w e:\windows\System32\spool\drivers\w32x86\3\unires.dll
2006-10-04 13:33 . 2006-10-04 13:33 35840 -c----w e:\windows\System32\dllcache\umandlg.dll
2006-10-04 08:48 . 2006-10-04 08:48 215552 -c----w e:\windows\System32\dllcache\osk.exe
2006-10-04 08:48 . 2006-10-04 08:48 50176 -c----w e:\windows\System32\dllcache\utilman.exe
2006-10-04 08:48 . 2006-10-04 08:48 72704 -c----w e:\windows\System32\dllcache\magnify.exe
2006-10-04 08:48 . 2006-10-04 08:48 53760 -c----w e:\windows\System32\dllcache\narrator.exe
2006-09-23 20:12 . 2006-09-23 20:12 74715 ------w e:\windows\System32\IE7Eula.rtf
2006-09-01 15:44 . 2006-09-01 15:44 8798 ----a-w e:\windows\System32\icrav03.rat
2006-09-01 15:44 . 2006-09-01 15:44 1988 ------w e:\windows\System32\ticrf.rat
2006-08-31 08:01 . 2006-08-31 08:01 67628 ----a-w e:\windows\System32\spool\drivers\w32x86\3\mxdwdui.gpd
2006-08-24 23:15 . 2006-08-24 23:15 150808 ----a-w e:\windows\System32\rgb9rast_2.dll
2006-08-04 19:56 . 2006-08-04 19:56 59116 ----a-w e:\windows\System32\spool\drivers\w32x86\3\stdschem.gdl
2006-07-25 21:52 . 2006-07-25 21:52 1802240 ----a-w e:\windows\System32\ElectricSheep.scr
2006-06-29 15:05 . 2006-06-29 15:05 26112 ------w e:\windows\System32\idndl.dll
2006-06-29 15:05 . 2006-06-29 15:05 23552 ------w e:\windows\System32\normaliz.dll
2006-06-29 00:59 . 2006-06-29 00:59 24576 ------w e:\windows\System32\nlsdl.dll
2006-06-08 21:40 . 2006-06-08 21:40 2301 ----a-w e:\windows\System32\electricsheep-cache\Instructions.txt
2006-06-08 19:06 . 2006-06-08 19:06 59342 ------w e:\windows\System32\normidna.nls
2006-06-08 19:06 . 2006-06-08 19:06 45794 ------w e:\windows\System32\normnfc.nls
2006-06-08 19:06 . 2006-06-08 19:06 39284 ------w e:\windows\System32\normnfd.nls
2006-06-08 19:06 . 2006-06-08 19:06 66384 ------w e:\windows\System32\normnfkc.nls
2006-06-08 19:06 . 2006-06-08 19:06 60294 ------w e:\windows\System32\normnfkd.nls
2006-04-21 22:12 . 2006-04-21 22:12 21225 ----a-w e:\windows\System32\spool\drivers\w32x86\3\unidrv.hlp
2006-04-21 21:38 . 2006-04-21 21:38 23812 ----a-w e:\windows\System32\spool\drivers\w32x86\3\stddtype.gdl
2006-04-21 21:38 . 2006-04-21 21:38 14362 ----a-w e:\windows\System32\spool\drivers\w32x86\3\stdnames.gpd
2006-04-21 21:38 . 2006-04-21 21:38 2278 ----a-w e:\windows\System32\spool\drivers\w32x86\3\stdschmx.gdl
2006-04-21 21:38 . 2006-04-21 21:38 42 ----a-w e:\windows\System32\spool\drivers\w32x86\3\mxdwdui.ini
2005-11-22 19:02 . 2005-11-22 19:02 74436 ----a-w e:\windows\System32\XPSViewer\XPSViewerManifest.xml
2005-09-23 14:28 . 2005-09-23 14:28 32768 ----a-w e:\windows\System32\netfxperf.dll
2005-09-08 08:03 . 2005-09-08 08:03 86728 ----a-w e:\windows\System32\msxml6r.dll
2005-08-06 19:29 . 2005-08-06 19:29 18660 ----a-w e:\windows\System32\electricsheep-cache\License.txt
2005-05-23 06:29 . 2005-05-23 06:29 21337 ----a-w e:\windows\System32\electricsheep-cache\electricsheep-frown.png
2005-05-23 06:29 . 2005-05-23 06:29 21109 ----a-w e:\windows\System32\electricsheep-cache\electricsheep-smile.png
2005-01-28 20:44 . 2005-01-28 20:44 484352 ----a-w e:\windows\System32\Audiodev.dll
2005-01-28 20:44 . 2005-01-28 20:44 360448 ----a-w e:\windows\System32\l3codecp.acm
2005-01-28 20:44 . 2005-01-28 20:44 1594880 ----a-w e:\windows\System32\wmpencen.dll
2005-01-28 20:44 . 2005-01-28 20:44 175104 ----a-w e:\windows\System32\wmpsrcwp.dll
2004-10-27 23:20 . 2004-08-04 07:56 134656 ----a-w e:\windows\System32\mssap.dll
2004-10-27 22:21 . 2004-10-27 22:21 138240 ------w e:\windows\System32\drivers\Hdaudbus.sys
2004-10-27 22:21 . 2004-10-27 22:21 145920 ------w e:\windows\System32\drivers\Hdaudio.sys
2004-10-27 22:21 . 2004-10-27 22:21 61952 ------w e:\windows\System32\HdAShCut.exe
2004-10-27 22:21 . 2004-10-27 22:21 25088 ------w e:\windows\System32\HdAProp.dll
2004-10-27 22:21 . 2004-10-27 22:21 5120 ------w e:\windows\System32\HdAudRes.dll
2004-08-11 08:45 . 2005-01-28 20:44 18944 ----a-w e:\windows\System32\drivers\wpdusb.sys
2004-08-11 08:45 . 2005-01-28 20:44 1218808 ----a-w e:\windows\System32\wmvadvd.dll
2004-08-11 08:45 . 2005-01-28 20:44 1512448 ----a-w e:\windows\System32\WMVADVE.DLL
2004-08-11 08:45 . 2005-01-28 20:44 61952 ----a-w e:\windows\System32\wpdconns.dll
2004-08-11 08:45 . 2005-01-28 20:44 114176 ----a-w e:\windows\System32\wpdmtp.dll
2004-08-11 08:45 . 2005-01-28 20:44 331776 ----a-w e:\windows\System32\wpdmtpdr.dll
2004-08-11 08:45 . 2005-01-28 20:44 66560 ----a-w e:\windows\System32\wpdmtpus.dll
2004-08-11 08:45 . 2005-01-28 20:44 331264 ----a-w e:\windows\System32\wpdsp.dll
2004-08-11 08:45 . 2005-01-28 20:44 10752 ----a-w e:\windows\System32\wpdtrace.dll
2004-08-11 08:45 . 2005-01-28 20:44 38912 ----a-w e:\windows\System32\wpd_ci.dll
2004-08-11 08:45 . 2005-01-28 20:44 47104 ----a-w e:\windows\System32\uwdf.exe
2004-08-11 08:45 . 2005-01-28 20:44 15872 ----a-w e:\windows\System32\wdfapi.dll
2004-08-11 08:45 . 2005-01-28 20:44 38912 ----a-w e:\windows\System32\wdfmgr.exe
2004-08-11 08:45 . 2005-01-28 20:44 335872 ----a-w e:\windows\System32\WMDRMdev.dll
2004-08-11 08:45 . 2005-01-28 20:44 290816 ----a-w e:\windows\System32\WMDRMNet.dll
2004-08-04 07:56 . 2004-08-04 07:56 16437 -c--a-w e:\windows\System32\dllcache\shtml.exe
2004-08-04 07:56 . 2004-08-04 07:56 32827 -c--a-w e:\windows\System32\dllcache\tcptest.exe
2004-08-04 07:56 . 2004-08-04 07:56 8192 ----a-w e:\windows\System32\spdwnwxp.exe
2004-08-04 07:56 . 2004-08-04 07:56 11776 ------w e:\windows\System32\spnpinst.exe
2004-08-04 07:56 . 2004-08-04 07:56 21504 ------w e:\windows\System32\spupdwxp.exe
2004-08-04 07:56 . 2004-08-04 07:56 15120 -c--a-w e:\windows\System32\dllcache\fp98sadm.exe
2004-08-04 07:56 . 2004-08-04 07:56 109840 -c--a-w e:\windows\System32\dllcache\fp98swin.exe
2004-08-04 07:56 . 2004-08-04 07:56 188494 -c--a-w e:\windows\System32\dllcache\fpcount.exe
2004-08-04 07:56 . 2004-08-04 07:56 20538 -c--a-w e:\windows\System32\dllcache\fpremadm.exe
2004-08-04 07:56 . 2004-08-04 07:56 20992 ------w e:\windows\System32\faxpatch.exe
2004-08-04 07:56 . 2004-08-04 07:56 16439 -c--a-w e:\windows\System32\dllcache\admin.exe
2004-08-04 07:56 . 2004-08-04 07:56 16439 -c--a-w e:\windows\System32\dllcache\author.exe
2004-08-04 07:56 . 2004-08-04 07:56 188480 -c--a-w e:\windows\System32\dllcache\cfgwiz.exe
2004-08-04 07:56 . 2004-08-04 07:56 20536 -c--a-w e:\windows\System32\dllcache\shtml.dll
2004-08-04 07:56 . 2004-08-04 07:56 184435 -c--a-w e:\windows\System32\dllcache\fp4amsft.dll
2004-08-04 07:56 . 2004-08-04 07:56 82035 -c--a-w e:\windows\System32\dllcache\fp4anscp.dll
2004-08-04 07:56 . 2004-08-04 07:56 147513 -c--a-w e:\windows\System32\dllcache\fp4apws.dll
2004-08-04 07:56 . 2004-08-04 07:56 49210 -c--a-w e:\windows\System32\dllcache\fp4areg.dll
2004-08-04 07:56 . 2004-08-04 07:56 102509 -c--a-w e:\windows\System32\dllcache\fp4atxt.dll
2004-08-04 07:56 . 2004-08-04 07:56 41020 -c--a-w e:\windows\System32\dllcache\fp4avnb.dll
2004-08-04 07:56 . 2004-08-04 07:56 32826 -c--a-w e:\windows\System32\dllcache\fp4avss.dll
2004-08-04 07:56 . 2004-08-04 07:56 49212 -c--a-w e:\windows\System32\dllcache\fp4awebs.dll
2004-08-04 07:56 . 2004-08-04 07:56 876653 -c--a-w e:\windows\System32\dllcache\fp4awel.dll
2004-08-04 07:56 . 2004-08-04 07:56 20541 -c--a-w e:\windows\System32\dllcache\fpexedll.dll
2004-08-04 07:56 . 2004-08-04 07:56 598071 -c--a-w e:\windows\System32\dllcache\fpmmc.dll
2004-08-04 07:56 . 2004-08-04 07:56 20540 -c--a-w e:\windows\System32\dllcache\admin.dll
2004-08-04 07:56 . 2004-08-04 07:56 20540 -c--a-w e:\windows\System32\dllcache\author.dll
2004-08-04 07:56 . 2004-08-04 07:56 16384 -c--a-w e:\windows\System32\dllcache\tcptsat.dll
2004-08-04 07:56 . 2004-08-04 07:56 208896 -c--a-w e:\windows\System32\dllcache\fpmmcsat.dll
2004-08-02 21:20 . 2004-08-02 21:20 4569 -c--a-w e:\windows\System32\dllcache\secupd.dat
2004-08-02 21:20 . 2004-08-02 21:20 7208 -c--a-w e:\windows\System32\dllcache\secupd.sig
2004-08-02 21:20 . 2004-08-02 21:20 4569 ------w e:\windows\System32\secupd.dat
2004-08-02 21:20 . 2004-08-02 21:20 7208 ------w e:\windows\System32\secupd.sig
2004-07-27 00:16 . 2004-07-27 00:16 1568768 ----a-w e:\windows\System32\imagX7.dll
2004-07-27 00:16 . 2004-07-27 00:16 476320 ----a-w e:\windows\System32\imagXpr7.dll
2004-07-27 00:16 . 2004-07-27 00:16 262144 ----a-w e:\windows\System32\imagXR7.dll
2004-07-27 00:16 . 2004-07-27 00:16 471040 ----a-w e:\windows\System32\imagXRA7.dll
2004-07-09 16:43 . 2004-07-09 16:43 364544 ----a-w e:\windows\System32\TwnLib4.dll
2004-06-22 15:05 . 2004-06-22 15:05 3182592 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzr3210.dll
2004-06-22 15:05 . 2004-06-22 15:05 1695744 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzrm310.dll
2004-06-22 15:05 . 2004-06-22 15:05 3182592 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzr3210.dll
2004-06-22 15:05 . 2004-06-22 15:05 1695744 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzrm310.dll
2004-06-22 15:05 . 2004-06-22 15:05 82328 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpfmom10.hlp
2004-06-22 15:05 . 2004-06-22 15:05 154397 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpop8310.dat
2004-06-22 15:05 . 2004-06-22 15:05 82328 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpfmom10.hlp
2004-06-22 15:05 . 2004-06-22 15:05 154397 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpop8310.dat
2004-06-22 15:05 . 2004-06-22 15:05 278528 ----a-w e:\windows\System32\hpgwiamd.dll
2004-06-22 15:05 . 2004-06-22 15:05 581632 ----a-w e:\windows\System32\hpotscl.dll
2004-06-22 15:05 . 2004-06-22 15:05 90112 ----a-w e:\windows\System32\hpovst08.dll
2004-06-22 15:05 . 2004-06-22 15:05 51088 ----a-w e:\windows\System32\drivers\hpzid412.sys
2004-06-22 15:05 . 2004-06-22 15:05 16496 ----a-w e:\windows\System32\drivers\HPZipr12.sys
2004-06-22 15:05 . 2004-06-22 15:05 21744 ----a-w e:\windows\System32\drivers\HPZius12.sys
2004-06-22 15:05 . 2004-06-22 15:05 196608 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpz2ku10.dll
2004-06-22 15:05 . 2004-06-22 15:05 196608 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzcoi10.dll
2004-06-22 15:05 . 2004-06-22 15:05 135249 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzlnt10.dll
2004-06-22 15:05 . 2004-06-22 15:05 487424 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzpm310.dll
2004-06-22 15:05 . 2004-06-22 15:05 180315 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzsnt10.dll
2004-06-22 15:05 . 2004-06-22 15:05 7331840 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpztbx10.exe
2004-06-22 15:05 . 2004-06-22 15:05 155708 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzvip10.dll
2004-06-22 15:05 . 2004-06-22 15:05 196608 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpz2ku10.dll
2004-06-22 15:05 . 2004-06-22 15:05 196608 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzcoi10.dll
2004-06-22 15:05 . 2004-06-22 15:05 135249 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzlnt10.dll
2004-06-22 15:05 . 2004-06-22 15:05 487424 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzpm310.dll
2004-06-22 15:05 . 2004-06-22 15:05 180315 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzsnt10.dll
2004-06-22 15:05 . 2004-06-22 15:05 7331840 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpztbx10.exe
2004-06-22 15:05 . 2004-06-22 15:05 155708 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzvip10.dll
2004-06-22 15:05 . 2004-06-22 15:05 196608 ----a-w e:\windows\System32\hpzcoi10.dll
2004-06-22 15:05 . 2004-06-22 15:05 180315 ----a-w e:\windows\System32\hpzsnt10.dll
2004-06-22 15:05 . 2004-06-22 15:05 1524 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpop6210.rgn
2004-06-22 15:05 . 2004-06-22 15:05 1524 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpopeb10.rgn
2004-06-22 15:05 . 2004-06-22 15:05 286720 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzcfg10.exe
2004-06-22 15:05 . 2004-06-22 15:05 344064 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzcon10.dll
2004-06-22 15:05 . 2004-06-22 15:05 647168 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzeng10.exe
2004-06-22 15:05 . 2004-06-22 15:05 69632 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzflt10.dll
2004-06-22 15:05 . 2004-06-22 15:05 1589248 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzimc10.dll
2004-06-22 15:05 . 2004-06-22 15:05 352256 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzime10.dll
2004-06-22 15:05 . 2004-06-22 15:05 1671168 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzims10.dll
2004-06-22 15:05 . 2004-06-22 15:05 200704 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzjui10.dll
2004-06-22 15:05 . 2004-06-22 15:05 143360 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzpcl10.dll
2004-06-22 15:05 . 2004-06-22 15:05 331776 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzpre10.exe
2004-06-22 15:05 . 2004-06-22 15:05 368640 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzres10.dll
2004-06-22 15:05 . 2004-06-22 15:05 679936 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzslk10.dll
2004-06-22 15:05 . 2004-06-22 15:05 385024 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzstc10.exe
2004-06-22 15:05 . 2004-06-22 15:05 163840 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpzstw10.exe
2004-06-22 15:05 . 2004-06-22 15:05 61440 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpztbi10.dll
2004-06-22 15:05 . 2004-06-22 15:05 172032 ----a-w e:\windows\System32\spool\drivers\w32x86\3\hpztbu10.exe
2004-06-22 15:05 . 2004-06-22 15:05 286720 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzcfg10.exe
2004-06-22 15:05 . 2004-06-22 15:05 344064 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzcon10.dll
2004-06-22 15:05 . 2004-06-22 15:05 647168 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzeng10.exe
2004-06-22 15:05 . 2004-06-22 15:05 69632 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzflt10.dll
2004-06-22 15:05 . 2004-06-22 15:05 1589248 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzimc10.dll
2004-06-22 15:05 . 2004-06-22 15:05 352256 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzime10.dll
2004-06-22 15:05 . 2004-06-22 15:05 1671168 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzims10.dll
2004-06-22 15:05 . 2004-06-22 15:05 200704 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzjui10.dll
2004-06-22 15:05 . 2004-06-22 15:05 143360 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzpcl10.dll
2004-06-22 15:05 . 2004-06-22 15:05 331776 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzpre10.exe
2004-06-22 15:05 . 2004-06-22 15:05 368640 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzres10.dll
2004-06-22 15:05 . 2004-06-22 15:05 679936 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzslk10.dll
2004-06-22 15:05 . 2004-06-22 15:05 385024 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzstc10.exe
2004-06-22 15:05 . 2004-06-22 15:05 163840 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpzstw10.exe
2004-06-22 15:05 . 2004-06-22 15:05 61440 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpztbi10.dll
2004-06-22 15:05 . 2004-06-22 15:05 172032 ----a-w e:\windows\System32\spool\drivers\w32x86\hppsc_1310_series_1300\hpztbu10.exe
2004-06-22 15:05 . 2004-06-22 15:05 344064 ----a-w e:\windows\System32\hpzcon10.dll
2004-06-22 15:04 . 2004-06-22 15:04 270336 ----a-w e:\windows\System32\HPZc3212.dll


Report •

#32
April 20, 2009 at 15:40:42
Delete these with Combofix, I think you can do that without my usual spill. Then run another scan of system32.


e:\windows\System32\ba79pyw5re17z8.ocx
e:\windows\System32\2227959z8a.cpl
e:\windows\System32\2d55sparze13919.ocx
e:\windows\System32\7d87szywa5e27779.ocx
e:\windows\System32\510729pamboz1e.ocx
e:\windows\System32\4929sze59155.bin
e:\windows\System32\74zfthie52951.cpl
e:\windows\System32\4a41az9ware6915.cpl
e:\windows\System32\25despz5se957.bin
e:\windows\System32\zbabspy5ar91049.exe
e:\windows\System32\z599ba5kdoor3017.ocx
e:\windows\System32\31z90hac9tool555.cpl
e:\windows\System32\269759ozm2ec.dll
e:\windows\System32\6356vi93531z.cpl
e:\windows\System32\3171695zm6f9.dll
e:\windows\System32\57c7back9oor221z.bin
e:\windows\System32\4c6spywaz922755.cpl
e:\windows\System32\65e9steaz15285.exe
e:\windows\System32\z69fd5wnloader1181.dll
e:\windows\System32\z8052not-a-v9rus257.exe
e:\windows\System32\19225pambot7fz.cpl
e:\windows\System32\3d5zth9eat31991.cpl
e:\windows\System32\2006vir1z959.dll
e:\windows\System32\15975s5zm9ot8.exe
e:\windows\System32\1555t9oj450z.dll
e:\windows\System32\295bb9czdoor1296.dll
e:\windows\System32\92057spy2e9z.bin
e:\windows\System32\9ca55pywaze517.bin
e:\windows\System32\15152hacktoolz19.bin
e:\windows\System32\91199irus5z3.exe
e:\windows\System32\25865z9t-5-virus569.ocx
e:\windows\System32\661zvir16459.exe
e:\windows\System32\9z3915roj75d.exe
e:\windows\System32\975avirz522.bin
e:\windows\System32\7059virz199.ocx
e:\windows\System32\19975zr5j90e.ocx
e:\windows\System32\79z5ir2830.ocx
e:\windows\System32\66525orz99e.dll
e:\windows\System32\4535tzie9378.dll
e:\windows\System32\5e92threa5262z5.cpl
e:\windows\System32\9517zroj424.ocx
e:\windows\System32\z25905irus60d.ocx
e:\windows\System32\694zaddware22155.exe
e:\windows\System32\67a8tz59at31457.bin
e:\windows\System32\1d85t5reat3z96.exe
e:\windows\System32\13634noz-a5v9rus551.ocx
e:\windows\System32\35f9ste9l18z05.dll
e:\windows\System32\69bz9d5ware2985.cpl
e:\windows\System32\1z558v9rus1c5.exe
e:\windows\System32\65bfbac95oorz850.ocx
e:\windows\System32\2cz9thief11955.cpl
e:\windows\System32\19zebackdoor1059.exe
e:\windows\System32\1217zsp9mbot75e.exe
e:\windows\System32\z569s9y220.dll
e:\windows\System32\6178za5ktool329.dll
e:\windows\System32\5z575spy589.exe
e:\windows\System32\2ze1b9ckd5or1848.dll
e:\windows\System32\z5779irus61.bin
e:\windows\System32\f5asp9zse1171.bin
e:\windows\System32\681aspyza9e5006.dll
e:\windows\System32\49c5stza51614.ocx
e:\windows\System32\4895spy6z0.exe
e:\windows\System32\5085addwarz3919.cpl
e:\windows\System32\12985viru9z52.exe
e:\windows\System32\2c8b5h9eat163z3.exe
e:\windows\System32\502a59yware216z.ocx
e:\windows\System32\30z859rus55e.dll
e:\windows\System32\345bt5i9z2214.cpl
e:\windows\System32\7145oz-a-virus795.dll
e:\windows\System32\18ze5hief2918.ocx
e:\windows\System32\7459v5rusz9f.cpl
e:\windows\System32\965aaddwa5e2z99.exe
e:\windows\System32\5202th5e9t27870z.dll
e:\windows\System32\784cspyw5r9z805.cpl
e:\windows\System32\1517n9t-z-virus43a.cpl
e:\windows\System32\15963zorm4e5.cpl
e:\windows\System32\576stea91329z.dll
e:\windows\System32\z9595spy2905.cpl
e:\windows\System32\11adbackdoo51869z.bin
e:\windows\System32\55zc9parse2995.dll
e:\windows\System32\6071s5arse317z9.bin
e:\windows\System32\5be6spar5ez6039.bin
e:\windows\System32\4956tzreat9820.dll
e:\windows\System32\9zft5ief3034.exe
e:\windows\System32\9952zor546c.bin
e:\windows\System32\1897addwaze945.exe
e:\windows\System32\1zf5spa5s9782.ocx
e:\windows\System32\128809irus2z5.dll
e:\windows\System32\3410thre5910z63.exe
e:\windows\System32\5535doznloade91710.bin
e:\windows\System32\2z943tr5j3c9.ocx
e:\windows\System32\7z95vi589.dll
e:\windows\System32\16379hzck9o5l188.cpl
e:\windows\System32\913edoznl5ader708.exe
e:\windows\System32\5055spzrs92397.dll
e:\windows\System32\15091n59-azvirus5ed.ocx
e:\windows\System32\5fd0spyzare3009.exe
e:\windows\System32\59z59hief598.dll
e:\windows\System32\5e72thz95392.dll
e:\windows\System32\311z7s9y355.dll
e:\windows\System32\4040s5y39z.dll
e:\windows\System32\54bcb5ckdo9r233z.bin
e:\windows\System32\491azd95re540.bin
e:\windows\System32\21e0t95eaz14291.exe
e:\windows\System32\z0f9v5r9909.dll
e:\windows\System32\25987zpambot52d.exe
e:\windows\System32\5az0addware9559.exe
e:\windows\System32\z095hacktool93.dll
e:\windows\System32\zc6s5arse496.exe
e:\windows\System32\97dvi52691z.bin
e:\windows\System32\5285zpambot2b69.ocx
e:\windows\System32\52z55o9ma5.bin
e:\windows\System32\600ezt5al292.ocx
e:\windows\System32\9380z5orm1c8.dll
e:\windows\System32\614259y229z.ocx
e:\windows\System32\28514zac9too5200.ocx
e:\windows\System32\7239viz54789.dll
e:\windows\System32\91598troj5f5z.bin
e:\windows\System32\35z07virus7fb9.bin
e:\windows\System32\zaffbackdo9r556.bin
e:\windows\System32\241795zambo969a.cpl
e:\windows\System32\z8028not-a-5irus99b.bin
e:\windows\System32\1az1a59ware2727.dll
e:\windows\System32\z1654hacktool5399.ocx
e:\windows\System32\492n5t-z-virus1c0.exe
e:\windows\System32\7z9cba9kdoo5849.exe
e:\windows\System32\69z7threat202135.ocx
e:\windows\System32\13355wor5z09.cpl
e:\windows\System32\1591not-a-viru92f5z.bin
e:\windows\System32\3509steal15z3.bin
e:\windows\System32\2825tro95cfz.ocx
e:\windows\System32\2303sza5bot5179.bin
e:\windows\System32\55z5spars91148.cpl
e:\windows\System32\56efdoznloader469.dll
e:\windows\System32\275zthief9849.bin
e:\windows\System32\45ce9pywa5z2636.exe
e:\windows\System32\29d3t5ief26z5.ocx
e:\windows\System32\z025thre9t16058.dll
e:\windows\System32\59fds5y9are1z45.cpl
e:\windows\System32\z3581wo9m7d5.cpl
e:\windows\System32\5c06s9eal2z89.bin
e:\windows\System32\97533spambotz4b.bin
e:\windows\System32\28988spy6z65.ocx
e:\windows\System32\z49ds5arse863.cpl
e:\windows\System32\z4689ot-a-viru52a7.cpl
e:\windows\System32\2z922hacktoo953b.bin
e:\windows\System32\35b8addwzre5979.dll
e:\windows\System32\7582s9amzotb.bin
e:\windows\System32\z5295not-a9virus5dd.cpl
e:\windows\System32\57z97s9ambot67c.ocx
e:\windows\System32\94a6steal185z5.bin
e:\windows\System32\10925not-a-5irus9z4.dll


Report •

#33
April 24, 2009 at 02:42:18
WinBluesoft can be also removed manually. Basically you have to complete manual removal steps and to remove files and processes related with WinBluesoft. Full removal guide can be found here: http://www.2-viruses.com/remove-win...

Report •


Ask Question