Jump to content

Recommended Posts

Hi, to whomever may read this. Yesterday I was hit with an unknown virus or rootkit which is giving me constant redirects and continues to infect my computer. As soon as I saw the first redirect, I immediately shut down my computer. Upon startup (not in Safe Mode, but I should have, I know), I disabled my internet and ran both Spybot and MalwareBytes. Spybot removed 6 infections and MalwareBytes removed 5 right after that. I did happen to notice that Spybot named a couple of the infections as: GiftLoad and Virtumonde.prx. I am currently re-running MalwareBytes in Safe Mode as the previous removals did not rid me of this problem.

I do have Avira Anti-virus, and it stays updated. Any help is greatly appreciated. Unfortunately, I am familiar with running the GMER and OTL tools so let me know what you need from me.

Thx.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi, Chris. Thx for getting back with me. Not sure if my previous reply made it to you as my computer locked up after I tried to post it. Anyway, here are the logs you requested:

*I don't think the casino exe's caused this as I haven't logged on to them in a while, but I could be wrong. It's been known to happen once or twice.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6558

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/11/2011 8:58:28 PM

mbam-log-2011-05-11 (20-58-19).txt

Scan type: Full scan (C:\|)

Objects scanned: 291942

Time elapsed: 1 hour(s), 19 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (PUP.Casino.Gen) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\aladdins gold.exe (PUP.Casino) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\captain cooks casino (non-us facing - in uk).exe (PUP.Casino.Gen) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\go casino.exe (PUP.Casino) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\rushmore casino ($888 bonus).exe (PUP.Casino) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\silver oak casino ($1,000 bonus, up to $10,000).exe (PUP.Casino) -> No action taken.

c:\microgaming\Casino\captaincooks\install.exe (PUP.Casino.Gen) -> No action taken.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Rob at 20:59:01.60 on Wed 05/11/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.487 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Pro Firewall *Enabled*

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

C:\windows\system32\Ati2evxx.exe

svchost.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Wireless LAN\WLanUtil.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\wscntfy.exe

C:\WINDOWS\system32\freecell.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Adobe CS5\Adobe Photoshop CS5\Photoshop.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Download Accelerator Plus\DAP.EXE

C:\Documents and Settings\Rob\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uSearch Bar =

mSearchAssistant =

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\downlo~1\DAPIEL~1.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10n_ActiveX.exe -update activex

mRun: [stacSysTray] c:\program files\sigmatel\c-major audio\controlpanel\StacSysTray.exe

mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ieee80~1.lnk - c:\program files\wireless lan\WLanUtil.exe

mPolicies-explorer: <NO NAME> =

IE: &Clean Traces - c:\program files\download accelerator plus\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\download accelerator plus\dapextie.htm

IE: Download &all with DAP - c:\program files\download accelerator plus\dapextie2.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-27 11608]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-28 270672]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-27 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-27 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-27 61960]

R2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2007-11-27 81920]

S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2010-6-26 52432]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]

S3 pnicml;pnicml;\??\c:\docume~1\rob\locals~1\temp\pnicml.sys --> c:\docume~1\rob\locals~1\temp\pnicml.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

.

=============== Created Last 30 ================

.

2011-05-07 04:48:15 -------- d-----w- c:\docume~1\rob\locals~1\applic~1\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}

2011-04-28 17:47:27 -------- d-----w- c:\docume~1\rob\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-04-28 02:59:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2011-04-28 02:37:12 -------- d-----w- c:\program files\Adobe CS5

2011-04-23 07:51:14 -------- d-----w- c:\docume~1\rob\applic~1\FLV Extract

.

==================== Find3M ====================

.

2011-05-07 07:42:15 0 ----a-w- c:\windows\Rxesalifipulukel.bin

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600BEVE-00UYT0 rev.01.04A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EF46F0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86efaa10]; MOV EAX, [0x86efaa8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F78AB8]

3 CLASSPNP[0xF7601FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000082[0x86F430C0]

5 ACPI[0xF7558620] -> nt!IofCallDriver[0x804E13B9] -> [0x86F7B940]

\Driver\atapi[0x86F748C0] -> IRP_MJ_CREATE -> 0x86EF46F0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86EF453B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 21:00:30.39 ===============

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Chris,

Two things to note: (1) my internet connection is disabled upon startup (not usual), and (2) spr_ad.exe tried to download itself when I clicked the link to TDSSKiller.zip. Two pop-ups also launched after clicking the link as well.

Here is the TDSSKiller log:

2011/05/12 15:22:46.0296 5160 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/12 15:22:46.0312 5160 ================================================================================

2011/05/12 15:22:46.0312 5160 SystemInfo:

2011/05/12 15:22:46.0312 5160

2011/05/12 15:22:46.0312 5160 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/12 15:22:46.0312 5160 Product type: Workstation

2011/05/12 15:22:46.0312 5160 ComputerName: ROB-CCA219EB460

2011/05/12 15:22:46.0312 5160 UserName: Rob

2011/05/12 15:22:46.0312 5160 Windows directory: C:\windows

2011/05/12 15:22:46.0312 5160 System windows directory: C:\windows

2011/05/12 15:22:46.0312 5160 Processor architecture: Intel x86

2011/05/12 15:22:46.0312 5160 Number of processors: 2

2011/05/12 15:22:46.0312 5160 Page size: 0x1000

2011/05/12 15:22:46.0312 5160 Boot type: Normal boot

2011/05/12 15:22:46.0312 5160 ================================================================================

2011/05/12 15:22:47.0015 5160 Initialize success

2011/05/12 15:22:52.0546 4144 ================================================================================

2011/05/12 15:22:52.0546 4144 Scan started

2011/05/12 15:22:52.0546 4144 Mode: Manual;

2011/05/12 15:22:52.0546 4144 ================================================================================

2011/05/12 15:22:53.0984 4144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys

2011/05/12 15:22:54.0031 4144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\DRIVERS\ACPIEC.sys

2011/05/12 15:22:54.0109 4144 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

2011/05/12 15:22:54.0187 4144 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys

2011/05/12 15:22:54.0281 4144 AgereSoftModem (ec1896777c4096be6274c1e11466015f) C:\windows\system32\DRIVERS\AGRSM.sys

2011/05/12 15:22:54.0390 4144 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\windows\system32\DRIVERS\agp440.sys

2011/05/12 15:22:54.0640 4144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys

2011/05/12 15:22:54.0843 4144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

2011/05/12 15:22:54.0890 4144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

2011/05/12 15:22:55.0015 4144 ati2mtag (99f6db087497f55d5f8d971f7689f054) C:\windows\system32\DRIVERS\ati2mtag.sys

2011/05/12 15:22:55.0171 4144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

2011/05/12 15:22:55.0250 4144 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

2011/05/12 15:22:55.0375 4144 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/05/12 15:22:55.0437 4144 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys

2011/05/12 15:22:55.0500 4144 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys

2011/05/12 15:22:55.0578 4144 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\windows\system32\DRIVERS\bcmwl5.sys

2011/05/12 15:22:55.0625 4144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

2011/05/12 15:22:55.0734 4144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

2011/05/12 15:22:55.0781 4144 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys

2011/05/12 15:22:55.0843 4144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

2011/05/12 15:22:55.0875 4144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

2011/05/12 15:22:55.0921 4144 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\windows\system32\DRIVERS\cdrom.sys

2011/05/12 15:22:55.0984 4144 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\windows\system32\drivers\cercsr6.sys

2011/05/12 15:22:56.0078 4144 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\windows\system32\DRIVERS\CmBatt.sys

2011/05/12 15:22:56.0156 4144 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys

2011/05/12 15:22:56.0343 4144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

2011/05/12 15:22:56.0453 4144 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\windows\system32\DLA\DLABOIOM.SYS

2011/05/12 15:22:56.0484 4144 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\windows\system32\Drivers\DLACDBHM.SYS

2011/05/12 15:22:56.0531 4144 DLADResN (83545593e297f50a8e2524b4c071a153) C:\windows\system32\DLA\DLADResN.SYS

2011/05/12 15:22:56.0562 4144 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\windows\system32\DLA\DLAIFS_M.SYS

2011/05/12 15:22:56.0609 4144 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\windows\system32\DLA\DLAOPIOM.SYS

2011/05/12 15:22:56.0656 4144 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\windows\system32\DLA\DLAPoolM.SYS

2011/05/12 15:22:56.0687 4144 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\windows\system32\Drivers\DLARTL_N.SYS

2011/05/12 15:22:56.0734 4144 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\windows\system32\DLA\DLAUDFAM.SYS

2011/05/12 15:22:56.0781 4144 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\windows\system32\DLA\DLAUDF_M.SYS

2011/05/12 15:22:56.0875 4144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys

2011/05/12 15:22:56.0937 4144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys

2011/05/12 15:22:57.0000 4144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

2011/05/12 15:22:57.0078 4144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

2011/05/12 15:22:57.0171 4144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

2011/05/12 15:22:57.0234 4144 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\windows\system32\Drivers\DRVMCDB.SYS

2011/05/12 15:22:57.0265 4144 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\windows\system32\Drivers\DRVNDDM.SYS

2011/05/12 15:22:57.0359 4144 E1000 (de5d0ccce14b774d4de68e44c0d6d980) C:\windows\system32\DRIVERS\e1000325.sys

2011/05/12 15:22:57.0468 4144 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

2011/05/12 15:22:57.0546 4144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys

2011/05/12 15:22:57.0593 4144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys

2011/05/12 15:22:57.0625 4144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys

2011/05/12 15:22:57.0671 4144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys

2011/05/12 15:22:57.0734 4144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

2011/05/12 15:22:57.0781 4144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys

2011/05/12 15:22:57.0828 4144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

2011/05/12 15:22:57.0890 4144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

2011/05/12 15:22:57.0953 4144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys

2011/05/12 15:22:58.0078 4144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

2011/05/12 15:22:58.0203 4144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys

2011/05/12 15:22:58.0312 4144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

2011/05/12 15:22:58.0421 4144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys

2011/05/12 15:22:58.0484 4144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys

2011/05/12 15:22:58.0531 4144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys

2011/05/12 15:22:58.0578 4144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

2011/05/12 15:22:58.0625 4144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

2011/05/12 15:22:58.0687 4144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

2011/05/12 15:22:58.0734 4144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

2011/05/12 15:22:58.0796 4144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

2011/05/12 15:22:58.0843 4144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys

2011/05/12 15:22:58.0906 4144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys

2011/05/12 15:22:59.0000 4144 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

2011/05/12 15:22:59.0062 4144 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

2011/05/12 15:22:59.0125 4144 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\windows\system32\DRIVERS\L8042pr2.Sys

2011/05/12 15:22:59.0265 4144 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\windows\system32\DRIVERS\LHidFlt2.Sys

2011/05/12 15:22:59.0312 4144 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\windows\system32\Drivers\LHidUsb.Sys

2011/05/12 15:22:59.0375 4144 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\windows\system32\DRIVERS\LMouFlt2.Sys

2011/05/12 15:22:59.0437 4144 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys

2011/05/12 15:22:59.0500 4144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

2011/05/12 15:22:59.0546 4144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys

2011/05/12 15:22:59.0593 4144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys

2011/05/12 15:22:59.0640 4144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys

2011/05/12 15:22:59.0687 4144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

2011/05/12 15:22:59.0718 4144 MR97310_VGA_DUAL_CAMERA (15a7769df62938c56318ed8f95376001) C:\windows\system32\DRIVERS\mr97310v.sys

2011/05/12 15:22:59.0796 4144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

2011/05/12 15:22:59.0906 4144 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys

2011/05/12 15:22:59.0984 4144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

2011/05/12 15:23:00.0046 4144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

2011/05/12 15:23:00.0093 4144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

2011/05/12 15:23:00.0125 4144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

2011/05/12 15:23:00.0187 4144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

2011/05/12 15:23:00.0234 4144 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys

2011/05/12 15:23:00.0281 4144 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys

2011/05/12 15:23:00.0343 4144 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys

2011/05/12 15:23:00.0406 4144 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys

2011/05/12 15:23:00.0500 4144 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys

2011/05/12 15:23:00.0562 4144 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys

2011/05/12 15:23:00.0593 4144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

2011/05/12 15:23:00.0640 4144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys

2011/05/12 15:23:00.0671 4144 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys

2011/05/12 15:23:00.0734 4144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

2011/05/12 15:23:00.0796 4144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

2011/05/12 15:23:00.0906 4144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys

2011/05/12 15:23:00.0953 4144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

2011/05/12 15:23:01.0015 4144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

2011/05/12 15:23:01.0109 4144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

2011/05/12 15:23:01.0171 4144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

2011/05/12 15:23:01.0234 4144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

2011/05/12 15:23:01.0296 4144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys

2011/05/12 15:23:01.0390 4144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys

2011/05/12 15:23:01.0437 4144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

2011/05/12 15:23:01.0484 4144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys

2011/05/12 15:23:01.0515 4144 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys

2011/05/12 15:23:01.0593 4144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys

2011/05/12 15:23:01.0640 4144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\DRIVERS\pcmcia.sys

2011/05/12 15:23:01.0687 4144 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\windows\system32\Drivers\pcouffin.sys

2011/05/12 15:23:01.0984 4144 PLSCSI (0876a00be67460b732ba57d1530fd1c9) C:\windows\system32\DRIVERS\sci0pl.sys

2011/05/12 15:23:02.0203 4144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

2011/05/12 15:23:02.0250 4144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

2011/05/12 15:23:02.0296 4144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

2011/05/12 15:23:02.0328 4144 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys

2011/05/12 15:23:02.0546 4144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

2011/05/12 15:23:02.0593 4144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

2011/05/12 15:23:02.0656 4144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

2011/05/12 15:23:02.0703 4144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

2011/05/12 15:23:02.0750 4144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

2011/05/12 15:23:02.0812 4144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

2011/05/12 15:23:02.0859 4144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys

2011/05/12 15:23:02.0937 4144 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys

2011/05/12 15:23:03.0015 4144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys

2011/05/12 15:23:03.0078 4144 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys

2011/05/12 15:23:03.0125 4144 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\windows\system32\DRIVERS\RimSerial.sys

2011/05/12 15:23:03.0156 4144 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys

2011/05/12 15:23:03.0312 4144 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\windows\system32\drivers\SCDEmu.sys

2011/05/12 15:23:03.0390 4144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

2011/05/12 15:23:03.0453 4144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys

2011/05/12 15:23:03.0546 4144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

2011/05/12 15:23:03.0656 4144 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys

2011/05/12 15:23:03.0718 4144 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS

2011/05/12 15:23:03.0796 4144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

2011/05/12 15:23:03.0875 4144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys

2011/05/12 15:23:03.0937 4144 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys

2011/05/12 15:23:04.0031 4144 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

2011/05/12 15:23:04.0093 4144 STAC97 (a334facf4302f406d260a4051e583132) C:\windows\system32\drivers\STAC97.sys

2011/05/12 15:23:04.0171 4144 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys

2011/05/12 15:23:04.0218 4144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

2011/05/12 15:23:04.0281 4144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

2011/05/12 15:23:04.0484 4144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

2011/05/12 15:23:04.0593 4144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

2011/05/12 15:23:04.0671 4144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

2011/05/12 15:23:04.0734 4144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

2011/05/12 15:23:04.0781 4144 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

2011/05/12 15:23:04.0921 4144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

2011/05/12 15:23:05.0031 4144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys

2011/05/12 15:23:05.0125 4144 USBAtapi2000 (59d65b6b73ad9f721f67f4e0d03b3bce) C:\windows\system32\DRIVERS\sci1pl.sys

2011/05/12 15:23:05.0187 4144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys

2011/05/12 15:23:05.0265 4144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

2011/05/12 15:23:05.0312 4144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

2011/05/12 15:23:05.0375 4144 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

2011/05/12 15:23:05.0437 4144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

2011/05/12 15:23:05.0500 4144 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

2011/05/12 15:23:05.0546 4144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys

2011/05/12 15:23:05.0609 4144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

2011/05/12 15:23:05.0703 4144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys

2011/05/12 15:23:05.0796 4144 vsdatant (3fd658863f4a9c8c9d93751183a294aa) C:\windows\system32\vsdatant.sys

2011/05/12 15:23:05.0953 4144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

2011/05/12 15:23:06.0046 4144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

2011/05/12 15:23:06.0203 4144 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys

2011/05/12 15:23:06.0281 4144 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS

2011/05/12 15:23:06.0328 4144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys

2011/05/12 15:23:06.0375 4144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys

2011/05/12 15:23:06.0500 4144 \HardDisk2 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/12 15:23:06.0656 4144 ================================================================================

2011/05/12 15:23:06.0656 4144 Scan finished

2011/05/12 15:23:06.0656 4144 ================================================================================

2011/05/12 15:23:06.0687 4884 Detected object count: 1

2011/05/12 15:23:19.0000 4884 \HardDisk2 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/12 15:23:19.0000 4884 \HardDisk2 - ok

2011/05/12 15:23:19.0000 4884 Rootkit.Win32.TDSS.tdl4(\HardDisk2) - User select action: Cure

2011/05/12 15:24:43.0843 5152 Deinitialize success

Link to post
Share on other sites

Here is the newest MalwareBytes scan as I continue to get re-directs and pop-ups. It shows the same Hiloti trojans.

Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org

Database version: 6558

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/13/2011 11:41:54 PM

mbam-log-2011-05-13 (23-41-45).txt

Scan type: Full scan (C:\|)

Objects scanned: 293146

Time elapsed: 1 hour(s), 16 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\mdshol.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (PUP.Casino.Gen) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uficofezipahal (Trojan.Hiloti) -> Value: Uficofezipahal -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\mdshol.dll (Trojan.Hiloti) -> No action taken.

c:\documents and settings\Rob\local settings\temp\awcmsreonx.tmp (Trojan.Hiloti) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\aladdins gold.exe (PUP.Casino) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\captain cooks casino (non-us facing - in uk).exe (PUP.Casino.Gen) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\go casino.exe (PUP.Casino) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\rushmore casino ($888 bonus).exe (PUP.Casino) -> No action taken.

c:\documents and settings\Rob\my documents\downloaded programs\CASINOS\silver oak casino ($1,000 bonus, up to $10,000).exe (PUP.Casino) -> No action taken.

c:\microgaming\Casino\captaincooks\install.exe (PUP.Casino.Gen) -> No action taken.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Chris,

Thx for finally getting back with me. I know that you are doing this on your own free time, but I need to know if you can't get back to me within 24 hrs. as I really need to get this fixed. I have stayed off the internet as it seems to help this virus/rootkit propagate. I have been able to use a friend's computer to get my work done, but it is inconvenient.

Running ComboFix with the internet connected, I attempted to click "Yes" on the Recovery Console install and got the wonderful BLUE SCREEN with the following message: "STOP: c00003ce UNKOWN HARD ERROR". I did a hard re-boot and ran ComboFix again. This time with my internet connection disabled. While ComboFix ran, the following two messages popped up:

(1) Boot Partition cannot be enumerated. (About a yr ago I had to replace my motherboard and hard drive and get a new boot.ini file.)

(2) Rootkit detected! (We both knew that.)

The two logs you requested will be posted separately as they seem to be too long.

Link to post
Share on other sites

ComboFix Log, Part 1:

ComboFix 11-05-17.03 - Rob 05/18/2011 15:03:01.8.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.543 [GMT -7:00]

Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Pro Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\itedufodizir.dll

H:\autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Legacy_ITLPERF

-------\Service_6to4

-------\Service_itlperf

.

.

((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))

.

.

2011-05-15 18:35 . 2011-05-15 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-05-14 03:03 . 2011-05-14 03:03 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}

2011-04-28 17:47 . 2011-04-28 17:47 -------- d-----w- c:\documents and settings\Rob\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-04-28 02:59 . 2011-05-07 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-04-28 02:47 . 2011-04-28 02:47 -------- d-----w- c:\program files\Adobe Media Player

2011-04-28 02:37 . 2011-04-28 02:55 -------- d-----w- c:\program files\Adobe CS5

2011-04-23 07:51 . 2011-04-23 08:18 -------- d-----w- c:\documents and settings\Rob\Application Data\FLV Extract

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 19:27 . 2010-06-28 04:09 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2010-06-22_19.23.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 07:02 . 2009-07-12 07:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 07:05 . 2009-07-12 07:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

+ 2009-06-27 02:10 . 2009-06-27 02:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90u.dll

+ 2009-06-27 02:10 . 2009-06-27 02:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90.dll

+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll

+ 2009-07-12 08:07 . 2009-07-12 08:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll

+ 2009-07-12 08:19 . 2009-07-12 08:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll

+ 2011-05-18 22:22 . 2011-05-18 22:22 16384 c:\windows\temp\Perflib_Perfdata_98.dat

+ 2007-07-18 12:42 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe

- 2007-07-18 12:42 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

+ 2004-08-04 10:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll

- 2007-11-28 05:22 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe

+ 2007-11-28 05:22 . 2007-07-28 06:11 26488 c:\windows\system32\spupdsvc.exe

+ 2004-08-04 10:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe

- 2008-01-16 01:07 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

+ 2008-01-16 01:07 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll

+ 2010-10-21 23:55 . 2001-08-17 21:48 12160 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouhid.sys

+ 2010-10-21 23:55 . 2008-04-13 18:39 23040 c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\mouclass.sys

+ 2010-10-21 23:55 . 2008-04-13 18:39 23040 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\mouclass.sys

+ 2010-10-21 23:55 . 2008-04-13 19:18 52480 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\i8042prt.sys

+ 2010-10-21 23:55 . 2008-04-13 18:45 10368 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidusb.sys

+ 2010-10-21 23:55 . 2008-04-13 18:45 24960 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidparse.sys

+ 2010-10-21 23:55 . 2008-04-13 18:45 36864 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hidclass.sys

+ 2010-10-21 23:55 . 2008-04-14 00:11 20992 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hid.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll

- 2004-08-04 10:00 . 2010-06-22 19:00 73088 c:\windows\system32\perfc009.dat

+ 2004-08-04 10:00 . 2011-03-23 07:22 73088 c:\windows\system32\perfc009.dat

- 2007-08-14 02:54 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-14 02:54 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe

+ 2010-10-22 11:46 . 2010-10-22 11:46 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe

+ 2010-10-22 11:46 . 2010-10-22 11:46 79488 c:\windows\system32\Macromed\Shockwave 10\gtapi.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 79488 c:\windows\system32\Macromed\Shockwave 10\gtapi.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll

+ 2007-12-21 06:21 . 2004-01-08 16:50 16896 c:\windows\system32\LMOUSE32.DLL

- 2007-12-21 06:21 . 2004-01-08 17:50 16896 c:\windows\system32\LMOUSE32.DLL

- 2007-12-21 06:21 . 2004-01-08 17:50 97792 c:\windows\system32\LGUICOM.DLL

+ 2007-12-21 06:21 . 2004-01-08 16:50 97792 c:\windows\system32\LGUICOM.DLL

+ 2007-12-21 06:21 . 2003-12-17 16:50 23375 c:\windows\system32\LCoInst.Dll

- 2007-12-21 06:21 . 2003-12-17 17:50 23375 c:\windows\system32\LCoInst.Dll

- 2004-08-04 10:00 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll

- 2007-08-14 02:39 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe

+ 2007-08-14 02:39 . 2010-09-08 15:57 13824 c:\windows\system32\ieudinit.exe

+ 2004-08-04 10:00 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 78336 c:\windows\system32\ieencode.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 78336 c:\windows\system32\ieencode.dll

+ 2004-08-04 10:00 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe

- 2004-08-04 10:00 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe

- 2004-08-04 10:00 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll

+ 2004-08-04 10:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll

- 2007-08-14 02:36 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll

+ 2007-08-14 02:36 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll

+ 2010-11-25 03:43 . 2008-04-14 01:11 21504 c:\windows\system32\hidserv.dll

+ 2010-11-06 07:56 . 2010-11-06 07:56 54016 c:\windows\system32\drivers\ymnq.sys

- 2007-11-28 03:48 . 2008-04-13 18:45 56576 c:\windows\system32\drivers\swmidi.sys

+ 2010-11-06 07:56 . 2008-04-13 18:45 56576 c:\windows\system32\drivers\swmidi.sys

+ 2010-06-28 04:09 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys

+ 2007-11-29 22:46 . 2001-08-17 20:48 12160 c:\windows\system32\drivers\mouhid.sys

- 2007-11-29 22:46 . 2001-08-17 21:48 12160 c:\windows\system32\drivers\mouhid.sys

+ 2008-08-11 23:37 . 2010-12-21 01:09 38224 c:\windows\system32\drivers\mbamswissarmy.sys

- 2008-08-11 23:37 . 2010-04-29 22:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys

- 2008-08-11 23:37 . 2010-04-29 22:39 20952 c:\windows\system32\drivers\mbam.sys

+ 2008-08-11 23:37 . 2010-12-21 01:08 20952 c:\windows\system32\drivers\mbam.sys

+ 2007-12-21 06:21 . 2003-12-17 16:50 70801 c:\windows\system32\drivers\LMouFlt2.Sys

- 2007-12-21 06:21 . 2003-12-17 17:50 70801 c:\windows\system32\drivers\LMouFlt2.Sys

+ 2007-12-21 06:21 . 2003-12-17 16:50 37887 c:\windows\system32\drivers\LHidUsb.sys

- 2007-12-21 06:21 . 2003-12-17 17:50 37887 c:\windows\system32\drivers\LHidUsb.sys

- 2007-12-21 06:21 . 2003-12-17 17:50 25505 c:\windows\system32\drivers\LHidFlt2.Sys

+ 2007-12-21 06:21 . 2003-12-17 16:50 25505 c:\windows\system32\drivers\LHidFlt2.Sys

- 2007-12-21 06:21 . 2003-12-17 17:50 51729 c:\windows\system32\drivers\L8042pr2.Sys

+ 2007-12-21 06:21 . 2003-12-17 16:50 51729 c:\windows\system32\drivers\L8042pr2.Sys

+ 2010-06-28 04:09 . 2009-05-11 19:49 22360 c:\windows\system32\drivers\avgntmgr.sys

+ 2010-06-28 04:09 . 2010-11-22 22:28 61960 c:\windows\system32\drivers\avgntflt.sys

+ 2010-06-28 04:09 . 2009-05-11 19:49 45416 c:\windows\system32\drivers\avgntdd.sys

+ 2010-11-06 07:56 . 2008-04-13 18:45 56576 c:\windows\system32\dllcache\swmidi.sys

+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll

+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe

- 2006-03-04 03:33 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2007-11-29 23:34 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2007-11-29 23:34 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2007-11-29 22:46 . 2001-08-17 20:48 12160 c:\windows\system32\dllcache\mouhid.sys

- 2007-11-29 22:46 . 2001-08-17 21:48 12160 c:\windows\system32\dllcache\mouhid.sys

- 2004-08-04 10:00 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2007-11-29 23:34 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2007-11-29 23:34 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2004-08-04 10:00 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll

- 2004-08-04 10:00 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2004-08-04 10:00 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2007-11-29 23:34 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll

- 2007-11-29 23:34 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll

+ 2004-08-04 10:00 . 2008-04-13 19:18 52480 c:\windows\system32\dllcache\i8042prt.sys

+ 2010-11-25 03:43 . 2008-04-14 01:11 21504 c:\windows\system32\dllcache\hidserv.dll

+ 2009-06-29 16:12 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll

- 2009-06-29 16:12 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 17408 c:\windows\system32\corpol.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 17408 c:\windows\system32\corpol.dll

+ 2010-06-10 06:19 . 2010-12-18 04:20 87710 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

+ 2010-10-22 11:56 . 2010-10-22 11:56 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2010-05-05 14:05 . 2010-05-05 14:05 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

- 2010-04-29 10:11 . 2010-04-29 10:11 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2010-10-22 12:05 . 2010-10-22 12:05 65816 c:\windows\system32\Adobe\Director\SWDNLD.EXE

- 2010-05-05 14:38 . 2010-05-05 14:38 65816 c:\windows\system32\Adobe\Director\SWDNLD.EXE

+ 2010-07-17 01:36 . 1997-09-28 20:22 60416 c:\windows\ST4UNST.EXE

- 2007-12-21 06:21 . 2003-12-17 17:50 19968 c:\windows\LOGI_MWX.EXE

+ 2007-12-21 06:21 . 2003-12-17 16:50 19968 c:\windows\LOGI_MWX.EXE

+ 2011-04-28 02:47 . 2011-04-28 02:47 22016 c:\windows\Installer\4d62b3c.msi

+ 2011-04-28 02:42 . 2011-04-28 02:42 22528 c:\windows\Installer\4d62b30.msi

+ 2011-04-28 02:42 . 2011-04-28 02:42 27648 c:\windows\Installer\4d62b2a.msi

+ 2010-11-02 23:45 . 2010-11-11 01:15 90112 c:\windows\Installer\{FAB23607-919A-4FB6-BA82-92F55EB80EC2}\ARPPRODUCTICON.exe

+ 2011-04-28 02:38 . 2011-04-28 02:38 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe

+ 2011-04-28 02:39 . 2011-04-28 02:39 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe

+ 2011-04-28 02:38 . 2011-04-28 02:38 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe

+ 2011-04-28 02:39 . 2011-04-28 02:39 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe

+ 2011-04-28 02:46 . 2011-04-28 02:46 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe

+ 2011-04-28 02:38 . 2011-04-28 02:38 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe

+ 2011-04-28 02:39 . 2011-04-28 02:39 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe

+ 2010-10-28 18:58 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll

+ 2010-10-28 18:58 . 2010-06-23 12:06 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe

+ 2010-10-28 18:58 . 2010-06-24 12:15 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll

+ 2010-10-28 18:58 . 2010-06-23 12:06 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe

+ 2010-10-28 18:58 . 2010-06-24 12:15 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 17408 c:\windows\ie7updates\KB2360131-IE7\corpol.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\pngfilt.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 52224 c:\windows\ie7updates\KB2183461-IE7\msfeedsbs.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 27648 c:\windows\ie7updates\KB2183461-IE7\jsproxy.dll

+ 2010-08-23 19:24 . 2010-05-04 12:39 13824 c:\windows\ie7updates\KB2183461-IE7\ieudinit.exe

+ 2010-08-23 19:24 . 2010-05-04 17:20 44544 c:\windows\ie7updates\KB2183461-IE7\iernonce.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 78336 c:\windows\ie7updates\KB2183461-IE7\ieencode.dll

+ 2010-08-23 19:24 . 2010-05-04 12:39 70656 c:\windows\ie7updates\KB2183461-IE7\ie4uinit.exe

+ 2010-08-23 19:24 . 2010-05-04 17:20 63488 c:\windows\ie7updates\KB2183461-IE7\icardie.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 17408 c:\windows\ie7updates\KB2183461-IE7\corpol.dll

+ 2010-08-23 19:08 . 2008-04-14 00:11 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll

+ 2010-10-04 04:28 . 2008-04-14 00:12 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe

+ 2010-10-28 18:59 . 2008-04-14 00:12 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll

+ 2010-10-04 04:15 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe

+ 2010-10-04 04:15 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982802\update\spcustom.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982802\spmsg.dll

+ 2010-08-23 19:08 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll

+ 2010-08-23 19:08 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll

+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll

+ 2010-10-28 18:58 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll

+ 2010-10-28 18:58 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll

+ 2010-08-23 19:09 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll

+ 2010-08-23 19:09 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll

+ 2010-10-28 18:20 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll

+ 2010-10-28 18:20 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981957\spmsg.dll

+ 2010-08-23 19:23 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll

+ 2010-08-10 23:57 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll

+ 2010-08-23 19:23 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll

+ 2010-10-04 04:24 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll

+ 2010-10-04 04:24 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll

+ 2010-08-23 19:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll

+ 2010-08-23 19:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll

+ 2010-10-28 18:57 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll

+ 2010-10-28 18:57 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll

+ 2010-10-28 18:19 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll

+ 2010-10-28 18:19 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll

+ 2010-10-28 18:58 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360131-IE7\update\spcustom.dll

+ 2010-10-28 18:58 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360131-IE7\spmsg.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 44544 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\pngfilt.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 52224 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\msfeedsbs.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 27648 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\jsproxy.dll

+ 2010-09-08 15:47 . 2010-09-08 15:47 13824 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieudinit.exe

+ 2010-09-09 13:36 . 2010-09-09 13:36 44544 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iernonce.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 78336 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieencode.dll

+ 2010-09-08 15:47 . 2010-09-08 15:47 70656 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ie4uinit.exe

+ 2010-09-09 13:36 . 2010-09-09 13:36 63488 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\icardie.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 17408 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\corpol.dll

+ 2010-10-04 04:28 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll

+ 2010-10-04 04:28 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll

+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

+ 2010-10-28 18:59 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll

+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll

+ 2010-08-23 19:09 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll

+ 2010-08-23 19:09 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll

+ 2010-10-04 04:28 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll

+ 2010-10-04 04:28 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll

+ 2010-07-14 23:42 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll

+ 2010-07-14 23:42 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2183461-IE7\update\spcustom.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2183461-IE7\spmsg.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 44544 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\pngfilt.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 52224 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\msfeedsbs.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 27648 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\jsproxy.dll

+ 2010-06-23 11:28 . 2010-06-23 11:28 13824 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieudinit.exe

+ 2010-06-24 12:16 . 2010-06-24 12:16 44544 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iernonce.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 78336 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieencode.dll

+ 2010-06-23 11:28 . 2010-06-23 11:28 70656 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ie4uinit.exe

+ 2010-06-24 12:16 . 2010-06-24 12:16 63488 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\icardie.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 17408 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\corpol.dll

+ 2010-08-23 19:22 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll

+ 2010-08-23 19:22 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2160329\spmsg.dll

+ 2010-10-04 04:16 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll

+ 2010-10-04 04:16 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll

+ 2009-05-02 19:37 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll

+ 2007-12-21 06:21 . 2004-01-08 16:50 3568 c:\windows\system32\LMOUSE16.DLL

- 2007-12-21 06:21 . 2004-01-08 17:50 3568 c:\windows\system32\LMOUSE16.DLL

- 2010-05-05 14:07 . 2010-05-05 14:07 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2010-10-22 11:57 . 2010-10-22 11:57 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2010-10-04 04:27 . 2008-05-03 11:55 2560 c:\windows\$NtUninstallKB982802$\xpsp4res.dll

+ 2010-10-28 18:19 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll

+ 2010-10-28 18:59 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll

+ 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\$hf_mig$\KB982802\SP3QFE\xpsp4res.dll

+ 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll

+ 2010-10-14 02:22 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll

+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 07:05 . 2009-07-12 07:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-06-27 02:07 . 2009-06-27 02:07 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll

+ 2009-06-27 02:07 . 2009-06-27 02:07 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll

+ 2009-06-27 02:10 . 2009-06-27 02:10 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcm90.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2009-06-27 02:07 . 2009-06-27 02:07 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_35349982\atl90.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2009-07-12 09:12 . 2009-07-12 09:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

+ 2009-07-12 09:09 . 2009-07-12 09:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

+ 2009-07-12 09:08 . 2009-07-12 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll

+ 2004-08-04 10:00 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll

- 2004-08-04 10:00 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 832512 c:\windows\system32\wininet.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 832512 c:\windows\system32\wininet.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll

+ 2010-07-17 01:36 . 1997-09-28 20:22 721168 c:\windows\system32\VB40032.DLL

- 2004-08-04 10:00 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll

+ 2004-08-04 10:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll

- 2004-08-04 10:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll

+ 2004-08-04 10:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll

+ 2004-08-04 10:00 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll

+ 2004-08-04 10:00 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll

+ 2007-12-07 05:43 . 2010-11-06 14:55 177696 c:\windows\system32\Restore\rstrlog.dat

- 2004-08-04 10:00 . 2010-06-22 19:00 446154 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2011-03-23 07:22 446154 c:\windows\system32\perfh009.dat

- 2004-08-04 10:00 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll

+ 2010-03-05 17:13 . 2010-03-05 17:13 947472 c:\windows\system32\msjava.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll

+ 2007-08-14 02:54 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll

- 2006-10-19 05:47 . 2006-10-19 05:47 317440 c:\windows\system32\MP4SDECD.dll

+ 2006-10-19 05:47 . 2010-03-30 19:24 317440 c:\windows\system32\mp4sdecd.dll

+ 2004-08-04 10:00 . 2010-09-18 19:23 974848 c:\windows\system32\mfc42u.dll

+ 2004-08-04 10:00 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll

+ 2004-08-04 10:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll

+ 2004-08-04 10:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 136568 c:\windows\system32\Macromed\Shockwave 10\SCC.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll

- 2010-04-29 10:11 . 2010-04-29 10:11 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 810496 c:\windows\system32\Macromed\Shockwave 10\gi.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll

- 2010-04-29 10:10 . 2010-04-29 10:10 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll

+ 2011-03-09 21:16 . 2011-03-09 21:16 234656 c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe

+ 2011-03-09 21:16 . 2011-03-09 21:16 311456 c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.dll

+ 2010-12-18 04:25 . 2010-11-13 02:53 157472 c:\windows\system32\javaws.exe

+ 2010-12-18 04:25 . 2010-11-13 02:53 145184 c:\windows\system32\javaw.exe

- 2009-10-28 04:47 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe

- 2009-10-28 04:47 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe

+ 2010-12-18 04:25 . 2010-11-13 02:53 145184 c:\windows\system32\java.exe

+ 2007-11-28 03:02 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll

+ 2007-08-14 02:34 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll

- 2007-08-14 02:34 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll

- 2007-07-11 20:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll

+ 2007-07-11 20:27 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll

+ 2004-08-04 10:00 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll

- 2004-08-04 10:00 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll

+ 2009-05-02 19:36 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe

+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll

+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll

+ 2008-10-14 17:16 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys

+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll

+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll

+ 2007-11-29 23:34 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-03-30 19:24 . 2010-03-30 19:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll

+ 2004-08-04 10:00 . 2010-09-18 19:23 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2010-10-14 02:24 . 2010-09-18 06:53 974848 c:\windows\system32\dllcache\mfc42.dll

+ 2004-08-04 10:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll

+ 2004-08-04 10:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll

+ 2007-11-28 03:02 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2007-11-28 03:02 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe

+ 2007-11-29 23:34 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll

- 2007-11-29 23:34 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-11-29 23:34 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2007-11-29 23:34 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2004-08-04 10:00 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll

- 2004-08-04 10:00 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2010-07-14 14:23 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe

- 2006-03-04 03:33 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2006-03-04 03:33 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2006-03-04 03:33 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2010-10-14 02:23 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll

+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll

+ 2010-06-29 18:52 . 2010-11-13 02:53 472808 c:\windows\system32\deployJava1.dll

- 2007-12-21 06:21 . 2004-01-08 17:50 104960 c:\windows\system32\COMNCTR.DLL

+ 2007-12-21 06:21 . 2004-01-08 16:50 104960 c:\windows\system32\COMNCTR.DLL

+ 2004-08-04 10:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll

- 2004-08-04 10:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll

+ 2004-08-04 10:00 . 2010-09-01 11:51 285824 c:\windows\system32\atmfd.dll

- 2004-08-04 10:00 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll

- 2010-05-05 14:05 . 2010-05-05 14:05 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2010-10-22 11:56 . 2010-10-22 11:56 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2010-10-22 12:05 . 2010-10-22 12:05 467224 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1159615.exe

+ 2010-10-22 11:46 . 2010-10-22 11:46 136568 c:\windows\system32\Adobe\Shockwave 11\SCC.dll

+ 2010-10-22 11:58 . 2010-10-22 11:58 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll

- 2010-05-05 14:08 . 2010-05-05 14:08 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll

- 2010-05-05 14:06 . 2010-05-05 14:06 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2010-10-22 11:57 . 2010-10-22 11:57 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 810496 c:\windows\system32\Adobe\Shockwave 11\gi.dll

- 2010-05-05 14:05 . 2010-05-05 14:05 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2010-10-22 11:56 . 2010-10-22 11:56 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll

- 2010-05-05 14:37 . 2010-05-05 14:37 213272 c:\windows\system32\Adobe\Director\SwDir.dll

+ 2010-10-22 12:05 . 2010-10-22 12:05 213272 c:\windows\system32\Adobe\Director\SwDir.dll

+ 2010-10-22 11:57 . 2010-10-22 11:57 131072 c:\windows\system32\Adobe\Director\np32dsw.dll

- 2010-05-05 14:07 . 2010-05-05 14:07 131072 c:\windows\system32\Adobe\Director\np32dsw.dll

- 2007-11-28 03:02 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe

+ 2007-11-28 03:02 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe

Link to post
Share on other sites

ComboFix, Part 2:

+ 2010-10-13 03:56 . 2010-10-13 03:56 180224 c:\windows\Installer\94344.msi

+ 2010-06-29 03:53 . 2010-06-29 03:53 386048 c:\windows\Installer\6784a.msi

+ 2010-06-29 03:51 . 2010-06-29 03:51 438784 c:\windows\Installer\67843.msi

+ 2010-11-15 03:09 . 2010-11-15 03:09 811008 c:\windows\Installer\6446c0.msi

+ 2010-07-13 04:25 . 2010-07-13 04:25 228352 c:\windows\Installer\5b4af0a.msi

+ 2011-04-28 02:46 . 2011-04-28 02:46 356352 c:\windows\Installer\4d62b36.msi

+ 2011-04-28 02:39 . 2011-04-28 02:39 316928 c:\windows\Installer\4d62b15.msi

+ 2011-04-28 02:39 . 2011-04-28 02:39 315392 c:\windows\Installer\4d62b0f.msi

+ 2011-04-28 02:39 . 2011-04-28 02:39 356864 c:\windows\Installer\4d62b09.msi

+ 2011-04-28 02:38 . 2011-04-28 02:38 359424 c:\windows\Installer\4d62b03.msi

+ 2011-04-28 02:38 . 2011-04-28 02:38 316416 c:\windows\Installer\4d62afd.msi

+ 2011-04-28 02:38 . 2011-04-28 02:38 356352 c:\windows\Installer\4d62af7.msi

+ 2010-06-28 04:08 . 2010-06-28 04:08 219648 c:\windows\Installer\40ff7c.msi

+ 2010-09-23 01:10 . 2010-09-23 01:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 832512 c:\windows\ie7updates\KB2360131-IE7\wininet.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll

+ 2010-10-28 18:58 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll

+ 2010-10-28 18:58 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe

+ 2010-10-28 18:58 . 2010-06-24 12:15 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll

+ 2010-10-28 18:58 . 2010-06-17 15:12 634656 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe

+ 2010-10-28 18:58 . 2010-06-24 12:15 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 192512 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 380928 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll

+ 2010-10-28 18:58 . 2010-06-17 15:11 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 832512 c:\windows\ie7updates\KB2183461-IE7\wininet.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 233472 c:\windows\ie7updates\KB2183461-IE7\webcheck.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 105984 c:\windows\ie7updates\KB2183461-IE7\url.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2183461-IE7\spuninst\updspapi.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2183461-IE7\spuninst\spuninst.exe

+ 2010-08-23 19:24 . 2010-05-04 17:20 102912 c:\windows\ie7updates\KB2183461-IE7\occache.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 671232 c:\windows\ie7updates\KB2183461-IE7\mstime.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 193024 c:\windows\ie7updates\KB2183461-IE7\msrating.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 477696 c:\windows\ie7updates\KB2183461-IE7\mshtmled.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 459264 c:\windows\ie7updates\KB2183461-IE7\msfeeds.dll

+ 2010-08-23 19:24 . 2010-04-16 11:43 634656 c:\windows\ie7updates\KB2183461-IE7\iexplore.exe

+ 2010-08-23 19:24 . 2010-05-04 17:20 268288 c:\windows\ie7updates\KB2183461-IE7\iertutil.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 192512 c:\windows\ie7updates\KB2183461-IE7\iepeers.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 385024 c:\windows\ie7updates\KB2183461-IE7\iedkcs32.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 380928 c:\windows\ie7updates\KB2183461-IE7\ieapfltr.dll

+ 2010-08-23 19:24 . 2010-04-16 11:43 161792 c:\windows\ie7updates\KB2183461-IE7\ieakui.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 230400 c:\windows\ie7updates\KB2183461-IE7\ieaksie.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 153088 c:\windows\ie7updates\KB2183461-IE7\ieakeng.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 133120 c:\windows\ie7updates\KB2183461-IE7\extmgr.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 214528 c:\windows\ie7updates\KB2183461-IE7\dxtrans.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 347136 c:\windows\ie7updates\KB2183461-IE7\dxtmsft.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 124928 c:\windows\ie7updates\KB2183461-IE7\advpack.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982802$\spuninst\updspapi.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982802$\spuninst\spuninst.exe

+ 2010-10-04 04:27 . 2009-04-15 14:51 585216 c:\windows\$NtUninstallKB982802$\rpcrt4.dll

+ 2010-08-23 19:08 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll

+ 2010-08-23 19:08 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe

+ 2010-08-23 19:24 . 2009-12-31 16:50 353792 c:\windows\$NtUninstallKB982214$\srv.sys

+ 2010-08-23 19:24 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe

+ 2010-10-28 18:58 . 2009-10-15 16:28 119808 c:\windows\$NtUninstallKB982132$\t2embed.dll

+ 2010-10-28 18:58 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll

+ 2010-10-28 18:58 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe

+ 2010-08-23 19:09 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll

+ 2010-08-23 19:09 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe

+ 2010-10-28 18:20 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981957$\spuninst\updspapi.dll

+ 2010-10-28 18:20 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe

+ 2010-08-23 19:23 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll

+ 2010-08-23 19:23 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe

+ 2010-10-04 04:24 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll

+ 2010-10-04 04:24 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll

+ 2010-10-04 04:24 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe

+ 2010-08-23 19:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll

+ 2010-08-23 19:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe

+ 2010-08-23 19:22 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll

+ 2010-10-28 18:57 . 2008-04-21 12:08 215552 c:\windows\$NtUninstallKB979687$\wordpad.exe

+ 2010-10-28 18:57 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll

+ 2010-10-28 18:57 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe

+ 2010-10-04 04:28 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll

+ 2010-10-04 04:28 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe

+ 2010-10-04 04:28 . 2006-10-19 05:47 317440 c:\windows\$NtUninstallKB975558_WM8$\mp4sdecd.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe

+ 2010-10-28 18:59 . 2006-10-14 08:13 981760 c:\windows\$NtUninstallKB2387149$\mfc42u.dll

+ 2010-10-28 18:59 . 2008-04-14 00:11 927504 c:\windows\$NtUninstallKB2387149$\mfc40u.dll

+ 2010-10-28 18:59 . 2004-08-04 10:00 924432 c:\windows\$NtUninstallKB2387149$\mfc40.dll

+ 2010-10-28 18:58 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll

+ 2010-10-28 18:58 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe

+ 2010-10-28 18:19 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll

+ 2010-10-28 18:19 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe

+ 2010-10-28 18:19 . 2010-07-22 15:49 590848 c:\windows\$NtUninstallKB2360937$\rpcrt4.dll

+ 2010-10-04 04:28 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll

+ 2010-10-04 04:28 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe

+ 2010-10-28 18:59 . 2010-06-21 15:27 354304 c:\windows\$NtUninstallKB2345886$\srv.sys

+ 2010-10-28 18:59 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe

+ 2010-10-28 18:59 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll

+ 2010-10-28 18:59 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe

+ 2010-10-28 18:59 . 2008-04-14 00:11 617472 c:\windows\$NtUninstallKB2296011$\comctl32.dll

+ 2010-08-23 19:09 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll

+ 2010-08-23 19:09 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe

+ 2010-10-28 18:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2279986$\spuninst\updspapi.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe

+ 2010-10-28 18:59 . 2010-04-20 05:30 285696 c:\windows\$NtUninstallKB2279986$\atmfd.dll

+ 2010-10-04 04:28 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll

+ 2010-10-04 04:28 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe

+ 2010-07-14 23:42 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll

+ 2010-07-14 23:42 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe

+ 2010-07-14 23:42 . 2008-04-14 00:12 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe

+ 2010-08-23 19:22 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll

+ 2010-08-23 19:22 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe

+ 2010-10-04 04:15 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll

+ 2010-10-04 04:15 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe

+ 2010-10-04 04:16 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll

+ 2010-10-04 04:16 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe

+ 2010-10-04 04:16 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll

+ 2010-10-04 04:27 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe

+ 2010-08-23 19:23 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe

+ 2010-08-23 19:23 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe

+ 2010-10-04 04:27 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982802\update\updspapi.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982802\update\update.exe

+ 2010-10-04 04:27 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982802\spuninst.exe

+ 2010-07-23 06:13 . 2010-07-23 06:13 590848 c:\windows\$hf_mig$\KB982802\SP3QFE\rpcrt4.dll

+ 2010-08-23 19:08 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll

+ 2010-08-23 19:08 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe

+ 2010-08-23 19:08 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe

+ 2010-08-23 19:24 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe

+ 2010-08-23 19:24 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe

+ 2010-08-10 23:57 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys

+ 2010-10-28 18:58 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982132\update\updspapi.dll

+ 2010-10-28 18:58 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982132\update\update.exe

+ 2010-10-28 18:58 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982132\spuninst.exe

+ 2010-08-27 08:01 . 2010-08-27 08:01 119808 c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll

+ 2010-08-23 19:09 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll

+ 2010-08-23 19:09 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe

+ 2010-08-23 19:09 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe

+ 2010-10-28 18:20 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981957\update\updspapi.dll

+ 2010-10-28 18:20 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981957\update\update.exe

+ 2010-10-28 18:20 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981957\spuninst.exe

+ 2010-08-23 19:23 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll

+ 2010-08-23 19:23 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe

+ 2010-08-23 19:23 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe

+ 2010-10-04 04:24 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll

+ 2010-10-04 04:24 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe

+ 2010-10-04 04:24 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe

+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

+ 2010-08-23 19:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll

+ 2010-08-23 19:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe

+ 2010-08-23 19:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe

+ 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll

+ 2010-10-28 18:57 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979687\update\updspapi.dll

+ 2010-10-28 18:57 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979687\update\update.exe

+ 2010-10-28 18:57 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979687\spuninst.exe

+ 2010-07-12 13:02 . 2010-07-12 13:02 218112 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe

+ 2010-10-28 18:59 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2387149\update\updspapi.dll

+ 2010-10-28 18:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2387149\update\update.exe

+ 2010-10-28 18:59 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2387149\spuninst.exe

+ 2010-10-14 02:24 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll

+ 2010-10-14 02:24 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll

+ 2010-10-14 02:24 . 2010-09-18 07:18 953856 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

+ 2010-10-14 02:24 . 2010-09-18 07:18 954368 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll

+ 2010-10-28 18:19 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360937\update\updspapi.dll

+ 2010-10-28 18:19 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360937\update\update.exe

+ 2010-10-28 18:19 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360937\spuninst.exe

+ 2010-10-14 02:22 . 2010-08-16 08:43 590848 c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll

+ 2010-10-28 18:58 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360131-IE7\update\updspapi.dll

+ 2010-10-28 18:58 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360131-IE7\update\update.exe

+ 2010-10-28 18:58 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360131-IE7\spuninst.exe

+ 2010-09-09 13:36 . 2010-09-09 13:36 841216 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\wininet.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 233472 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\webcheck.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 105984 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\url.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 102912 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\occache.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 671232 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\mstime.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 193024 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\msrating.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 478208 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\mshtmled.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 468480 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\msfeeds.dll

+ 2010-08-25 11:07 . 2010-08-25 11:07 634648 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe

+ 2010-09-09 13:36 . 2010-09-09 13:36 268288 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iertutil.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 193024 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iepeers.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 388608 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\iedkcs32.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 380928 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieapfltr.dll

+ 2010-08-25 11:06 . 2010-08-25 11:06 161792 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieakui.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 230400 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieaksie.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 153088 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieakeng.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 132608 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\extmgr.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 214528 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\dxtrans.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 347136 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\dxtmsft.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 124928 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\advpack.dll

+ 2010-10-04 04:28 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll

+ 2010-10-04 04:28 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe

+ 2010-10-04 04:28 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe

+ 2010-10-28 18:59 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll

+ 2010-10-28 18:59 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe

+ 2010-10-28 18:59 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe

+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys

+ 2010-08-23 19:09 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll

+ 2010-08-23 19:09 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe

+ 2010-08-23 19:09 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe

+ 2010-10-28 18:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2279986\update\updspapi.dll

+ 2010-10-28 18:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2279986\update\update.exe

+ 2010-10-28 18:59 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2279986\spuninst.exe

+ 2010-09-01 11:48 . 2010-09-01 11:48 285824 c:\windows\$hf_mig$\KB2279986\SP3QFE\atmfd.dll

+ 2010-10-04 04:28 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll

+ 2010-10-04 04:28 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe

+ 2010-10-04 04:28 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe

+ 2010-07-14 23:42 . 2010-02-23 02:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll

+ 2010-07-14 23:42 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe

+ 2010-07-14 23:42 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe

+ 2010-07-14 14:23 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe

+ 2010-08-23 19:24 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2183461-IE7\update\updspapi.dll

+ 2010-08-23 19:24 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2183461-IE7\update\update.exe

+ 2010-08-23 19:24 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2183461-IE7\spuninst.exe

+ 2010-06-24 12:16 . 2010-06-24 12:16 841216 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 233472 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\webcheck.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 105984 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\url.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 102912 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\occache.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 671232 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mstime.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 193024 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\msrating.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 477696 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtmled.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 459264 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\msfeeds.dll

+ 2010-06-17 14:45 . 2010-06-17 14:45 634648 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe

+ 2010-06-24 12:16 . 2010-06-24 12:16 268288 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iertutil.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 193024 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iepeers.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 388608 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\iedkcs32.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 380928 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieapfltr.dll

+ 2010-06-17 14:43 . 2010-06-17 14:43 161792 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieakui.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 230400 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieaksie.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 153088 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieakeng.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 132608 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\extmgr.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 214528 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\dxtrans.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 347136 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\dxtmsft.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 124928 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\advpack.dll

+ 2010-08-23 19:22 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2160329\update\updspapi.dll

+ 2010-08-23 19:22 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2160329\update\update.exe

+ 2010-08-23 19:22 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2160329\spuninst.exe

+ 2010-10-04 04:16 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll

+ 2010-10-04 04:16 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe

+ 2010-10-04 04:16 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe

+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll

+ 2010-10-04 04:27 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe

+ 2010-10-04 04:27 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe

+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe

+ 2010-08-23 19:23 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe

+ 2010-08-23 19:23 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll

+ 2010-08-23 19:23 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe

+ 2010-08-23 19:23 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe

+ 2010-10-14 02:23 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 07:02 . 2009-07-12 07:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2009-06-27 02:07 . 2009-06-27 02:07 3780416 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90u.dll

+ 2009-06-27 02:07 . 2009-06-27 02:07 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2009-07-12 03:46 . 2009-07-12 03:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll

+ 2009-07-12 03:46 . 2009-07-12 03:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll

+ 2004-08-04 10:00 . 2010-08-31 13:42 1852800 c:\windows\system32\win32k.sys

- 2006-03-18 11:09 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll

+ 2006-03-18 11:09 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll

+ 2004-08-04 10:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll

+ 2004-08-04 10:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll

+ 2005-03-30 01:21 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe

- 2005-03-30 01:21 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe

- 2005-03-30 01:01 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe

+ 2005-03-30 01:01 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe

+ 2004-08-04 10:00 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll

- 2004-08-04 10:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll

+ 2006-03-23 17:32 . 2010-09-09 13:38 3601920 c:\windows\system32\mshtml.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 2224816 c:\windows\system32\Macromed\Shockwave 10\gt.exe

+ 2010-10-22 11:46 . 2010-10-22 11:46 1495040 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll

+ 2007-08-14 02:54 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll

+ 2007-11-27 18:49 . 2011-05-12 18:37 3813648 c:\windows\system32\FNTCACHE.DAT

+ 2008-10-14 17:15 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys

- 2006-03-18 11:09 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2006-03-18 11:09 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\sfcfiles.dll

+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll

- 2008-10-14 17:15 . 2010-02-17 16:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-10-14 17:15 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-10-14 17:15 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

- 2008-10-14 17:15 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-10-14 17:15 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2008-10-14 17:15 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-10-14 17:15 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2008-10-14 17:15 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-11-12 00:03 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll

- 2008-11-12 00:03 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2006-03-23 17:32 . 2010-09-09 13:38 3601920 c:\windows\system32\dllcache\mshtml.dll

+ 2007-11-28 03:02 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe

- 2007-11-28 03:02 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe

+ 2007-11-29 23:34 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll

+ 2010-10-22 11:49 . 2010-10-22 11:49 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll

- 2010-05-05 13:40 . 2010-05-05 13:40 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2010-10-22 11:46 . 2010-10-22 11:46 2224816 c:\windows\system32\Adobe\Shockwave 11\gt.exe

+ 2010-10-22 11:51 . 2010-10-22 11:51 1802240 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2010-11-11 01:15 . 2010-11-11 01:15 2642944 c:\windows\Installer\c77a89.msi

+ 2011-04-28 02:48 . 2011-04-28 02:48 2096128 c:\windows\Installer\4d62b42.msi

+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\49bf1.msp

+ 2010-10-22 00:11 . 2010-10-22 00:11 2642944 c:\windows\Installer\452b880.msi

+ 2010-10-08 02:59 . 2010-10-08 02:59 3940864 c:\windows\Installer\3f05f.msi

+ 2010-09-16 10:08 . 2010-09-16 10:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 1168384 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 3600896 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll

+ 2010-10-28 18:58 . 2010-06-24 12:15 6067200 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 1168384 c:\windows\ie7updates\KB2183461-IE7\urlmon.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 3600384 c:\windows\ie7updates\KB2183461-IE7\mshtml.dll

+ 2010-08-23 19:24 . 2010-05-04 17:20 6067200 c:\windows\ie7updates\KB2183461-IE7\ieframe.dll

+ 2008-10-14 17:15 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2008-10-14 17:15 . 2010-02-17 16:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2008-10-14 17:15 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-14 17:15 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-14 17:15 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-14 17:15 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-10-14 17:15 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2008-10-14 17:15 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2010-08-23 19:09 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe

+ 2010-10-28 18:20 . 2010-06-23 13:44 1851904 c:\windows\$NtUninstallKB981957$\win32k.sys

+ 2010-08-23 19:23 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe

+ 2010-08-23 19:23 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe

+ 2010-08-23 19:23 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe

+ 2010-08-23 19:23 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe

+ 2010-10-28 18:57 . 2008-04-14 00:12 1287168 c:\windows\$NtUninstallKB979687$\ole32.dll

+ 2010-10-28 18:59 . 2008-04-14 00:11 1028096 c:\windows\$NtUninstallKB2387149$\mfc42.dll

+ 2010-08-23 19:09 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll

+ 2010-08-23 19:22 . 2010-05-02 05:22 1851264 c:\windows\$NtUninstallKB2160329$\win32k.sys

+ 2010-08-23 19:23 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll

+ 2010-08-10 23:50 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe

+ 2010-08-31 13:38 . 2010-08-31 13:38 1861888 c:\windows\$hf_mig$\KB981957\SP3QFE\win32k.sys

+ 2010-08-10 23:57 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe

+ 2010-08-10 23:57 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe

+ 2010-04-28 14:14 . 2010-04-28 14:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe

+ 2010-08-10 23:57 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe

+ 2010-07-16 12:04 . 2010-07-16 12:04 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 1171968 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\urlmon.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 3605504 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\mshtml.dll

+ 2010-09-09 13:36 . 2010-09-09 13:36 6080000 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieframe.dll

+ 2010-10-14 02:25 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\ieapfltr.dat

+ 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 1171968 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\urlmon.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 3603968 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll

+ 2010-06-24 12:16 . 2010-06-24 12:16 6071296 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieframe.dll

+ 2010-08-10 23:58 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\ieapfltr.dat

+ 2010-06-24 02:14 . 2010-06-24 02:14 1861120 c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys

+ 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll

- 2004-08-04 10:00 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll

+ 2004-08-04 10:00 . 2010-08-26 06:36 10841088 c:\windows\system32\wmp.dll

+ 2007-11-29 02:26 . 2010-10-28 18:21 35385288 c:\windows\system32\MRT.exe

+ 2010-10-28 18:58 . 2009-07-14 06:43 10841088 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StacSysTray"="c:\program files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe" [2004-04-29 102400]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Fbijijamehigatag"="c:\windows\itedufodizir.dll" [bU]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

IEEE 802.11g USB Wireless LAN Utility.lnk - c:\program files\Wireless LAN\WLanUtil.exe [2007-11-27 393216]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\Rob\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

2005-04-05 02:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-09-08 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-03-29 22:41 222128 ----a-w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-12-17 16:50 19968 ------w- c:\windows\LOGI_MWX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-11-30 06:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]

2009-06-25 21:30 338456 ----a-w- c:\program files\Starfield\Desktop Notifier\wben.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\Program Files\\Halo\\halo.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\Program Files\\Download Accelerator Plus\\DAP.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\VLC\\SlimDVD\\vlc.exe"=

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/27/2010 9:09 PM 136360]

R2 SigService;Sigmatel Service;c:\program files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe [11/27/2007 8:49 PM 81920]

S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys --> c:\windows\system32\drivers\klmd.sys [?]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 11:29 AM 118106]

S3 pnicml;pnicml;\??\c:\docume~1\Rob\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Rob\LOCALS~1\Temp\pnicml.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROB-CCA219EB460-Rob.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-28 10:44]

.

2011-05-18 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]

.

.

------- Supplementary Scan -------

.

IE: &Clean Traces - c:\program files\Download Accelerator Plus\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\Download Accelerator Plus\dapextie.htm

IE: Download &all with DAP - c:\program files\Download Accelerator Plus\dapextie2.htm

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Notify-itlntfy - itlnfw32.dll

MSConfigStartUp-MaxMenuMgr - c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-18 15:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600BEVE-00UYT0 rev.01.04A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86EEC53B

user & kernel MBR OK

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c0,e0,d6,b4,b9,a1,21,c7,f5,b5,bc,c5,9c,55,e8,60,9d,3f,ce,d0,10,24,71,

30,0a,f7,e7,0c,f5,a5,a1,d0,da,3d,75,c8,97,9d,91,8a,77,88,6e,b4,6a,66,9c,b3,\

"??"=hex:59,52,4d,96,40,27,6e,8f,7c,35,3d,81,cd,0f,89,4c

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:c2,1e,91,d7,9c,ef,c0,ad,7f,a9,be,b9,ef,ec,85,23,86,18,f1,f2,41,

6c,29,51,55,a2,cd,23,74,8d,c0,a9,68,0c,02,cf,15,85,69,26,eb,9d,4f,2c,a3,09,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(836)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1572)

c:\windows\system32\WININET.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe

c:\program files\Logitech\MouseWare\system\em_exec.exe

.

**************************************************************************

.

Completion time: 2011-05-18 15:31:20 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-18 22:31

ComboFix2.txt 2010-06-23 04:35

ComboFix3.txt 2010-06-22 19:27

ComboFix4.txt 2010-05-12 22:39

.

Pre-Run: 19,405,406,208 bytes free

Post-Run: 20,852,633,600 bytes free

.

- - End Of File - - 70D6856FB42414970BB99908476F983B

Link to post
Share on other sites

DDS Log, Part 1:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Rob at 16:20:16.54 on Wed 05/18/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.520 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Pro Firewall *Enabled*

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\windows\system32\Ati2evxx.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\windows\system32\wscntfy.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\windows\explorer.exe

C:\Documents and Settings\Rob\Desktop\May VIRUS Fix\dds.scr

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\downlo~1\DAPIEL~1.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

mRun: [stacSysTray] c:\program files\sigmatel\c-major audio\controlpanel\StacSysTray.exe

mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Fbijijamehigatag] rundll32.exe "c:\windows\itedufodizir.dll",Startup

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ieee80~1.lnk - c:\program files\wireless lan\WLanUtil.exe

mPolicies-explorer: <NO NAME> =

IE: &Clean Traces - c:\program files\download accelerator plus\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\download accelerator plus\dapextie.htm

IE: Download &all with DAP - c:\program files\download accelerator plus\dapextie2.htm

Link to post
Share on other sites

DDS Log, Part 2:

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Link to post
Share on other sites

Attempting to attach the orig DDS Log. I know you prefer copy/paste, but this forum is not allowing me to do so.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-27 11608]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-28 270672]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-27 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-27 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-27 61960]

R2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2007-11-27 81920]

S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys --> c:\windows\system32\drivers\klmd.sys [?]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]

S3 pnicml;pnicml;\??\c:\docume~1\rob\locals~1\temp\pnicml.sys --> c:\docume~1\rob\locals~1\temp\pnicml.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

.

=============== Created Last 30 ================

.

2011-05-18 21:37:55 98816 ----a-w- c:\windows\sed.exe

2011-05-18 21:37:55 89088 ----a-w- c:\windows\MBR.exe

2011-05-18 21:37:55 256512 ----a-w- c:\windows\PEV.exe

2011-05-18 21:37:55 161792 ----a-w- c:\windows\SWREG.exe

2011-05-14 03:03:03 -------- d-----w- c:\docume~1\rob\locals~1\applic~1\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}

2011-04-28 17:47:27 -------- d-----w- c:\docume~1\rob\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-04-28 02:59:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2011-04-28 02:37:12 -------- d-----w- c:\program files\Adobe CS5

2011-04-23 07:51:14 -------- d-----w- c:\docume~1\rob\applic~1\FLV Extract

.

==================== Find3M ====================

.

2011-05-18 21:46:37 0 ----a-w- c:\windows\Rxesalifipulukel.bin

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600BEVE-00UYT0 rev.01.04A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EEC6F0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ef2a10]; MOV EAX, [0x86ef2a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86F5EAB8]

3 CLASSPNP[0xF763CFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000084[0x86F7C138]

5 ACPI[0xF7593620] -> nt!IofCallDriver[0x804E13B9] -> [0x86F88D08]

\Driver\atapi[0x86F70A08] -> IRP_MJ_CREATE -> 0x86EEC6F0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86EEC53B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 16:21:24.95 ===============

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

Chris,

Did as you instructed. I think the Recovery Console installed, but I'm not 100% sure. FYI, upon re-boot from TDSSKiller, I got the following RUNDLL Error: cannot find file c:\windows\itedufodizir.dll. This forum is not letting me post very long messages.

TDSSKiller Log:

2011/05/20 19:30:08.0281 2216 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/20 19:30:08.0296 2216 ================================================================================

2011/05/20 19:30:08.0296 2216 SystemInfo:

2011/05/20 19:30:08.0296 2216

2011/05/20 19:30:08.0296 2216 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/20 19:30:08.0296 2216 Product type: Workstation

2011/05/20 19:30:08.0296 2216 ComputerName: ROB-CCA219EB460

2011/05/20 19:30:08.0296 2216 UserName: Rob

2011/05/20 19:30:08.0296 2216 Windows directory: C:\windows

2011/05/20 19:30:08.0296 2216 System windows directory: C:\windows

2011/05/20 19:30:08.0296 2216 Processor architecture: Intel x86

2011/05/20 19:30:08.0296 2216 Number of processors: 2

2011/05/20 19:30:08.0296 2216 Page size: 0x1000

2011/05/20 19:30:08.0296 2216 Boot type: Normal boot

2011/05/20 19:30:08.0296 2216 ================================================================================

2011/05/20 19:30:09.0312 2216 Initialize success

2011/05/20 19:30:18.0250 3144 ================================================================================

2011/05/20 19:30:18.0250 3144 Scan started

2011/05/20 19:30:18.0250 3144 Mode: Manual;

2011/05/20 19:30:18.0250 3144 ================================================================================

2011/05/20 19:30:19.0984 3144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys

2011/05/20 19:30:20.0015 3144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\DRIVERS\ACPIEC.sys

2011/05/20 19:30:20.0093 3144 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

2011/05/20 19:30:20.0218 3144 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys

2011/05/20 19:30:20.0343 3144 AgereSoftModem (ec1896777c4096be6274c1e11466015f) C:\windows\system32\DRIVERS\AGRSM.sys

2011/05/20 19:30:20.0500 3144 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\windows\system32\DRIVERS\agp440.sys

2011/05/20 19:30:20.0703 3144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys

2011/05/20 19:30:20.0859 3144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

2011/05/20 19:30:20.0937 3144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

2011/05/20 19:30:21.0062 3144 ati2mtag (99f6db087497f55d5f8d971f7689f054) C:\windows\system32\DRIVERS\ati2mtag.sys

2011/05/20 19:30:21.0218 3144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

2011/05/20 19:30:21.0281 3144 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

2011/05/20 19:30:21.0421 3144 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/05/20 19:30:21.0531 3144 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys

2011/05/20 19:30:21.0656 3144 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys

2011/05/20 19:30:21.0750 3144 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\windows\system32\DRIVERS\bcmwl5.sys

2011/05/20 19:30:21.0843 3144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

2011/05/20 19:30:21.0921 3144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

2011/05/20 19:30:22.0000 3144 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys

2011/05/20 19:30:22.0062 3144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

2011/05/20 19:30:22.0140 3144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

2011/05/20 19:30:22.0187 3144 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\windows\system32\DRIVERS\cdrom.sys

2011/05/20 19:30:22.0265 3144 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\windows\system32\drivers\cercsr6.sys

2011/05/20 19:30:22.0375 3144 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\windows\system32\DRIVERS\CmBatt.sys

2011/05/20 19:30:22.0468 3144 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys

2011/05/20 19:30:22.0609 3144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

2011/05/20 19:30:22.0671 3144 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\windows\system32\DLA\DLABOIOM.SYS

2011/05/20 19:30:22.0718 3144 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\windows\system32\Drivers\DLACDBHM.SYS

2011/05/20 19:30:22.0765 3144 DLADResN (83545593e297f50a8e2524b4c071a153) C:\windows\system32\DLA\DLADResN.SYS

2011/05/20 19:30:22.0812 3144 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\windows\system32\DLA\DLAIFS_M.SYS

2011/05/20 19:30:22.0859 3144 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\windows\system32\DLA\DLAOPIOM.SYS

2011/05/20 19:30:22.0906 3144 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\windows\system32\DLA\DLAPoolM.SYS

2011/05/20 19:30:23.0000 3144 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\windows\system32\Drivers\DLARTL_N.SYS

2011/05/20 19:30:23.0031 3144 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\windows\system32\DLA\DLAUDFAM.SYS

2011/05/20 19:30:23.0078 3144 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\windows\system32\DLA\DLAUDF_M.SYS

2011/05/20 19:30:23.0187 3144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys

2011/05/20 19:30:23.0328 3144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys

2011/05/20 19:30:23.0359 3144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

2011/05/20 19:30:23.0406 3144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

2011/05/20 19:30:23.0500 3144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

2011/05/20 19:30:23.0546 3144 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\windows\system32\Drivers\DRVMCDB.SYS

2011/05/20 19:30:23.0593 3144 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\windows\system32\Drivers\DRVNDDM.SYS

2011/05/20 19:30:23.0656 3144 E1000 (de5d0ccce14b774d4de68e44c0d6d980) C:\windows\system32\DRIVERS\e1000325.sys

2011/05/20 19:30:23.0718 3144 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

2011/05/20 19:30:23.0765 3144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys

2011/05/20 19:30:23.0828 3144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys

2011/05/20 19:30:23.0890 3144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys

2011/05/20 19:30:23.0984 3144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys

2011/05/20 19:30:24.0015 3144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

2011/05/20 19:30:24.0093 3144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys

2011/05/20 19:30:24.0125 3144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

2011/05/20 19:30:24.0203 3144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

2011/05/20 19:30:24.0296 3144 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys

2011/05/20 19:30:24.0421 3144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

2011/05/20 19:30:24.0578 3144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys

2011/05/20 19:30:24.0671 3144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

2011/05/20 19:30:24.0765 3144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys

2011/05/20 19:30:24.0796 3144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys

2011/05/20 19:30:24.0875 3144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys

2011/05/20 19:30:24.0921 3144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

2011/05/20 19:30:24.0968 3144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

2011/05/20 19:30:25.0015 3144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

2011/05/20 19:30:25.0093 3144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

2011/05/20 19:30:25.0156 3144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

2011/05/20 19:30:25.0234 3144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys

2011/05/20 19:30:25.0281 3144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys

2011/05/20 19:30:25.0390 3144 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

2011/05/20 19:30:25.0453 3144 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

2011/05/20 19:30:25.0500 3144 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\windows\system32\DRIVERS\L8042pr2.Sys

2011/05/20 19:30:25.0640 3144 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\windows\system32\DRIVERS\LHidFlt2.Sys

2011/05/20 19:30:25.0703 3144 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\windows\system32\Drivers\LHidUsb.Sys

2011/05/20 19:30:25.0781 3144 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\windows\system32\DRIVERS\LMouFlt2.Sys

2011/05/20 19:30:25.0859 3144 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys

2011/05/20 19:30:25.0937 3144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

2011/05/20 19:30:25.0984 3144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys

2011/05/20 19:30:26.0062 3144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys

2011/05/20 19:30:26.0125 3144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys

2011/05/20 19:30:26.0187 3144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

2011/05/20 19:30:26.0218 3144 MR97310_VGA_DUAL_CAMERA (15a7769df62938c56318ed8f95376001) C:\windows\system32\DRIVERS\mr97310v.sys

2011/05/20 19:30:26.0312 3144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

2011/05/20 19:30:26.0359 3144 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys

2011/05/20 19:30:26.0406 3144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

2011/05/20 19:30:26.0453 3144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

2011/05/20 19:30:26.0515 3144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

2011/05/20 19:30:26.0562 3144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

2011/05/20 19:30:26.0640 3144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

2011/05/20 19:30:26.0703 3144 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys

2011/05/20 19:30:26.0781 3144 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys

2011/05/20 19:30:26.0812 3144 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys

2011/05/20 19:30:26.0890 3144 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys

2011/05/20 19:30:26.0937 3144 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys

2011/05/20 19:30:26.0984 3144 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys

2011/05/20 19:30:27.0031 3144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

2011/05/20 19:30:27.0093 3144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys

2011/05/20 19:30:27.0140 3144 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys

2011/05/20 19:30:27.0218 3144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

2011/05/20 19:30:27.0250 3144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

2011/05/20 19:30:27.0343 3144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys

2011/05/20 19:30:27.0437 3144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

2011/05/20 19:30:27.0500 3144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

2011/05/20 19:30:27.0562 3144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

2011/05/20 19:30:27.0625 3144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

2011/05/20 19:30:27.0671 3144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

2011/05/20 19:30:27.0718 3144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys

2011/05/20 19:30:27.0781 3144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys

2011/05/20 19:30:27.0828 3144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

2011/05/20 19:30:27.0875 3144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys

2011/05/20 19:30:27.0921 3144 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys

2011/05/20 19:30:27.0968 3144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys

2011/05/20 19:30:28.0000 3144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\DRIVERS\pcmcia.sys

2011/05/20 19:30:28.0046 3144 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\windows\system32\Drivers\pcouffin.sys

2011/05/20 19:30:28.0281 3144 PLSCSI (0876a00be67460b732ba57d1530fd1c9) C:\windows\system32\DRIVERS\sci0pl.sys

2011/05/20 19:30:28.0531 3144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

2011/05/20 19:30:28.0625 3144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

2011/05/20 19:30:28.0671 3144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

2011/05/20 19:30:28.0765 3144 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys

2011/05/20 19:30:28.0937 3144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

2011/05/20 19:30:29.0000 3144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

2011/05/20 19:30:29.0078 3144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

2011/05/20 19:30:29.0125 3144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

2011/05/20 19:30:29.0187 3144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

2011/05/20 19:30:29.0234 3144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

2011/05/20 19:30:29.0281 3144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys

2011/05/20 19:30:29.0375 3144 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys

2011/05/20 19:30:29.0468 3144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys

2011/05/20 19:30:29.0531 3144 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys

2011/05/20 19:30:29.0609 3144 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\windows\system32\DRIVERS\RimSerial.sys

2011/05/20 19:30:29.0687 3144 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys

2011/05/20 19:30:29.0796 3144 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\windows\system32\drivers\SCDEmu.sys

2011/05/20 19:30:29.0859 3144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

2011/05/20 19:30:29.0921 3144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys

2011/05/20 19:30:29.0984 3144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

2011/05/20 19:30:30.0093 3144 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys

2011/05/20 19:30:30.0171 3144 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\windows\system32\DRIVERS\SONYPVU1.SYS

2011/05/20 19:30:30.0250 3144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

2011/05/20 19:30:30.0312 3144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys

2011/05/20 19:30:30.0390 3144 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys

2011/05/20 19:30:30.0453 3144 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

2011/05/20 19:30:30.0531 3144 STAC97 (a334facf4302f406d260a4051e583132) C:\windows\system32\drivers\STAC97.sys

2011/05/20 19:30:30.0609 3144 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys

2011/05/20 19:30:30.0671 3144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

2011/05/20 19:30:30.0750 3144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

2011/05/20 19:30:30.0937 3144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

2011/05/20 19:30:31.0015 3144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

2011/05/20 19:30:31.0093 3144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

2011/05/20 19:30:31.0171 3144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

2011/05/20 19:30:31.0234 3144 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

2011/05/20 19:30:31.0359 3144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

2011/05/20 19:30:31.0468 3144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys

2011/05/20 19:30:31.0546 3144 USBAtapi2000 (59d65b6b73ad9f721f67f4e0d03b3bce) C:\windows\system32\DRIVERS\sci1pl.sys

2011/05/20 19:30:31.0625 3144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys

2011/05/20 19:30:31.0687 3144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

2011/05/20 19:30:31.0718 3144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

2011/05/20 19:30:31.0765 3144 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

2011/05/20 19:30:31.0828 3144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

2011/05/20 19:30:31.0890 3144 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

2011/05/20 19:30:31.0921 3144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys

2011/05/20 19:30:32.0015 3144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

2011/05/20 19:30:32.0109 3144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys

2011/05/20 19:30:32.0156 3144 vsdatant (3fd658863f4a9c8c9d93751183a294aa) C:\windows\system32\vsdatant.sys

2011/05/20 19:30:32.0296 3144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

2011/05/20 19:30:32.0390 3144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

2011/05/20 19:30:32.0515 3144 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys

2011/05/20 19:30:32.0609 3144 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS

2011/05/20 19:30:32.0687 3144 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys

2011/05/20 19:30:32.0734 3144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys

2011/05/20 19:30:32.0828 3144 \HardDisk2 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/20 19:30:32.0968 3144 ================================================================================

2011/05/20 19:30:32.0968 3144 Scan finished

2011/05/20 19:30:32.0968 3144 ================================================================================

2011/05/20 19:30:32.0984 0540 Detected object count: 1

2011/05/20 19:30:53.0421 0540 \HardDisk2 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/20 19:30:53.0421 0540 \HardDisk2 - ok

2011/05/20 19:30:53.0421 0540 Rootkit.Win32.TDSS.tdl4(\HardDisk2) - User select action: Cure

2011/05/20 19:30:58.0562 3236 Deinitialize success

ComboFix log to follow, if this will let me.

Link to post
Share on other sites

ComboFix Log after Console added:

ComboFix 11-05-17.03 - Rob 05/20/2011 19:47:08.9.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.539 [GMT -7:00]

Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Rob\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))

.

.

2011-05-15 18:35 . 2011-05-15 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-05-14 03:03 . 2011-05-14 03:03 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}

2011-04-28 17:47 . 2011-04-28 17:47 -------- d-----w- c:\documents and settings\Rob\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-04-28 02:59 . 2011-05-07 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-04-28 02:47 . 2011-04-28 02:47 -------- d-----w- c:\program files\Adobe Media Player

2011-04-28 02:37 . 2011-04-28 02:55 -------- d-----w- c:\program files\Adobe CS5

2011-04-23 07:51 . 2011-04-23 08:18 -------- d-----w- c:\documents and settings\Rob\Application Data\FLV Extract

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 19:27 . 2010-06-28 04:09 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-05-18_22.24.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-05-21 02:35 . 2011-05-21 02:35 16384 c:\windows\temp\Perflib_Perfdata_11c.dat

+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 13824 c:\windows\system32\wowfaxui.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv

+ 2004-08-04 10:00 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 45056 c:\windows\system32\wbem\cmdevtgprov.dll

+ 2003-03-13 23:10 . 2003-03-13 23:10 40960 c:\windows\system32\vxdmdcdlg.dll

+ 1999-11-25 01:40 . 1999-11-25 01:40 40960 c:\windows\system32\VBAME.DLL

+ 2001-08-17 22:36 . 2004-08-04 10:00 49211 c:\windows\system32\usrvpa.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 45116 c:\windows\system32\usrvoica.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 49209 c:\windows\system32\usrv80a.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 41019 c:\windows\system32\usrsvpia.dll

+ 2001-08-17 22:37 . 2004-08-04 10:00 69700 c:\windows\system32\usrshuta.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 49211 c:\windows\system32\usrsdpia.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 77883 c:\windows\system32\usrrtosa.dll

+ 2001-08-17 22:37 . 2004-08-04 10:00 61508 c:\windows\system32\usrprbda.exe

+ 2001-08-17 22:37 . 2004-08-04 10:00 77891 c:\windows\system32\usrmlnka.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 53305 c:\windows\system32\usrlbva.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 86073 c:\windows\system32\usrfaxa.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 77890 c:\windows\system32\usrdpa.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 69699 c:\windows\system32\usrcoina.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 61500 c:\windows\system32\usrcntra.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll

+ 2003-02-21 12:16 . 2003-02-21 12:16 49152 c:\windows\system32\URTTemp\regtlib.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 72192 c:\windows\system32\sprio800.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 70656 c:\windows\system32\sprio600.dll

+ 2003-12-05 19:56 . 2003-12-05 19:56 11093 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2sw.DAT

+ 2003-12-05 19:49 . 2003-12-05 19:49 12233 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2sp.DAT

+ 2003-12-05 20:41 . 2003-12-05 20:41 11712 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2ru.DAT

+ 2003-12-05 19:50 . 2003-12-05 19:50 11243 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2nr.DAT

+ 2003-12-05 19:42 . 2003-12-05 19:42 11692 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2it.DAT

+ 2003-12-05 19:41 . 2003-12-05 19:41 11733 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2gr.DAT

+ 2003-12-05 19:07 . 2003-12-05 19:07 12354 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2fn.DAT

+ 2003-12-05 19:03 . 2003-12-05 19:03 11545 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2fi.DAT

+ 2003-12-05 19:04 . 2003-12-05 19:04 10715 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2en.dat

+ 2003-12-08 08:13 . 2003-12-08 08:13 11600 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2dt.DAT

+ 2003-12-08 08:08 . 2003-12-08 08:08 11157 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2dn.DAT

+ 2003-12-08 08:04 . 2003-12-08 08:04 11883 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2bp.DAT

+ 2003-12-05 19:56 . 2003-12-05 19:56 11093 c:\windows\system32\spool\drivers\w32x86\3\mlcb2sw.DAT

+ 2003-12-05 19:49 . 2003-12-05 19:49 12233 c:\windows\system32\spool\drivers\w32x86\3\mlcb2sp.DAT

+ 2003-12-05 20:41 . 2003-12-05 20:41 11712 c:\windows\system32\spool\drivers\w32x86\3\mlcb2ru.DAT

+ 2003-12-05 19:50 . 2003-12-05 19:50 11243 c:\windows\system32\spool\drivers\w32x86\3\mlcb2nr.DAT

+ 2003-12-05 19:42 . 2003-12-05 19:42 11692 c:\windows\system32\spool\drivers\w32x86\3\mlcb2it.DAT

+ 2003-12-05 19:41 . 2003-12-05 19:41 11733 c:\windows\system32\spool\drivers\w32x86\3\mlcb2gr.DAT

+ 2003-12-05 19:07 . 2003-12-05 19:07 12354 c:\windows\system32\spool\drivers\w32x86\3\mlcb2fn.DAT

+ 2003-12-05 19:03 . 2003-12-05 19:03 11545 c:\windows\system32\spool\drivers\w32x86\3\mlcb2fi.DAT

+ 2003-12-05 19:04 . 2008-12-19 20:54 10777 c:\windows\system32\spool\drivers\w32x86\3\mlcb2en.dat

+ 2003-12-08 08:13 . 2003-12-08 08:13 11600 c:\windows\system32\spool\drivers\w32x86\3\mlcb2dt.DAT

+ 2003-12-08 08:08 . 2003-12-08 08:08 11157 c:\windows\system32\spool\drivers\w32x86\3\mlcb2dn.DAT

+ 2003-12-08 08:04 . 2003-12-08 08:04 11883 c:\windows\system32\spool\drivers\w32x86\3\mlcb2bp.DAT

+ 2001-08-17 22:36 . 2004-08-04 10:00 69632 c:\windows\system32\spnike.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 33792 c:\windows\system32\Setup\tabletoc.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 17408 c:\windows\system32\Setup\ocmsn.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 15360 c:\windows\system32\Setup\ocgen.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 62976 c:\windows\system32\Setup\ntoc.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 77312 c:\windows\system32\Setup\netoc.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 15360 c:\windows\system32\Setup\msgrocm.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 90112 c:\windows\system32\Setup\msdtcstp.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 16896 c:\windows\system32\Setup\medctroc.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 32828 c:\windows\system32\Setup\fp40ext.dll

+ 1998-03-25 04:54 . 1998-03-25 04:54 15872 c:\windows\system32\SCP32.DLL

+ 2004-08-04 00:56 . 2008-04-14 00:12 15360 c:\windows\system32\pjlmon.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 35328 c:\windows\system32\pid.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 15360 c:\windows\system32\npp\nppagent.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 57344 c:\windows\system32\npp\ndisnpp.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 87552 c:\windows\system32\mui\0009\hhctrlui.dll

+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll

+ 2003-04-19 00:29 . 2003-04-19 00:29 82432 c:\windows\system32\msxml4r.dll

+ 1998-08-09 18:07 . 1998-08-09 18:07 94208 c:\windows\system32\MSSTKPRP.DLL

+ 2001-10-12 17:57 . 2001-10-12 17:57 36864 c:\windows\system32\mr310exv.dll

+ 2001-10-12 17:58 . 2001-10-12 17:58 28672 c:\windows\system32\mr310exd.dll

+ 2003-03-19 04:44 . 2003-03-19 04:44 49152 c:\windows\system32\MFC71KOR.DLL

+ 2003-03-19 04:44 . 2003-03-19 04:44 49152 c:\windows\system32\MFC71JPN.DLL

+ 2003-03-19 04:44 . 2003-03-19 04:44 61440 c:\windows\system32\MFC71ITA.DLL

+ 2003-03-19 04:44 . 2003-03-19 04:44 61440 c:\windows\system32\MFC71FRA.DLL

+ 2003-03-19 04:44 . 2003-03-19 04:44 61440 c:\windows\system32\MFC71ESP.DLL

+ 2003-03-19 06:44 . 2003-03-19 06:44 57344 c:\windows\system32\MFC71ENU.DLL

+ 2003-03-19 04:44 . 2003-03-19 04:44 65536 c:\windows\system32\MFC71DEU.DLL

+ 2003-03-19 04:44 . 2003-03-19 04:44 45056 c:\windows\system32\MFC71CHT.DLL

+ 2003-03-19 04:44 . 2003-03-19 04:44 40960 c:\windows\system32\MFC71CHS.DLL

+ 1998-06-18 02:08 . 1998-06-18 02:08 53248 c:\windows\system32\MFC42ENU.DLL

+ 1998-03-26 08:00 . 1998-03-26 08:00 38160 c:\windows\system32\MAPISRVR.EXE

+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll

+ 2003-01-05 05:09 . 2006-04-01 05:33 23040 c:\windows\system32\IntelNic.dll

+ 2004-08-04 00:56 . 2008-04-14 00:11 20992 c:\windows\system32\hid.dll

+ 2003-01-05 05:09 . 2006-04-01 05:33 17408 c:\windows\system32\EtCoInst.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 55296 c:\windows\system32\dvdplay.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 12032 c:\windows\system32\drivers\ws2ifsl.sys

+ 2004-08-04 10:00 . 2008-04-13 18:57 34560 c:\windows\system32\drivers\wanarp.sys

+ 2004-08-04 10:00 . 2008-04-13 18:41 52352 c:\windows\system32\drivers\volsnap.sys

+ 2004-08-04 10:00 . 2008-04-13 18:44 81664 c:\windows\system32\drivers\videoprt.sys

+ 2004-08-04 10:00 . 2008-04-13 18:44 20992 c:\windows\system32\drivers\vga.sys

+ 2001-08-17 14:02 . 2004-08-04 10:00 58112 c:\windows\system32\drivers\vdmindvd.sys

+ 2004-08-04 10:00 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys

+ 2004-08-04 10:00 . 2008-04-13 18:45 26368 c:\windows\system32\drivers\usbstor.sys

+ 2004-08-03 23:08 . 2008-04-13 18:45 15872 c:\windows\system32\drivers\usbintel.sys

+ 2004-08-04 10:00 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys

+ 2004-08-04 10:00 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys

+ 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\system32\drivers\usbcamd2.sys

+ 2001-08-17 14:03 . 2008-04-13 18:45 25600 c:\windows\system32\drivers\usbcamd.sys

+ 2004-08-04 10:00 . 2008-04-13 18:56 12800 c:\windows\system32\drivers\usb8023.sys

+ 2004-08-04 10:00 . 2008-04-13 18:32 66048 c:\windows\system32\drivers\udfs.sys

+ 2004-08-03 23:03 . 2008-04-13 18:56 12288 c:\windows\system32\drivers\tunmp.sys

+ 2001-08-17 14:06 . 2004-08-04 10:00 21376 c:\windows\system32\drivers\tsbvcap.sys

+ 2001-08-17 14:01 . 2004-08-04 10:00 51712 c:\windows\system32\drivers\tosdvd.sys

+ 2004-08-04 10:00 . 2008-04-13 19:00 19072 c:\windows\system32\drivers\tdi.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 14976 c:\windows\system32\drivers\tape.sys

+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys

+ 2004-08-03 23:09 . 2008-04-13 18:46 25344 c:\windows\system32\drivers\sonydcam.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 14592 c:\windows\system32\drivers\smclib.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 11392 c:\windows\system32\drivers\sfloppy.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 11008 c:\windows\system32\drivers\sffp_sd.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 11904 c:\windows\system32\drivers\sffdisk.sys

+ 2004-08-04 10:00 . 2008-04-13 19:15 64512 c:\windows\system32\drivers\serial.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 15744 c:\windows\system32\drivers\serenum.sys

+ 2004-08-04 10:00 . 2007-11-13 10:25 20480 c:\windows\system32\drivers\secdrv.sys

+ 2004-08-04 10:00 . 2008-04-13 18:36 79232 c:\windows\system32\drivers\sdbus.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 96384 c:\windows\system32\drivers\scsiport.sys

+ 2004-08-04 10:00 . 2008-04-13 18:56 30592 c:\windows\system32\drivers\rndismp.sys

+ 2001-08-17 13:24 . 2004-08-04 10:00 12032 c:\windows\system32\drivers\riodrv.sys

+ 2001-08-17 13:24 . 2004-08-04 10:00 12032 c:\windows\system32\drivers\rio8drv.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 34432 c:\windows\system32\drivers\rawwan.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 16512 c:\windows\system32\drivers\raspti.sys

+ 2004-08-04 10:00 . 2008-04-13 19:19 48384 c:\windows\system32\drivers\raspptp.sys

+ 2004-08-04 10:00 . 2008-04-13 18:57 41472 c:\windows\system32\drivers\raspppoe.sys

+ 2004-08-04 10:00 . 2008-04-13 19:19 51328 c:\windows\system32\drivers\rasl2tp.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 17792 c:\windows\system32\drivers\ptilink.sys

+ 2004-08-04 10:00 . 2008-04-13 18:56 69120 c:\windows\system32\drivers\psched.sys

+ 2004-08-03 22:59 . 2008-04-13 18:31 35840 c:\windows\system32\drivers\processr.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys

+ 2004-08-04 10:00 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 19712 c:\windows\system32\drivers\partmgr.sys

+ 2004-08-03 22:59 . 2008-04-13 18:40 80128 c:\windows\system32\drivers\parport.sys

+ 2004-08-03 22:59 . 2008-04-13 18:31 42752 c:\windows\system32\drivers\p3.sys

+ 2004-08-04 10:00 . 2008-04-13 18:46 61696 c:\windows\system32\drivers\ohci1394.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 55936 c:\windows\system32\drivers\nwlnkspx.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 63232 c:\windows\system32\drivers\nwlnknb.sys

+ 2004-08-04 10:00 . 2008-04-13 18:56 88320 c:\windows\system32\drivers\nwlnkipx.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 32512 c:\windows\system32\drivers\nwlnkfwd.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 12416 c:\windows\system32\drivers\nwlnkflt.sys

+ 2004-08-04 10:00 . 2008-04-13 18:32 30848 c:\windows\system32\drivers\npfs.sys

+ 2004-08-04 10:00 . 2008-04-13 18:53 40320 c:\windows\system32\drivers\nmnt.sys

+ 2001-08-17 13:24 . 2004-08-04 10:00 12032 c:\windows\system32\drivers\nikedrv.sys

+ 2004-08-03 22:58 . 2008-04-13 18:51 61824 c:\windows\system32\drivers\nic1394.sys

+ 2004-08-04 10:00 . 2008-04-13 18:56 34688 c:\windows\system32\drivers\netbios.sys

+ 2004-08-04 10:00 . 2008-04-13 18:57 40576 c:\windows\system32\drivers\ndproxy.sys

+ 2004-08-04 10:00 . 2008-04-13 19:20 91520 c:\windows\system32\drivers\ndiswan.sys

+ 2004-08-03 23:03 . 2008-04-13 18:55 14592 c:\windows\system32\drivers\ndisuio.sys

+ 2004-08-04 10:00 . 2008-04-13 18:57 10112 c:\windows\system32\drivers\ndistapi.sys

+ 2004-08-03 23:07 . 2008-04-13 18:36 15488 c:\windows\system32\drivers\mssmbios.sys

+ 2004-08-04 10:00 . 2008-04-13 18:56 35072 c:\windows\system32\drivers\msgpc.sys

+ 2004-08-04 10:00 . 2008-04-13 18:32 19072 c:\windows\system32\drivers\msfs.sys

+ 2004-08-04 10:00 . 2008-04-13 18:39 92544 c:\windows\system32\drivers\mqac.sys

+ 2004-08-04 10:00 . 2008-04-13 18:39 42368 c:\windows\system32\drivers\mountmgr.sys

+ 2004-08-03 22:58 . 2008-04-13 18:39 23040 c:\windows\system32\drivers\mouclass.sys

+ 2004-08-03 23:08 . 2008-04-13 19:00 30080 c:\windows\system32\drivers\modem.sys

+ 2004-08-03 23:07 . 2008-04-13 18:36 63744 c:\windows\system32\drivers\mf.sys

+ 2004-08-04 10:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys

+ 2004-08-04 10:00 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys

+ 2004-08-04 10:00 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys

+ 2004-08-04 10:00 . 2008-04-13 19:19 75264 c:\windows\system32\drivers\ipsec.sys

+ 2004-08-04 10:00 . 2008-04-13 18:57 20864 c:\windows\system32\drivers\ipinip.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 32896 c:\windows\system32\drivers\ipfltdrv.sys

+ 2004-08-04 10:00 . 2008-04-13 18:53 36608 c:\windows\system32\drivers\ip6fw.sys

+ 2004-08-04 10:00 . 2008-04-13 18:31 36352 c:\windows\system32\drivers\intelppm.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 42112 c:\windows\system32\drivers\imapi.sys

+ 2004-08-04 10:00 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys

+ 2004-08-04 10:00 . 2008-04-13 18:45 24960 c:\windows\system32\drivers\hidparse.sys

+ 2004-08-04 10:00 . 2008-04-13 18:45 36864 c:\windows\system32\drivers\hidclass.sys

+ 2001-08-17 13:57 . 2004-08-04 10:00 12160 c:\windows\system32\drivers\fsvga.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 20480 c:\windows\system32\drivers\flpydisk.sys

+ 2004-08-04 10:00 . 2008-04-13 18:33 44544 c:\windows\system32\drivers\fips.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 27392 c:\windows\system32\drivers\fdc.sys

+ 2004-08-04 10:00 . 2008-04-13 18:38 71168 c:\windows\system32\drivers\dxg.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 10496 c:\windows\system32\drivers\dxapi.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 14208 c:\windows\system32\drivers\diskdump.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys

+ 2004-08-03 22:59 . 2008-04-13 18:31 36736 c:\windows\system32\drivers\crusoe.sys

+ 2001-08-17 13:24 . 2004-08-04 10:00 11776 c:\windows\system32\drivers\cpqdap01.sys

+ 2004-08-04 10:00 . 2008-04-13 19:16 49536 c:\windows\system32\drivers\classpnp.sys

+ 2004-08-04 10:00 . 2008-05-02 10:49 62976 c:\windows\system32\drivers\cdrom.sys

+ 2004-08-04 10:00 . 2008-04-13 19:14 63744 c:\windows\system32\drivers\cdfs.sys

+ 2001-08-17 13:52 . 2004-08-04 10:00 18688 c:\windows\system32\drivers\cdaudio.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 13952 c:\windows\system32\drivers\cbidf2k.sys

+ 2004-08-04 10:00 . 2008-04-13 18:53 71552 c:\windows\system32\drivers\bridge.sys

+ 2004-08-04 10:00 . 2008-04-13 18:51 55808 c:\windows\system32\drivers\atmlane.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 31360 c:\windows\system32\drivers\atmepvc.sys

+ 2004-08-04 10:00 . 2008-04-13 18:51 59904 c:\windows\system32\drivers\atmarpc.sys

+ 2004-08-04 10:00 . 2008-04-13 18:40 96512 c:\windows\system32\drivers\atapi.sys

+ 2004-08-04 10:00 . 2008-04-13 18:57 14336 c:\windows\system32\drivers\asyncmac.sys

+ 2004-08-03 22:58 . 2008-04-13 18:51 60800 c:\windows\system32\drivers\arp1394.sys

+ 2004-08-03 22:59 . 2008-04-13 18:31 37760 c:\windows\system32\drivers\amdk7.sys

+ 2004-08-03 22:59 . 2008-04-13 18:31 37376 c:\windows\system32\drivers\amdk6.sys

+ 2004-08-04 10:00 . 2010-06-23 21:52 11648 c:\windows\system32\drivers\ACPIEC.sys

+ 2004-08-04 10:00 . 2008-04-13 18:46 53376 c:\windows\system32\drivers\1394bus.sys

+ 2004-08-04 00:56 . 2008-04-14 00:11 52224 c:\windows\system32\dmutil.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\xcopy.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 91648 c:\windows\system32\dllcache\xactsrv.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 32256 c:\windows\system32\dllcache\wupdmgr.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\system32\dllcache\wstdecod.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 41984 c:\windows\system32\dllcache\wsnmp32.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\wshrm.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\system32\dllcache\wshisn.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\wship6.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 36864 c:\windows\system32\dllcache\wshcon.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 12032 c:\windows\system32\dllcache\ws2ifsl.sys

+ 2004-08-04 10:00 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\wpnpinst.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 32256 c:\windows\system32\dllcache\wpabaln.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 13824 c:\windows\system32\dllcache\wowfaxui.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 10368 c:\windows\system32\dllcache\wowexec.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\dllcache\wmpui.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 99840 c:\windows\system32\dllcache\wmpshell.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\dllcache\wmpcore.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 20480 c:\windows\system32\dllcache\wmpcd.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 55808 c:\windows\system32\dllcache\wmiscmgr.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\dllcache\wmiprop.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 51200 c:\windows\system32\dllcache\wmerrenu.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 37376 c:\windows\system32\dllcache\wmdmps.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 33792 c:\windows\system32\dllcache\wmdmlog.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\dllcache\winstrm.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 11776 c:\windows\system32\dllcache\winmsd.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\system32\dllcache\win87em.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 75776 c:\windows\system32\dllcache\wiascr.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 65024 c:\windows\system32\dllcache\wextract.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 40448 c:\windows\system32\dllcache\webhits.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 43008 c:\windows\system32\dllcache\wbemperf.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 22016 c:\windows\system32\dllcache\w32topl.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 49664 c:\windows\system32\dllcache\w32tm.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\system32\dllcache\vwipxspx.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 33792 c:\windows\system32\dllcache\vssadmin.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\dllcache\vss_ps.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 18944 c:\windows\system32\dllcache\vmmreg32.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 18176 c:\windows\system32\dllcache\vga64k.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 51456 c:\windows\system32\dllcache\vga256.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 98304 c:\windows\system32\dllcache\verifier.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 26624 c:\windows\system32\dllcache\verifier.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 51712 c:\windows\system32\dllcache\vdmredir.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 30749 c:\windows\system32\dllcache\vbajet32.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 50176 c:\windows\system32\dllcache\utilman.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 25600 c:\windows\system32\dllcache\utildll.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 49211 c:\windows\system32\dllcache\usrvpa.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 45116 c:\windows\system32\dllcache\usrvoica.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 49209 c:\windows\system32\dllcache\usrv80a.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 41019 c:\windows\system32\dllcache\usrsvpia.dll

+ 2001-08-17 22:37 . 2004-08-04 10:00 69700 c:\windows\system32\dllcache\usrshuta.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 49211 c:\windows\system32\dllcache\usrsdpia.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 77883 c:\windows\system32\dllcache\usrrtosa.dll

+ 2001-08-17 22:37 . 2004-08-04 10:00 61508 c:\windows\system32\dllcache\usrprbda.exe

+ 2001-08-17 22:37 . 2004-08-04 10:00 77891 c:\windows\system32\dllcache\usrmlnka.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 53305 c:\windows\system32\dllcache\usrlbva.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 86073 c:\windows\system32\dllcache\usrfaxa.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 77890 c:\windows\system32\dllcache\usrdpa.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 69699 c:\windows\system32\dllcache\usrcoina.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 61500 c:\windows\system32\dllcache\usrcntra.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 47872 c:\windows\system32\dllcache\user.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 17920 c:\windows\system32\dllcache\ureg.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 18432 c:\windows\system32\dllcache\ups.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\upnpcont.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 13312 c:\windows\system32\dllcache\umdmxfrm.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 35840 c:\windows\system32\dllcache\umandlg.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 82432 c:\windows\system32\dllcache\ufat.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 26624 c:\windows\system32\dllcache\udhisapi.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 36352 c:\windows\system32\dllcache\typeperf.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 25600 c:\windows\system32\dllcache\twunk_32.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 49680 c:\windows\system32\dllcache\twunk_16.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 50688 c:\windows\system32\dllcache\twain_32.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 94784 c:\windows\system32\dllcache\twain.dll

+ 2004-08-04 10:00 . 2008-04-14 00:13 12168 c:\windows\system32\dllcache\tsddd.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 15360 c:\windows\system32\dllcache\tsd32.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 52224 c:\windows\system32\dllcache\tsappcmp.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 31232 c:\windows\system32\dllcache\traffic.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 31744 c:\windows\system32\dllcache\tracert6.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 12288 c:\windows\system32\dllcache\tracert.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 13888 c:\windows\system32\dllcache\toolhelp.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 73216 c:\windows\system32\dllcache\tlntsvr.exe

+ 2004-08-04 10:00 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 61440 c:\windows\system32\dllcache\tlntadmn.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 16896 c:\windows\system32\dllcache\tftp.exe

+ 2004-08-04 10:00 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 19456 c:\windows\system32\dllcache\tcpsvcs.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 45568 c:\windows\system32\dllcache\tcpmonui.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 14848 c:\windows\system32\dllcache\tcpmib.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 12288 c:\windows\system32\dllcache\tcmsetup.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 77824 c:\windows\system32\dllcache\tasklist.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 76288 c:\windows\system32\dllcache\taskkill.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 78848 c:\windows\system32\dllcache\tapiui.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 19200 c:\windows\system32\dllcache\tapi.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 33792 c:\windows\system32\dllcache\tabletoc.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 36864 c:\windows\system32\dllcache\syskey.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 15872 c:\windows\system32\dllcache\sysinv.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\sysinfo.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 18896 c:\windows\system32\dllcache\sysedit.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\synceng.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 51200 c:\windows\system32\dllcache\syncapp.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 72192 c:\windows\system32\dllcache\sprio800.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 70656 c:\windows\system32\dllcache\sprio600.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 69632 c:\windows\system32\dllcache\spnike.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 35328 c:\windows\system32\dllcache\pid.dll

+ 2004-08-03 22:58 . 2008-04-13 18:39 23040 c:\windows\system32\dllcache\mouclass.sys

+ 2001-08-17 22:36 . 2004-08-04 10:00 55296 c:\windows\system32\dllcache\dvdplay.exe

+ 2004-08-04 00:56 . 2008-04-14 00:11 52224 c:\windows\system32\dllcache\dmutil.dll

+ 2004-08-04 00:56 . 2008-04-14 00:11 47104 c:\windows\system32\cnbjmon.dll

+ 2003-03-19 05:05 . 2003-03-19 05:05 89088 c:\windows\system32\atl71.dll

+ 2001-01-22 11:25 . 2001-01-22 11:25 32768 c:\windows\system32\ATHPRXY.DLL

+ 2004-07-15 09:11 . 2004-07-15 09:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2004-07-15 07:35 . 2004-07-15 07:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll

+ 2003-02-21 14:26 . 2003-02-21 14:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll

+ 2003-02-21 14:26 . 2003-02-21 14:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll

+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_PerfCounter.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_mscorsn.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_CORPerfMonExt.dll

+ 2003-02-21 14:25 . 2003-02-21 14:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe

+ 2004-07-15 21:28 . 2004-07-15 21:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll

+ 2003-02-21 14:25 . 2003-02-21 14:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe

+ 2004-07-15 07:34 . 2004-07-15 07:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe

+ 2003-02-21 01:43 . 2003-02-21 01:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll

+ 2003-02-21 02:18 . 2003-02-21 02:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll

+ 2004-07-15 07:33 . 2004-07-15 07:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll

+ 2003-02-21 02:06 . 2003-02-21 02:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe

+ 2004-07-15 21:28 . 2004-07-15 21:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe

+ 2003-02-21 14:25 . 2003-02-21 14:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2003-02-21 14:24 . 2003-02-21 14:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll

+ 2003-02-21 14:24 . 2003-02-21 14:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll

+ 2003-02-21 14:24 . 2003-02-21 14:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe

+ 2003-02-21 14:24 . 2003-02-21 14:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll

+ 2003-02-21 02:22 . 2003-02-21 02:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll

+ 2003-02-21 14:24 . 2003-02-21 14:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe

+ 2004-07-15 21:31 . 2004-07-15 21:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll

+ 2003-10-08 21:30 . 2003-10-08 21:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe

+ 2003-02-21 11:12 . 2003-02-21 11:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe

+ 2003-02-21 14:24 . 2003-02-21 14:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll

+ 2003-02-21 14:24 . 2003-02-21 14:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll

+ 2004-07-15 18:23 . 2004-07-15 18:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe

+ 2003-02-21 14:24 . 2003-02-21 14:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe

+ 2003-02-21 14:24 . 2003-02-21 14:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe

+ 2004-07-15 08:49 . 2004-07-15 08:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

+ 2004-07-15 08:49 . 2004-07-15 08:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe

+ 2003-02-21 02:19 . 2003-02-21 02:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll

+ 2003-02-21 02:19 . 2003-02-21 02:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2003-02-21 12:00 . 2003-02-21 12:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll

+ 2003-02-21 10:55 . 2003-02-21 10:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll

+ 2003-02-21 09:59 . 2003-02-21 09:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll

+ 2002-07-26 02:13 . 2002-07-26 02:13 24576 c:\windows\Downloaded Program Files\dwusplay.dll

+ 2004-04-07 21:14 . 2004-04-07 21:14 23371 c:\windows\dell\aac\aaccin.dll

+ 2004-04-07 21:14 . 2004-04-07 21:14 48140 c:\windows\dell\aac\aac.sys

+ 2001-08-17 22:36 . 2004-08-04 10:00 3200 c:\windows\system32\wowfax.dll

+ 2004-08-04 10:00 . 2008-04-13 16:44 2560 c:\windows\system32\usmt\iconlib.dll

+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 8192 c:\windows\system32\streamci.dll

+ 2003-12-05 20:14 . 2003-12-05 20:14 9613 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2kr.dat

+ 2003-12-05 20:51 . 2003-12-05 20:51 9141 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2ct.DAT

+ 2003-12-05 20:27 . 2003-12-05 20:27 9338 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2cp.DAT

+ 2003-12-05 20:14 . 2003-12-05 20:14 9613 c:\windows\system32\spool\drivers\w32x86\3\mlcb2kr.dat

+ 2003-12-05 20:51 . 2003-12-05 20:51 9141 c:\windows\system32\spool\drivers\w32x86\3\mlcb2ct.DAT

+ 2003-12-05 20:27 . 2003-12-05 20:27 9338 c:\windows\system32\spool\drivers\w32x86\3\mlcb2cp.DAT

+ 2004-08-04 10:00 . 2004-08-04 10:00 8261 c:\windows\system32\Setup\zoneoc.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 6144 c:\windows\system32\Setup\fsconins.dll

+ 2003-02-21 01:43 . 2003-02-21 01:43 4096 c:\windows\system32\mui\0409\mscoreer.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 4352 c:\windows\system32\drivers\wmilib.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 4736 c:\windows\system32\drivers\usbd.sys

+ 2004-08-03 22:58 . 2008-04-13 18:39 4352 c:\windows\system32\drivers\swenum.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 5888 c:\windows\system32\drivers\rootmdm.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 4224 c:\windows\system32\drivers\rdpcdd.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 8832 c:\windows\system32\drivers\rasacd.sys

+ 2004-08-04 10:00 . 2001-08-17 21:51 3328 c:\windows\system32\drivers\pciide.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 6784 c:\windows\system32\drivers\parvdm.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 3456 c:\windows\system32\drivers\oprghdlr.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 2944 c:\windows\system32\drivers\null.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 4224 c:\windows\system32\drivers\mnmdd.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\system32\drivers\mcd.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 7936 c:\windows\system32\drivers\fs_rec.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 3328 c:\windows\system32\drivers\dxgthk.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 5888 c:\windows\system32\drivers\dmload.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 4224 c:\windows\system32\drivers\beep.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 8261 c:\windows\system32\dllcache\zoneoc.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 7168 c:\windows\system32\dllcache\wshnetbs.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\system32\dllcache\wshatm.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 3200 c:\windows\system32\dllcache\wowfax.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 2736 c:\windows\system32\dllcache\wowdeb.exe

+ 2004-08-04 10:00 . 2006-10-19 05:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 4096 c:\windows\system32\dllcache\wmvdmod.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 4096 c:\windows\system32\dllcache\wmsdmod.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 4352 c:\windows\system32\dllcache\wmilib.sys

+ 2004-08-04 10:00 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\winver.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 2112 c:\windows\system32\dllcache\winspool.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 2864 c:\windows\system32\dllcache\winsock.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 5120 c:\windows\system32\dllcache\winnls.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 8192 c:\windows\system32\dllcache\winhstb.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\system32\dllcache\winfax.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 9216 c:\windows\system32\dllcache\wifeman.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\system32\dllcache\vjoy.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 9344 c:\windows\system32\dllcache\vga.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 9008 c:\windows\system32\dllcache\ver.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 7680 c:\windows\system32\dllcache\vcdex.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 4096 c:\windows\system32\dllcache\unlodctr.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 7168 c:\windows\system32\dllcache\tlntsvrp.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\tapiperf.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 3072 c:\windows\system32\dllcache\systray.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 8192 c:\windows\system32\dllcache\streamci.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll

+ 2003-02-21 14:25 . 2003-02-21 14:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll

+ 2003-02-21 14:25 . 2003-02-21 14:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll

+ 2003-02-21 14:24 . 2003-02-21 14:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll

+ 2004-07-15 21:31 . 2004-07-15 21:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll

+ 2003-02-21 14:24 . 2003-02-21 14:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe

+ 2003-02-21 14:24 . 2003-02-21 14:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll

MORE TO COME...

Link to post
Share on other sites

+ 2004-08-04 00:56 . 2008-04-14 00:12 483840 c:\windows\system32\wzcsvc.dll

+ 2002-08-21 13:13 . 2002-08-21 13:13 189952 c:\windows\system32\WISPTIS.EXE

+ 2001-08-17 22:36 . 2004-08-04 10:00 102457 c:\windows\system32\usrv42a.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 323641 c:\windows\system32\usrdtea.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 155648 c:\windows\system32\usmt\sysmod_a.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 193024 c:\windows\system32\usmt\sysmod.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 188416 c:\windows\system32\usmt\script_a.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 215552 c:\windows\system32\usmt\script.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 236032 c:\windows\system32\usmt\migwiz_a.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 245248 c:\windows\system32\usmt\migwiz.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 103936 c:\windows\system32\usmt\migload.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 192512 c:\windows\system32\usmt\migism_a.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 274432 c:\windows\system32\usmt\migism.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 108544 c:\windows\system32\usmt\guitrn_a.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 133120 c:\windows\system32\usmt\guitrn.dll

+ 2004-04-02 15:03 . 2004-04-02 15:03 356352 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2UM.DLL

+ 2004-03-06 12:11 . 2004-03-06 12:11 114500 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2UI.DLL

+ 2004-01-05 17:44 . 2004-01-05 17:44 991232 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2SU.DLL

+ 2003-12-13 15:00 . 2003-12-13 15:00 184320 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2CM.DLL

+ 2004-03-06 12:11 . 2004-03-06 12:11 834112 c:\windows\system32\spool\drivers\w32x86\samsungclp_550d11b\mlcb2.DLL

+ 2002-10-07 01:11 . 2002-10-07 01:11 455168 c:\windows\system32\spool\drivers\w32x86\PSCRIPT5.DLL

+ 2002-10-07 01:11 . 2002-10-07 01:11 129024 c:\windows\system32\spool\drivers\w32x86\PS5UI.DLL

+ 2002-10-07 01:11 . 2008-04-14 00:12 543232 c:\windows\system32\spool\drivers\w32x86\3\pscript5.dll

+ 2002-10-07 01:11 . 2008-04-14 00:12 728576 c:\windows\system32\spool\drivers\w32x86\3\ps5ui.dll

+ 2004-04-02 15:03 . 2004-04-02 15:03 356352 c:\windows\system32\spool\drivers\w32x86\3\mlcb2UM.DLL

+ 2004-03-06 12:11 . 2004-03-06 12:11 114500 c:\windows\system32\spool\drivers\w32x86\3\MLCB2UI.DLL

+ 2004-01-05 17:44 . 2004-01-05 17:44 991232 c:\windows\system32\spool\drivers\w32x86\3\mlcb2SU.DLL

+ 2003-12-13 15:00 . 2003-12-13 15:00 184320 c:\windows\system32\spool\drivers\w32x86\3\mlcb2CM.DLL

+ 2004-03-06 12:11 . 2004-03-06 12:11 834112 c:\windows\system32\spool\drivers\w32x86\3\MLCB2.DLL

+ 2004-08-04 10:00 . 2008-04-14 00:12 130048 c:\windows\system32\Setup\tsoc.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 101376 c:\windows\system32\Setup\setupqry.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 126976 c:\windows\system32\Setup\netfxocm.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 170496 c:\windows\system32\Setup\msmqocm.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 123392 c:\windows\system32\Setup\imsinsnt.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 505344 c:\windows\system32\Setup\iis.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 132608 c:\windows\system32\Setup\fxsocm.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 274944 c:\windows\system32\Setup\comsetup.dll

+ 2000-04-04 01:52 . 2000-04-04 01:52 151552 c:\windows\system32\RDOCURS.DLL

+ 2003-01-05 05:09 . 2006-04-01 05:33 126976 c:\windows\system32\Prounstl.exe

+ 2003-11-25 23:32 . 2003-11-25 23:32 123392 c:\windows\system32\Pncrt.dll

+ 1998-12-09 02:53 . 1998-12-09 02:53 212480 c:\windows\system32\PCDLIB32.DLL

+ 2001-08-17 22:36 . 2004-08-04 10:00 157696 c:\windows\system32\paqsp.dll

+ 2004-04-20 22:00 . 2004-04-20 22:00 172032 c:\windows\system32\OptimFROG.dll

+ 2004-08-04 10:00 . 2008-04-13 18:36 773632 c:\windows\system32\mui\0C0A\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 196096 c:\windows\system32\mui\0C0A\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 446464 c:\windows\system32\mui\0C0A\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 751616 c:\windows\system32\mui\0816\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 194560 c:\windows\system32\mui\0816\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 435200 c:\windows\system32\mui\0816\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 470016 c:\windows\system32\mui\0804\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 161280 c:\windows\system32\mui\0804\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 270336 c:\windows\system32\mui\0804\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 189952 c:\windows\system32\mui\0427\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 188928 c:\windows\system32\mui\0426\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 186880 c:\windows\system32\mui\0425\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 732160 c:\windows\system32\mui\0424\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 192512 c:\windows\system32\mui\0424\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 408576 c:\windows\system32\mui\0424\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 724480 c:\windows\system32\mui\041f\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 188928 c:\windows\system32\mui\041f\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:41 390144 c:\windows\system32\mui\041f\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 188416 c:\windows\system32\mui\041e\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 724480 c:\windows\system32\mui\041D\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 188928 c:\windows\system32\mui\041D\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 363008 c:\windows\system32\mui\041D\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 757248 c:\windows\system32\mui\041b\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 192512 c:\windows\system32\mui\041b\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 405504 c:\windows\system32\mui\041b\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 188928 c:\windows\system32\mui\041a\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 736768 c:\windows\system32\mui\0419\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 192512 c:\windows\system32\mui\0419\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 427008 c:\windows\system32\mui\0419\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 190464 c:\windows\system32\mui\0418\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 752128 c:\windows\system32\mui\0416\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 192512 c:\windows\system32\mui\0416\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 409600 c:\windows\system32\mui\0416\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 759808 c:\windows\system32\mui\0415\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 194560 c:\windows\system32\mui\0415\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 391680 c:\windows\system32\mui\0415\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 716288 c:\windows\system32\mui\0414\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 189440 c:\windows\system32\mui\0414\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 353792 c:\windows\system32\mui\0414\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:38 769024 c:\windows\system32\mui\0413\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 196096 c:\windows\system32\mui\0413\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 401920 c:\windows\system32\mui\0413\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:37 543744 c:\windows\system32\mui\0412\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 167936 c:\windows\system32\mui\0412\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 306688 c:\windows\system32\mui\0412\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:37 562688 c:\windows\system32\mui\0411\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 171008 c:\windows\system32\mui\0411\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 275456 c:\windows\system32\mui\0411\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:37 769536 c:\windows\system32\mui\0410\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 195072 c:\windows\system32\mui\0410\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 413696 c:\windows\system32\mui\0410\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:37 769536 c:\windows\system32\mui\040e\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 195584 c:\windows\system32\mui\040e\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 434176 c:\windows\system32\mui\040e\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 181760 c:\windows\system32\mui\040D\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 384000 c:\windows\system32\mui\040D\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:36 793088 c:\windows\system32\mui\040C\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 197632 c:\windows\system32\mui\040C\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 410624 c:\windows\system32\mui\040C\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:36 729088 c:\windows\system32\mui\040b\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 186368 c:\windows\system32\mui\040b\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 405504 c:\windows\system32\mui\040b\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:36 801280 c:\windows\system32\mui\0408\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 197632 c:\windows\system32\mui\0408\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 419328 c:\windows\system32\mui\0408\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:37 788480 c:\windows\system32\mui\0407\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 199680 c:\windows\system32\mui\0407\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 403456 c:\windows\system32\mui\0407\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:36 742912 c:\windows\system32\mui\0406\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 192000 c:\windows\system32\mui\0406\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 418816 c:\windows\system32\mui\0406\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:36 734720 c:\windows\system32\mui\0405\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 188928 c:\windows\system32\mui\0405\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 428032 c:\windows\system32\mui\0405\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:36 477696 c:\windows\system32\mui\0404\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 161280 c:\windows\system32\mui\0404\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 212480 c:\windows\system32\mui\0404\xpob2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 189440 c:\windows\system32\mui\0402\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 186880 c:\windows\system32\mui\0401\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:40 393728 c:\windows\system32\mui\0401\xpob2res.dll

+ 2003-02-21 12:42 . 2003-02-21 12:42 348160 c:\windows\system32\msvcr71.dll

+ 2003-03-19 06:14 . 2003-03-19 06:14 499712 c:\windows\system32\msvcp71.dll

+ 2000-05-24 05:45 . 2000-05-24 05:45 118784 c:\windows\system32\MSSTDFMT.DLL

+ 2000-05-11 21:06 . 2000-05-11 21:06 397312 c:\windows\system32\MSRDO20.DLL

+ 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv

+ 2004-04-01 21:34 . 2004-04-01 21:34 102400 c:\windows\system32\mr310ifv.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 147968 c:\windows\system32\mdwmdmsp.dll

+ 1998-10-01 20:00 . 1998-10-01 20:00 520128 c:\windows\system32\MAPI.DLL

+ 2002-08-21 13:10 . 2002-08-21 13:10 204800 c:\windows\system32\INKED.DLL

+ 2001-05-30 07:00 . 2001-05-30 07:00 352256 c:\windows\system32\ijl15.dll

+ 2003-01-05 05:09 . 2006-04-01 05:33 163840 c:\windows\system32\e1000msg.dll

+ 2004-03-30 18:29 . 2004-03-30 18:29 118106 c:\windows\system32\DRVSTORE\mr97310v_d627f051ae9bfa697d2ded113879197412f3f2b1\mr97310v.sys

+ 2004-08-04 10:00 . 2008-04-13 18:45 143872 c:\windows\system32\drivers\usbport.sys

+ 2004-08-04 10:00 . 2008-04-13 18:39 384768 c:\windows\system32\drivers\update.sys

+ 2004-08-04 10:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys

+ 2004-08-04 10:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys

+ 2004-08-04 10:00 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys

+ 2004-08-04 10:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys

+ 2004-08-04 10:00 . 2008-04-13 19:28 175744 c:\windows\system32\drivers\rdbss.sys

+ 2004-08-04 10:00 . 2008-04-13 18:36 120192 c:\windows\system32\drivers\pcmcia.sys

+ 2004-08-04 10:00 . 2008-04-13 18:34 163584 c:\windows\system32\drivers\nwrdr.sys

+ 2004-08-04 10:00 . 2008-04-13 19:15 574976 c:\windows\system32\drivers\ntfs.sys

+ 2004-08-04 10:00 . 2008-04-13 19:21 162816 c:\windows\system32\drivers\netbt.sys

+ 2004-08-04 10:00 . 2008-04-13 19:20 182656 c:\windows\system32\drivers\ndis.sys

+ 2004-08-04 10:00 . 2008-04-13 19:17 105344 c:\windows\system32\drivers\mup.sys

+ 2004-08-04 10:00 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys

+ 2004-08-04 10:00 . 2008-04-13 18:32 180608 c:\windows\system32\drivers\mrxdav.sys

+ 2004-03-30 18:29 . 2004-03-30 18:29 118106 c:\windows\system32\drivers\mr97310v.sys

+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys

+ 2004-08-04 10:00 . 2008-04-13 18:57 152832 c:\windows\system32\drivers\ipnat.sys

+ 2004-08-04 10:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 125056 c:\windows\system32\drivers\ftdisk.sys

+ 2004-08-04 10:00 . 2008-04-13 19:14 143744 c:\windows\system32\drivers\fastfat.sys

+ 2003-01-05 05:09 . 2006-04-01 05:33 177152 c:\windows\system32\drivers\e1000325.sys

+ 2004-08-04 10:00 . 2008-04-13 18:44 153344 c:\windows\system32\drivers\dmio.sys

+ 2004-08-04 10:00 . 2008-04-13 18:44 799744 c:\windows\system32\drivers\dmboot.sys

+ 2001-08-17 14:02 . 2004-08-04 10:00 262528 c:\windows\system32\drivers\cinemst2.sys

+ 2004-08-04 10:00 . 2004-08-04 10:00 352256 c:\windows\system32\drivers\atmuni.sys

+ 2004-08-04 10:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys

+ 2004-08-04 10:00 . 2008-04-13 18:36 187776 c:\windows\system32\drivers\acpi.sys

+ 2004-08-04 10:00 . 2008-04-13 17:39 187392 c:\windows\system32\dllcache\xpsp1res.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 129024 c:\windows\system32\dllcache\xmlprov.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 174200 c:\windows\system32\dllcache\xenroll.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 108032 c:\windows\system32\dllcache\wshbth.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 604160 c:\windows\system32\dllcache\wsecedit.dll

+ 2004-08-04 10:00 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 303616 c:\windows\system32\dllcache\wmstream.dll

+ 2004-08-04 10:00 . 2009-04-02 06:02 604160 c:\windows\system32\dllcache\wmspdmod.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 115200 c:\windows\system32\dllcache\wmsdmoe.dll

+ 2004-08-04 10:00 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 242688 c:\windows\system32\dllcache\wmpasf.dll

+ 2004-08-04 10:00 . 2008-06-18 13:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 157184 c:\windows\system32\dllcache\wmidx.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 227328 c:\windows\system32\dllcache\wmerror.dll

+ 2004-08-04 10:00 . 2007-10-28 01:40 222720 c:\windows\system32\dllcache\wmasf.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 757248 c:\windows\system32\dllcache\WMADMOD.dll

+ 2004-08-04 10:00 . 2008-04-14 00:11 756224 c:\windows\system32\dllcache\winntbbu.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 283648 c:\windows\system32\dllcache\winhlp32.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 256192 c:\windows\system32\dllcache\winhelp.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 145408 c:\windows\system32\dllcache\wiavusd.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 111104 c:\windows\system32\dllcache\wiavideo.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 124416 c:\windows\system32\dllcache\wiadss.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 463360 c:\windows\system32\dllcache\wiadefui.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 135680 c:\windows\system32\dllcache\webvw.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 215552 c:\windows\system32\dllcache\wavemsp.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 289792 c:\windows\system32\dllcache\vssvc.exe

+ 2001-08-17 22:36 . 2004-08-04 10:00 102457 c:\windows\system32\dllcache\usrv42a.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 323641 c:\windows\system32\dllcache\usrdtea.dll

+ 2004-08-04 10:00 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 239616 c:\windows\system32\dllcache\upnpui.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 316416 c:\windows\system32\dllcache\untfs.dll

+ 2004-08-04 10:00 . 2007-06-27 06:10 317440 c:\windows\system32\dllcache\unregmp2.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 275456 c:\windows\system32\dllcache\ulib.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 177856 c:\windows\system32\dllcache\typelib.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 101376 c:\windows\system32\dllcache\txflog.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 130048 c:\windows\system32\dllcache\tsoc.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 259584 c:\windows\system32\dllcache\tracerpt.exe

+ 2004-08-04 10:00 . 2008-04-14 00:12 358400 c:\windows\system32\dllcache\termmgr.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 858624 c:\windows\system32\dllcache\tapi3.dll

+ 2004-08-04 10:00 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 990208 c:\windows\system32\dllcache\syssetup.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 106496 c:\windows\system32\dllcache\sysocmgr.exe

+ 2004-08-04 10:00 . 2004-08-04 10:00 155648 c:\windows\system32\dllcache\sysmod_a.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 193024 c:\windows\system32\dllcache\sysmod.dll

+ 2004-08-04 10:00 . 2008-04-14 00:12 191488 c:\windows\system32\dllcache\syncui.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 138752 c:\windows\system32\dllcache\swprv.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 157696 c:\windows\system32\dllcache\paqsp.dll

+ 2001-08-17 22:36 . 2004-08-04 10:00 147968 c:\windows\system32\dllcache\mdwmdmsp.dll

+ 2004-07-15 18:23 . 2004-07-15 18:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe

+ 2004-07-15 21:31 . 2004-07-15 21:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll

+ 2004-07-15 21:31 . 2004-07-15 21:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll

+ 2004-07-15 21:31 . 2004-07-15 21:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll

+ 2004-07-15 21:31 . 2004-07-15 21:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll

+ 2004-07-15 21:31 . 2004-07-15 21:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll

+ 2004-07-15 07:35 . 2004-07-15 07:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll

+ 2003-02-21 02:09 . 2003-02-21 02:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll

+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_msvcr71.dll

+ 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_mscorjit.dll

+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_fusion.dll

+ 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_aspnet_isapi.dll

+ 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll

+ 2004-07-15 07:33 . 2004-07-15 07:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll

+ 2003-02-21 01:43 . 2003-02-21 01:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll

+ 2004-07-15 07:32 . 2004-07-15 07:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll

+ 2004-07-15 21:28 . 2004-07-15 21:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll

+ 2004-07-15 07:35 . 2004-07-15 07:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe

+ 2004-07-15 07:24 . 2004-07-15 07:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll

+ 2003-02-21 02:16 . 2003-02-21 02:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll

+ 2003-02-21 17:21 . 2003-02-21 17:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll

+ 2004-07-15 18:23 . 2004-07-15 18:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll

+ 2002-07-29 18:11 . 2002-07-29 18:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll

+ 2003-02-21 12:04 . 2003-02-21 12:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll

+ 2003-02-21 10:02 . 2003-02-21 10:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll

+ 2002-07-26 02:13 . 2002-07-26 02:13 196608 c:\windows\Downloaded Program Files\dwusplay.exe

+ 2004-06-15 18:07 . 2004-06-15 18:07 241815 c:\windows\dell\aarich\aarich.sys

+ 2004-04-07 21:14 . 2004-04-07 21:14 167755 c:\windows\dell\aac\aacevt.exe

+ 2004-08-04 10:00 . 2008-04-13 18:37 2842112 c:\windows\system32\mui\040D\xpsp2res.dll

+ 2004-08-04 10:00 . 2008-04-13 18:35 2869248 c:\windows\system32\mui\0401\xpsp2res.dll

+ 2003-03-19 05:12 . 2003-03-19 05:12 1047552 c:\windows\system32\mfc71u.dll

+ 2003-03-19 07:20 . 2003-03-19 07:20 1060864 c:\windows\system32\mfc71.dll

+ 2004-08-04 10:00 . 2010-04-06 11:52 2462720 c:\windows\system32\dllcache\WMVCore.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 1329152 c:\windows\system32\dllcache\wmspdmoe.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 8231936 c:\windows\system32\dllcache\wmploc.dll

+ 2004-08-04 10:00 . 2006-10-19 05:47 1117696 c:\windows\system32\dllcache\wmadmoe.dll

+ 2004-08-04 10:00 . 2004-08-04 10:00 3374640 c:\windows\system32\dllcache\tourW.exe

+ 2004-07-15 15:15 . 2004-07-15 15:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll

+ 2004-07-15 21:32 . 2004-07-15 21:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll

+ 2004-07-15 21:32 . 2004-07-15 21:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll

+ 2004-07-15 07:28 . 2004-07-15 07:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_mscorwks.dll

+ 2004-07-15 07:26 . 2004-07-15 07:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_mscorsvr.dll

+ 2004-07-15 21:29 . 2004-07-15 21:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2392\_mscorlib.dll

+ 2003-02-21 14:25 . 2003-02-21 14:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll

+ 2004-08-04 10:00 . 2010-08-26 06:36 10841088 c:\windows\system32\dllcache\wmp.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StacSysTray"="c:\program files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe" [2004-04-29 102400]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Fbijijamehigatag"="c:\windows\itedufodizir.dll" [bU]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

IEEE 802.11g USB Wireless LAN Utility.lnk - c:\program files\Wireless LAN\WLanUtil.exe [2007-11-27 393216]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\Rob\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

2005-04-05 02:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-09-08 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-03-29 22:41 222128 ----a-w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-12-17 16:50 19968 ------w- c:\windows\LOGI_MWX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-11-30 06:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]

2009-06-25 21:30 338456 ----a-w- c:\program files\Starfield\Desktop Notifier\wben.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\Program Files\\Halo\\halo.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\Program Files\\Download Accelerator Plus\\DAP.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\VLC\\SlimDVD\\vlc.exe"=

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/27/2010 9:09 PM 136360]

S2 SigService;Sigmatel Service;c:\program files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe [11/27/2007 8:49 PM 81920]

S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys --> c:\windows\system32\drivers\klmd.sys [?]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 11:29 AM 118106]

S3 pnicml;pnicml;\??\c:\docume~1\Rob\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\Rob\LOCALS~1\Temp\pnicml.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - klmd25

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROB-CCA219EB460-Rob.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-28 10:44]

.

2011-05-21 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]

.

.

------- Supplementary Scan -------

.

IE: &Clean Traces - c:\program files\Download Accelerator Plus\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\Download Accelerator Plus\dapextie.htm

IE: Download &all with DAP - c:\program files\Download Accelerator Plus\dapextie2.htm

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-20 19:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c0,e0,d6,b4,b9,a1,21,c7,f5,b5,bc,c5,9c,55,e8,60,9d,3f,ce,d0,10,24,71,

30,0a,f7,e7,0c,f5,a5,a1,d0,da,3d,75,c8,97,9d,91,8a,77,88,6e,b4,6a,66,9c,b3,\

"??"=hex:59,52,4d,96,40,27,6e,8f,7c,35,3d,81,cd,0f,89,4c

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:c2,1e,91,d7,9c,ef,c0,ad,7f,a9,be,b9,ef,ec,85,23,86,18,f1,f2,41,

6c,29,51,55,a2,cd,23,74,8d,c0,a9,68,0c,02,cf,15,85,69,26,eb,9d,4f,2c,a3,09,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(152)

c:\windows\system32\WININET.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-05-20 19:59:36

ComboFix-quarantined-files.txt 2011-05-21 02:59

ComboFix2.txt 2011-05-18 22:31

ComboFix3.txt 2010-06-23 04:35

ComboFix4.txt 2010-06-22 19:27

ComboFix5.txt 2011-05-21 02:44

.

Pre-Run: 20,695,674,880 bytes free

Post-Run: 20,792,786,944 bytes free

.

- - End Of File - - 3DB62CB891C219570850DEA296A9BB1D

Link to post
Share on other sites

  • Staff

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
pnicml
klmd23
KILLALL::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fbijijamehigatag"=-

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Chris,

Did as instructed and noticed that running that script immediately closed that RUNDLL error I told you about. I had not clicked or closed it as I knew it is probably remnants of the rootkit. I installed the Recovery Console by way of ComboFix AFTER the requested scans and re-ran both ComboFix and DDS and have those logs as well if you want them.

Any idea why I can't post both logs in one reply?

Here are the logs you requested (before Recovery Console install):

ComboFix:

ComboFix 11-05-25.01 - Rob 05/25/2011 13:36:52.10.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT -7:00]

Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Pro Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Rob\Local Settings\Application Data\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}

c:\documents and settings\Rob\Local Settings\Application Data\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}\chrome.manifest

c:\documents and settings\Rob\Local Settings\Application Data\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}\chrome\content\_cfg.js

c:\documents and settings\Rob\Local Settings\Application Data\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}\chrome\content\overlay.xul

c:\documents and settings\Rob\Local Settings\Application Data\{2CA8BCE2-87DA-4759-8031-2119A5137D1C}\install.rdf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_KLMD23

-------\Legacy_PNICML

-------\Service_klmd23

-------\Service_pnicml

.

.

((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))

.

.

2011-05-15 18:35 . 2011-05-15 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2011-04-28 17:47 . 2011-04-28 17:47 -------- d-----w- c:\documents and settings\Rob\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-04-28 02:59 . 2011-05-07 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-04-28 02:47 . 2011-04-28 02:47 -------- d-----w- c:\program files\Adobe Media Player

2011-04-28 02:37 . 2011-04-28 02:55 -------- d-----w- c:\program files\Adobe CS5

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 19:27 . 2010-06-28 04:09 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StacSysTray"="c:\program files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe" [2004-04-29 102400]

"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

IEEE 802.11g USB Wireless LAN Utility.lnk - c:\program files\Wireless LAN\WLanUtil.exe [2007-11-27 393216]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\Rob\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

2005-04-05 02:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

2005-09-08 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2007-03-29 22:41 222128 ----a-w- c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

2003-12-17 16:50 19968 ------w- c:\windows\LOGI_MWX.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-11-30 06:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wben]

2009-06-25 21:30 338456 ----a-w- c:\program files\Starfield\Desktop Notifier\wben.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=

"c:\\Program Files\\Halo\\halo.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\Program Files\\Download Accelerator Plus\\DAP.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\VLC\\SlimDVD\\vlc.exe"=

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/27/2010 9:09 PM 136360]

R2 SigService;Sigmatel Service;c:\program files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe [11/27/2007 8:49 PM 81920]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 11:29 AM 118106]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROB-CCA219EB460-Rob.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-04-28 10:44]

.

2011-05-25 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]

.

.

------- Supplementary Scan -------

.

IE: &Clean Traces - c:\program files\Download Accelerator Plus\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\Download Accelerator Plus\dapextie.htm

IE: Download &all with DAP - c:\program files\Download Accelerator Plus\dapextie2.htm

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-25 13:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c0,e0,d6,b4,b9,a1,21,c7,f5,b5,bc,c5,9c,55,e8,60,9d,3f,ce,d0,10,24,71,

30,0a,f7,e7,0c,f5,a5,a1,d0,da,3d,75,c8,97,9d,91,8a,77,88,6e,b4,6a,66,9c,b3,\

"??"=hex:59,52,4d,96,40,27,6e,8f,7c,35,3d,81,cd,0f,89,4c

.

[HKEY_USERS\S-1-5-21-1644491937-562591055-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:c2,1e,91,d7,9c,ef,c0,ad,7f,a9,be,b9,ef,ec,85,23,86,18,f1,f2,41,

6c,29,51,55,a2,cd,23,74,8d,c0,a9,68,0c,02,cf,15,85,69,26,eb,9d,4f,2c,a3,09,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(780)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2540)

c:\windows\system32\WININET.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe

c:\program files\Logitech\MouseWare\system\em_exec.exe

.

**************************************************************************

.

Completion time: 2011-05-25 13:56:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-25 20:56

ComboFix2.txt 2011-05-21 02:59

ComboFix3.txt 2011-05-18 22:31

ComboFix4.txt 2010-06-23 04:35

ComboFix5.txt 2011-05-25 20:35

.

Pre-Run: 20,708,356,096 bytes free

Post-Run: 20,730,662,912 bytes free

.

- - End Of File - - EBEB548BAE09DE643E6E4F42594D0877

DDS Log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Rob at 13:59:10.23 on Wed 05/25/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.537 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Pro Firewall *Disabled*

.

============== Running Processes ===============

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\sigservice.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\wscntfy.exe

C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Wireless LAN\WLanUtil.exe

C:\windows\explorer.exe

C:\Documents and Settings\Rob\Desktop\May VIRUS Fix\dds.scr

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\downlo~1\DAPIEL~1.DLL

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

mRun: [stacSysTray] c:\program files\sigmatel\c-major audio\controlpanel\StacSysTray.exe

mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ieee80~1.lnk - c:\program files\wireless lan\WLanUtil.exe

mPolicies-explorer: <NO NAME> =

IE: &Clean Traces - c:\program files\download accelerator plus\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\download accelerator plus\dapextie.htm

IE: Download &all with DAP - c:\program files\download accelerator plus\dapextie2.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: Web-Based Email Tools - hxxps://email.secureserver.net/Download.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196226844085

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-27 11608]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-28 270672]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-27 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-27 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-27 61960]

R2 SigService;Sigmatel Service;c:\program files\sigmatel\c-major audio\controlpanel\sigservice.exe [2007-11-27 81920]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

.

=============== Created Last 30 ================

.

2011-05-18 21:37:55 98816 ----a-w- c:\windows\sed.exe

2011-05-18 21:37:55 89088 ----a-w- c:\windows\MBR.exe

2011-05-18 21:37:55 256512 ----a-w- c:\windows\PEV.exe

2011-05-18 21:37:55 161792 ----a-w- c:\windows\SWREG.exe

2011-04-28 17:47:27 -------- d-----w- c:\docume~1\rob\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-04-28 02:59:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2011-04-28 02:37:12 -------- d-----w- c:\program files\Adobe CS5

.

==================== Find3M ====================

.

2011-05-18 21:46:37 0 ----a-w- c:\windows\Rxesalifipulukel.bin

.

============= FINISH: 13:59:32.39 ===============

Link to post
Share on other sites

  • Staff

Hi,

There is a character limit per reply; if need be, please use multiple posts to reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Chris,

Here are the logs:

ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=1

# version=7

# IEXPLORE.EXE=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=644592c05d3247479465898e8682da1e

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-29 10:56:47

# local_time=2011-05-29 03:56:47 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775145 100 93 1380083 43122246 482269 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 55 37848433 215972906 0 0

# scanned=140569

# found=12

# cleaned=12

# scan_time=5351

C:\Documents and Settings\Rob\My Documents\Downloaded Programs\CASINOS\Captain Cooks Casino (non-US facing - in UK).exe Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Rob\My Documents\Downloaded Programs\CASINOS\Go Casino.exe Win32/CazinoSilver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Rob\My Documents\Downloaded Programs\CASINOS\Slots Galore Casino ($1,000 bonus).exe Win32/CazinoSilver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Rob\My Documents\Downloaded Programs\CASINOS\VIP Slots Casino ($777 bonus).exe Win32/CazinoSilver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Microgaming\Casino\CaptainCooks\install.exe Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Rob\Local Settings\Application Data\{782B83DA-814E-46C7-8739-473536BB1E42}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\itedufodizir.dll.vir a variant of Win32/Kryptik.NCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E6C92DD5-2293-4E7E-A87E-7776BBF2347F}\RP121\A0090334.dll a variant of Win32/Kryptik.NMN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E6C92DD5-2293-4E7E-A87E-7776BBF2347F}\RP129\A0098000.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E6C92DD5-2293-4E7E-A87E-7776BBF2347F}\RP129\A0098003.dll a variant of Win32/Kryptik.NCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E6C92DD5-2293-4E7E-A87E-7776BBF2347F}\RP133\A0101930.exe Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# IEXPLORE.EXE=7.00.6000.17091 (vista_gdr.100824-1500)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=644592c05d3247479465898e8682da1e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-30 12:51:01

# local_time=2011-05-29 05:51:01 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775145 100 93 1385747 43127910 487933 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 75 55 37854097 215978570 0 0

# scanned=136259

# found=0

# cleaned=0

# scan_time=6540

Security Checkup Log:

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

ZoneAlarm Pro

Antivirus out of date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java DB 10.5.3.0

Java 6 Update 23

Java SE Development Kit 6 Update 20

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Don't seem to have any residuals so can I update my software and see what happens?

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

HijackThis 2.0.2

Java DB 10.5.3.0

Java

Link to post
Share on other sites

All uninstalls were successful except for Java 6 Update 23.

C:\Documents and Settings\Rob\Application Data\Sun\Java\jre1.6.0_10\

only has 1 file: Izma.dll

missing jre1.6.0)10-c.msi

"Installation source for this product is not avail."

Installed Java 6 Update 25

Adobe Reader X (10.0.1)

Adobe Flash Player 10.3.181.16

Windows Updates:

Not Installed: .NET Framework 3.5 Svc Pack 1 and .NET Framework 3.5

Family Update for .NET versions 2.0 - 3.5 (KB951847) x86

Silverlight Updates

Not sure if these update failures are due to my new hard drive or ?

Further suggestions?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.