Backdoor virus?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Backdoor virus?

Post by Marc0c on Fri 06 May 2011, 2:10 pm

Hi,

I think a virus has infected my svchost file. When I turn on my computer and connect to the internet svchost goes crazy and starts sucking my cpu speed. So I end its task and it helps a bit, but when I use the internet, Norton pops up with all of these security alerts:



The virus also seems to be changing the theme or border of my windows opened:



Here's my log:

OTL logfile created on: 5/6/2011 9:59:01 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 595.10 Gb Total Space | 523.26 Gb Free Space | 87.93% Space Free | Partition Type: NTFS

Computer Name: OWNER-1DGH5EX7D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 22:23:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
PRC - [2011/04/23 14:56:03 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/13 14:10:42 | 025,589,600 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\DriverUpdate\DriverUpdate.exe
PRC - [2011/02/17 06:21:58 | 002,190,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/11 06:25:52 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:32:46 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/23 12:44:35 | 000,120,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
PRC - [2010/01/04 20:14:40 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/15 17:12:26 | 001,503,232 | ---- | M] () -- C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
PRC - [2006/04/25 17:30:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 22:23:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/01/04 20:14:28 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/02/15 05:38:06 | 007,421,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/23 12:44:35 | 000,120,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/03/21 19:25:00 | 003,548,504 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/04 20:14:40 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2006/04/25 17:30:38 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 09:56:21 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/03/31 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110505.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110505.022\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/30 17:17:22 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110505.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:54:00 | 000,296,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/19 04:32:56 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/01 15:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/05 03:09:56 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/04 20:14:45 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/04 20:14:42 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/01/04 20:14:42 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/01/04 20:14:42 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/04 20:14:42 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/01/04 20:14:42 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/04 20:14:42 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/04 20:14:42 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/01/04 20:14:42 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/01/04 20:14:42 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/01/04 20:14:42 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/01/04 20:14:42 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008/09/16 05:40:16 | 001,343,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007/06/11 20:06:26 | 000,083,200 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rr172x.sys -- (rr172x)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/05 05:33:24 | 000,472,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311T13.sys -- (AR5211)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/28 17:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/30 14:45:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 22:24:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 12:46:16 | 000,000,000 | ---D | M]

[2011/04/03 21:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/06 09:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/05 22:32:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/06 09:53:20 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2011/04/30 14:45:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/05 22:31:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/29 19:54:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2011/05/05 22:31:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/30 21:00:58 | 000,432,497 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14911 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DriverUpdate] C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: evony.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([[You must be registered and logged in to see this link.] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} [You must be registered and logged in to see this link.] (UploadListView Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} [You must be registered and logged in to see this link.] (MGLaunch_v1004 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 10:04:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 09:56:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/05 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/05 22:32:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/05 22:32:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/05 22:32:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/05 22:32:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/04 16:51:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/04/30 16:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SlimWare Utilities Inc
[2011/04/30 16:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate
[2011/04/30 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2011/04/30 16:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/04/23 15:38:42 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/04/23 15:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/04/23 15:10:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/23 15:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/23 15:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/04/23 15:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/23 14:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/19 15:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Tific
[2011/04/19 15:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2011/04/19 15:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2011/04/19 15:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200080.00D
[2011/04/19 15:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2011/04/19 15:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton PC Checkup
[2011/04/19 14:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/19 14:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/19 14:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/04/19 12:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/19 12:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/19 12:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/19 12:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/04/19 12:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Winamp Detector Plug-in
[2011/04/19 12:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/04/19 12:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/19 12:46:16 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/19 12:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Secunia PSI
[2011/04/19 12:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/04/18 23:47:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/18 22:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/18 19:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/04/18 19:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/18 18:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/18 18:26:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/18 18:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/18 18:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/18 18:26:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/18 18:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 18:24:38 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/04/18 18:06:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/18 18:03:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/18 18:03:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/18 18:03:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/18 18:03:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/18 18:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/18 18:02:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/18 18:01:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/17 13:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/17 13:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/17 12:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/17 12:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/16 18:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cyberlink
[2011/04/16 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/12 21:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/12 15:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cell Music
[2010/02/03 20:13:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/06 10:07:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 09:58:53 | 114,275,020 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/06 09:56:21 | 000,011,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/05/06 09:52:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 23:03:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled1.bmp
[2011/05/05 22:58:31 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2011/05/05 22:31:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/05 22:31:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/05 22:31:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/05 22:31:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/05 22:31:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/05 21:42:09 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-725345543-1003UA.job
[2011/05/05 18:42:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-725345543-1003Core.job
[2011/05/05 18:10:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/30 23:06:36 | 000,464,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 23:06:36 | 000,078,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 21:00:58 | 000,432,497 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/30 20:59:27 | 000,435,316 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110430_205917.reg
[2011/04/30 16:28:28 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
[2011/04/30 15:14:01 | 000,009,856 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110430_151351.reg
[2011/04/30 14:45:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/30 14:41:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/23 17:50:48 | 000,436,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20110423_175021.reg
[2011/04/19 15:33:19 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.LNK
[2011/04/19 14:59:04 | 000,431,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110430-210058.backup
[2011/04/19 12:58:13 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/19 12:40:24 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/18 18:16:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110419-145904.backup
[2011/04/18 18:06:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/18 16:15:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hfiromor.dat
[2011/04/18 16:15:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sbuxiwes.bin
[2011/04/16 20:04:18 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/04/13 19:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/12 18:54:43 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/09 23:27:05 | 000,101,803 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WMC_2010_web-341x1024.jpg
[2011/04/09 23:26:40 | 000,322,622 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\IDJ-n-Thrive-WMC-Flyer.jpg

========== Files Created - No Company Name ==========

[2011/05/06 09:58:53 | 114,275,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/05 23:03:35 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled1.bmp
[2011/05/05 22:58:30 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2011/04/30 20:59:20 | 000,435,316 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110430_205917.reg
[2011/04/30 16:28:46 | 000,011,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/04/30 16:28:28 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
[2011/04/30 15:13:54 | 000,009,856 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110430_151351.reg
[2011/04/30 14:41:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/23 17:50:24 | 000,436,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20110423_175021.reg
[2011/04/23 15:10:08 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/19 15:33:19 | 000,001,944 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.LNK
[2011/04/19 15:33:12 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200080.00D\isolate.ini
[2011/04/19 13:31:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/19 12:58:13 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/19 12:40:24 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/04/19 12:40:24 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/04/18 18:06:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/18 18:06:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/18 18:03:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/18 18:03:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/18 18:03:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/18 18:03:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/18 18:03:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/18 16:20:40 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\CCleaner.lnk
[2011/04/17 12:41:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hfiromor.dat
[2011/04/12 21:32:17 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/09 23:27:05 | 000,101,803 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WMC_2010_web-341x1024.jpg
[2011/04/09 23:26:40 | 000,322,622 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\IDJ-n-Thrive-WMC-Flyer.jpg
[2010/11/07 17:35:25 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/11/07 17:35:25 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/08/14 15:17:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/27 23:25:53 | 000,184,620 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image.Cache
[2010/05/27 22:34:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dvdsnapshot.dat
[2010/02/04 12:27:00 | 000,000,165 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/02/03 20:13:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/03 20:13:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/03 17:20:17 | 000,072,688 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/09 17:36:22 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/11/08 23:38:20 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\setup_ldm.iss
[2009/05/01 18:15:21 | 000,000,593 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/04/09 15:04:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sbuxiwes.bin
[2009/02/12 19:54:21 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/08/25 07:02:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\DELG1L3.DLL
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/12/22 00:11:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/21 00:09:24 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/21 00:00:16 | 000,000,976 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/03 13:39:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/03 10:46:50 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/11/03 10:05:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/03 10:02:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/03 04:55:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/03 04:52:35 | 000,336,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/03 15:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/25 00:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/25 00:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 17:30:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/04/25 17:30:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,464,632 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,078,900 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll


Last edited by Marc0c on Sat 07 May 2011, 1:33 am; edited 1 time in total (Reason for editing : forgot to do paste custom scan text into the OTL window)

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Fri 06 May 2011, 2:15 pm

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/11/03 10:03:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/08/25 07:01:34 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\d1815pc.dll
[2008/08/25 07:02:22 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DELG1pc.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/21 21:54:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/11/03 10:18:37 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/11/03 10:07:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/14 12:41:09 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 12:41:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/14 12:41:09 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/11/03 10:18:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/11/03 04:51:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/11/03 04:51:37 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/11/03 04:51:37 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/29 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) -- C:\WINDOWS\system32\AWINDIS5.SYS
[2002/08/29 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/29 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/29 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/29 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2002/08/29 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/29 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/29 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/29 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/29 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 23:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 23:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 23:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 23:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 23:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/03/03 09:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/08/25 07:01:34 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\d1815pc.dll
[2008/08/25 07:02:22 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DELG1pc.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2011/03/05 19:05:08 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2007/11/03 10:04:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/03 10:16:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/18 18:06:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/18 18:20:39 | 000,015,199 | ---- | M] () -- C:\ComboFix.txt
[2007/11/03 10:04:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/03 10:04:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/05 22:36:22 | 000,024,908 | ---- | M] () -- C:\JavaRa.log
[2007/11/03 10:04:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/11/03 10:14:21 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/21 21:48:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/06 09:52:29 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/06/09 18:31:28 | 000,000,204 | ---- | M] () -- C:\Plugins
[2010/11/17 23:01:49 | 000,043,902 | ---- | M] () -- C:\sp_installation.log
[2011/04/18 18:25:36 | 000,047,128 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_18.04.2011_18.24.57_log.txt
[2011/04/19 15:41:52 | 000,047,886 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_19.04.2011_15.41.07_log.txt
[2011/04/19 18:49:42 | 000,047,886 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_19.04.2011_18.49.22_log.txt

< %PROGRAMFILES%\*. >
[2011/04/12 21:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/26 21:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\AhnLab
[2008/09/15 14:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/06/11 14:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\AruaROSE
[2009/08/03 16:46:50 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/08/27 22:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta
[2011/04/23 15:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/03/13 17:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/04/30 14:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/11 14:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/05/05 22:32:35 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/11/03 10:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/02/22 15:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\Continuum
[2011/04/02 18:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\Cryptic Studios
[2010/05/25 11:33:27 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/01/23 15:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/02/28 15:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/04/30 16:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Installers
[2011/04/30 16:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\DriverUpdate
[2011/02/10 22:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\DVDFab 7
[2010/05/27 23:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVDSnapshot
[2011/02/11 22:16:50 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2009/12/03 15:56:08 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/04/08 17:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\EscSoft
[2011/04/18 22:05:06 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/04/02 18:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\Eternal Lands
[2009/06/25 23:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/14 23:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Gpotato
[2009/05/03 22:09:16 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2010/11/07 17:34:10 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/11/03 10:20:03 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/12 14:39:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/03/13 17:11:28 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/03/13 17:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/01/09 18:02:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/18 18:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/07 21:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2008/09/22 16:13:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/01/26 00:44:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2007/11/03 10:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/03/27 15:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/04/19 15:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/03/17 21:36:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/01/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/01/26 00:51:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2011/01/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/10 15:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/05 22:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/11/28 20:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/11/03 10:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/12/22 18:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/11/03 11:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2008/09/21 21:50:31 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/01/04 20:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2011/04/19 15:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\Norton PC Checkup
[2010/05/25 17:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Support
[2011/04/19 15:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2007/11/03 10:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/01/26 18:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/11/07 17:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\Outspark
[2009/06/09 18:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/07/01 21:58:38 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect World Entertainment
[2011/03/13 17:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/11/28 20:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/05/30 22:53:58 | 000,000,000 | ---D | M] -- C:\Program Files\RogueX
[2009/02/12 19:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/05/02 15:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2011/04/19 12:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2007/11/03 11:28:04 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2011/02/09 23:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2011/04/19 14:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/15 15:23:43 | 000,000,000 | ---D | M] -- C:\Program Files\Staples
[2011/02/12 18:48:57 | 000,000,000 | ---D | M] -- C:\Program Files\StarCraft II
[2010/02/05 14:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\StarportGE
[2011/04/23 14:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/01/04 20:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/04/03 21:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/11/29 00:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Triggersoft
[2007/11/03 10:07:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/03/31 18:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/02/13 18:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\Watchtower
[2011/04/19 12:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2011/04/19 12:46:39 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2010/05/27 14:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/11/27 18:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/11/27 18:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/21 21:50:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/01/04 20:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2007/11/03 10:01:45 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/03 14:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/11/03 10:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2007/11/03 04:55:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2008/12/14 17:38:32 | 000,026,256 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2011/02/10 22:43:03 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2011/02/10 22:43:03 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2011/02/10 22:43:03 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2011/02/10 22:43:03 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2009/11/08 23:38:20 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\setup_ldm.iss


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 23:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/09/21 21:46:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-12 19:26:05

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2892D9

< End of report >


Thanks so much for your help!


Last edited by Marc0c on Sat 07 May 2011, 1:37 am; edited 1 time in total (Reason for editing : forgot to paste the custom scan text into the OTL window)

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Sat 07 May 2011, 6:14 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sat 07 May 2011, 3:45 pm

ComboFix 11-05-06.03 - Owner 05/07/2011 0:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.3065 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{C5E8249E-93E2-4745-8543-01C9885BE454}\setup.msi
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 04:09 . 2011-05-07 04:10 -------- d-----w- C:\32788R22FWJFW
2011-05-06 02:32 . 2011-05-06 02:32 -------- d-----w- c:\program files\Common Files\Java
2011-05-06 02:32 . 2011-05-06 02:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-30 20:28 . 2011-04-30 20:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SlimWare Utilities Inc
2011-04-30 20:28 . 2011-04-30 20:28 -------- d-----w- c:\program files\DriverUpdate
2011-04-23 19:12 . 2011-04-23 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10
2011-04-23 19:10 . 2011-04-23 19:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-04-23 19:08 . 2011-05-07 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-23 19:02 . 2011-04-23 19:02 -------- d-----w- c:\program files\AVG
2011-04-23 18:57 . 2011-05-07 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-19 19:33 . 2011-04-19 19:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tific
2011-04-19 19:33 . 2011-04-19 19:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific
2011-04-19 19:33 . 2011-04-19 19:33 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-04-19 19:33 . 2011-04-19 19:33 -------- d-----w- c:\program files\Norton PC Checkup
2011-04-19 18:49 . 2011-04-30 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-19 18:49 . 2011-04-19 18:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-19 16:58 . 2011-04-19 16:58 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-04-19 16:58 . 2011-04-19 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-19 16:58 . 2011-04-23 18:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-19 16:46 . 2011-04-19 16:46 -------- d-----w- c:\program files\Winamp Detect
2011-04-19 16:46 . 2011-05-06 02:31 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-19 16:46 . 2011-05-06 02:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-19 16:40 . 2011-04-19 16:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Secunia PSI
2011-04-19 16:40 . 2011-04-19 16:40 -------- d-----w- c:\program files\Secunia
2011-04-19 02:05 . 2011-04-19 02:05 -------- d-----w- c:\program files\ESET
2011-04-18 23:31 . 2011-04-18 23:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-18 23:31 . 2011-04-18 23:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-18 23:31 . 2011-04-18 23:31 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-04-18 23:29 . 2011-04-18 23:31 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-04-18 22:26 . 2011-04-18 22:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-04-18 22:26 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 22:26 . 2011-04-18 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-18 22:26 . 2011-04-18 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-18 22:26 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 21:54 . 2011-04-30 18:40 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2007-11-03 14:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-08-29 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2007-11-03 14:15 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2002-08-29 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 22:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 02:43 . 2010-02-04 00:13 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
2011-02-09 13:53 . 2002-08-29 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2002-08-29 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2002-08-29 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-04-14 16:41 . 2011-04-04 01:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2011-05-07 04:17 . 2011-05-07 04:17 16384 c:\windows\Temp\Perflib_Perfdata_80.dat
+ 2011-05-07 04:19 . 2011-05-07 04:19 16384 c:\windows\Temp\Perflib_Perfdata_140.dat
+ 2002-08-29 12:00 . 2011-05-01 03:06 78900 c:\windows\system32\perfc009.dat
- 2002-08-29 12:00 . 2011-04-12 18:38 78900 c:\windows\system32\perfc009.dat
+ 2010-02-03 17:13 . 2010-01-05 00:14 43696 c:\windows\system32\drivers\srtspx.sys
+ 2010-09-01 08:30 . 2010-09-01 08:30 15544 c:\windows\system32\drivers\psi_mf.sys
+ 2007-11-03 14:01 . 2008-04-14 00:12 11776 c:\windows\system32\dllcache\xolehlp.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 50176 c:\windows\system32\dllcache\xmlprovi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\xcopy.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 91648 c:\windows\system32\dllcache\xactsrv.dll
+ 2002-08-29 03:41 . 2008-04-14 00:12 52736 c:\windows\system32\dllcache\wzcsapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\dllcache\wtsapi32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\dllcache\wstdecod.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 22528 c:\windows\system32\dllcache\wsock32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 41984 c:\windows\system32\dllcache\wsnmp32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\dllcache\wshtcpip.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\wshrm.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\wship6.dll
+ 2002-08-29 12:00 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 36864 c:\windows\system32\dllcache\wshcon.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 80896 c:\windows\system32\dllcache\wscsvc.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\wscntfy.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\dllcache\ws2help.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\ws2_32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\wpnpinst.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\dllcache\wpabaln.exe
+ 2002-08-29 12:00 . 2009-01-31 01:34 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2007-11-03 14:02 . 2009-01-31 01:30 64512 c:\windows\system32\dllcache\wmplayer.exe
+ 2007-11-03 14:00 . 2008-04-14 00:12 95232 c:\windows\system32\dllcache\wmiutils.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 41472 c:\windows\system32\dllcache\wmipsess.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 62464 c:\windows\system32\dllcache\wmipjobj.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 61952 c:\windows\system32\dllcache\wmipiprt.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 60928 c:\windows\system32\dllcache\wmicookr.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\wmiaprpl.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\dllcache\wlnotify.dll
+ 2008-09-21 23:47 . 2008-04-14 00:12 69120 c:\windows\system32\dllcache\wlanapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\winsta.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\winshfhc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 99328 c:\windows\system32\dllcache\winscard.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\winrnr.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\dllcache\winipsec.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 75776 c:\windows\system32\dllcache\wiascr.dll
- 2007-11-03 08:55 . 2002-08-29 12:00 13600 c:\windows\system32\dllcache\wfwnet.drv
+ 2002-08-29 12:00 . 2002-08-29 12:00 13600 c:\windows\system32\dllcache\wfwnet.drv
+ 2002-08-29 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\dllcache\wextract.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\dllcache\webclnt.dll
+ 2007-11-03 15:28 . 2008-04-13 19:17 83072 c:\windows\system32\dllcache\wdmaud.sys
+ 2001-08-17 22:37 . 2008-04-14 00:12 23552 c:\windows\system32\dllcache\wdmaud.drv
+ 2007-11-03 14:01 . 2008-04-14 00:12 43520 c:\windows\system32\dllcache\wbemsvc.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\wbemprox.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 43008 c:\windows\system32\dllcache\wbemperf.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\wbemcons.dll
+ 2002-08-29 12:00 . 2008-04-13 18:44 17664 c:\windows\system32\dllcache\watchdog.sys
+ 2002-08-29 12:00 . 2008-04-13 18:57 34560 c:\windows\system32\dllcache\wanarp.sys
+ 2007-11-03 14:15 . 2008-04-13 18:43 14208 c:\windows\system32\dllcache\wacompen.sys
+ 2007-11-03 14:15 . 2008-04-14 00:12 15872 c:\windows\system32\dllcache\w3ssl.dll
+ 2002-08-29 12:00 . 2008-04-13 18:41 52352 c:\windows\system32\dllcache\volsnap.sys
+ 2002-08-29 12:00 . 2008-04-13 18:44 81664 c:\windows\system32\dllcache\videoprt.sys
+ 2007-11-03 14:15 . 2008-04-13 18:36 42240 c:\windows\system32\dllcache\viaagp.sys
+ 2002-08-29 12:00 . 2008-04-13 18:44 20992 c:\windows\system32\dllcache\vga.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\version.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\dllcache\verifier.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 51712 c:\windows\system32\dllcache\vdmredir.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\vdmdbg.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 11325 c:\windows\system32\dllcache\vchnt5.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\userinit.exe
+ 2007-11-03 08:56 . 2008-04-14 00:12 74240 c:\windows\system32\dllcache\usbui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:45 20608 c:\windows\system32\dllcache\usbuhci.sys
+ 2002-08-29 12:00 . 2008-04-13 18:45 26368 c:\windows\system32\dllcache\usbstor.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\usbmon.dll
+ 2002-08-29 01:32 . 2008-04-13 18:45 15872 c:\windows\system32\dllcache\usbintel.sys
+ 2002-08-29 12:00 . 2008-04-13 18:45 59520 c:\windows\system32\dllcache\usbhub.sys
+ 2002-08-29 12:00 . 2008-04-13 18:45 30208 c:\windows\system32\dllcache\usbehci.sys
+ 2002-08-29 12:00 . 2008-04-13 18:45 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25728 c:\windows\system32\dllcache\usbcamd2.sys
+ 2001-08-17 14:03 . 2008-04-13 18:45 25600 c:\windows\system32\dllcache\usbcamd.sys
+ 2007-11-03 14:15 . 2008-04-13 18:56 12800 c:\windows\system32\dllcache\usb8023x.sys
+ 2002-08-29 12:00 . 2008-04-13 18:56 12800 c:\windows\system32\dllcache\usb8023.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\dllcache\ups.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\upnpcont.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\uniplat.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 74240 c:\windows\system32\dllcache\unimdmat.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\dllcache\udhisapi.dll
+ 2002-08-29 12:00 . 2008-04-13 18:32 66048 c:\windows\system32\dllcache\udfs.sys
+ 2007-11-03 14:15 . 2008-04-13 18:36 44672 c:\windows\system32\dllcache\uagp35.sys
+ 2007-11-03 14:15 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\twext.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\dllcache\twain_32.dll
+ 2002-08-29 01:35 . 2008-04-13 18:56 12288 c:\windows\system32\dllcache\tunmp.sys
+ 2008-09-21 23:47 . 2008-04-14 00:12 50688 c:\windows\system32\dllcache\tspkg.dll
+ 2008-09-21 23:47 . 2008-04-14 00:12 53248 c:\windows\system32\dllcache\tsgqec.dll
+ 2002-08-29 12:00 . 2008-04-14 00:13 12168 c:\windows\system32\dllcache\tsddd.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 93696 c:\windows\system32\dllcache\tscfgwmi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 90112 c:\windows\system32\dllcache\trkwks.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 12288 c:\windows\system32\dllcache\tracert.exe
+ 2007-11-03 14:00 . 2008-04-14 00:13 40840 c:\windows\system32\dllcache\termdd.sys
+ 2007-11-03 14:01 . 2008-04-14 00:13 21896 c:\windows\system32\dllcache\tdtcp.sys
+ 2007-11-03 14:01 . 2008-04-14 00:13 12040 c:\windows\system32\dllcache\tdpipe.sys
+ 2002-08-29 12:00 . 2008-04-13 19:00 19072 c:\windows\system32\dllcache\tdi.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\dllcache\tcpmonui.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\dllcache\tcpmon.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\dllcache\tcpmib.dll
+ 2002-08-29 12:00 . 2008-04-13 18:40 14976 c:\windows\system32\dllcache\tape.sys
+ 2007-11-03 15:28 . 2008-04-13 19:15 60800 c:\windows\system32\dllcache\sysaudio.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\synceng.dll
+ 2007-11-03 15:28 . 2008-04-13 18:45 56576 c:\windows\system32\dllcache\swmidi.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\svchost.exe
+ 2002-08-29 01:32 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2007-11-03 08:55 . 2008-04-14 00:12 74752 c:\windows\system32\dllcache\storprop.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\dllcache\stimon.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\dllcache\sti.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 86528 c:\windows\system32\dllcache\stdprov.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 59392 c:\windows\system32\dllcache\stclient.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 26624 c:\windows\system32\dllcache\startoc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\sstub.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\ssstars.scr
+ 2002-08-29 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\ssmyst.scr
+ 2002-08-29 12:00 . 2008-04-14 00:12 47104 c:\windows\system32\dllcache\ssmypics.scr
+ 2002-08-29 12:00 . 2008-04-14 00:12 20992 c:\windows\system32\dllcache\ssmarque.scr
+ 2002-08-29 12:00 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\ssdpsrv.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\dllcache\ssdpapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\dllcache\ssbezier.scr
+ 2007-11-03 14:02 . 2008-04-14 00:12 67584 c:\windows\system32\dllcache\srclient.dll
+ 2007-11-03 14:03 . 2008-04-14 00:12 58434 c:\windows\system32\dllcache\srchctls.dll
+ 2007-11-03 14:02 . 2008-04-13 18:36 73472 c:\windows\system32\dllcache\sr.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 75264 c:\windows\system32\dllcache\spoolss.dll
+ 2004-08-04 05:56 . 2008-04-14 09:42 11264 c:\windows\system32\dllcache\spnpinst.exe
+ 2002-08-29 12:00 . 2008-04-13 16:43 62976 c:\windows\system32\dllcache\spgrmr.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\sort.exe
+ 2002-08-29 01:33 . 2008-04-13 18:46 25344 c:\windows\system32\dllcache\sonydcam.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\snmpapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\dllcache\sniffpol.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\dllcache\smss.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 89600 c:\windows\system32\dllcache\smlogsvc.exe
+ 2007-11-03 14:15 . 2008-04-14 00:12 73796 c:\windows\system32\dllcache\slserv.exe
+ 2007-11-03 14:15 . 2008-04-14 00:12 32866 c:\windows\system32\dllcache\slrundll.exe
+ 2007-11-03 14:15 . 2008-04-14 00:12 73832 c:\windows\system32\dllcache\slcoinst.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\slbiop.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\skeys.exe
+ 2007-11-03 14:15 . 2008-04-13 18:36 40960 c:\windows\system32\dllcache\sisagp.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 70144 c:\windows\system32\dllcache\sigverif.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\sigtab.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\dllcache\shutdown.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\dllcache\shscrap.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 77824 c:\windows\system32\dllcache\shrpubw.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 45056 c:\windows\system32\dllcache\shmgrate.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\dllcache\shgina.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\dllcache\shfolder.dll
+ 2002-08-29 12:00 . 2008-04-13 18:40 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2007-11-03 14:15 . 2008-04-13 18:40 11008 c:\windows\system32\dllcache\sffp_sd.sys
+ 2007-11-03 14:15 . 2008-04-13 18:40 11904 c:\windows\system32\dllcache\sffdisk.sys
+ 2008-09-21 23:47 . 2008-04-14 00:12 32768 c:\windows\system32\dllcache\setupn.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\dllcache\setup.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 31232 c:\windows\system32\dllcache\sethc.exe
+ 2007-11-03 14:01 . 2008-04-14 00:12 56320 c:\windows\system32\dllcache\servdeps.dll
+ 2002-08-29 12:00 . 2008-04-13 19:15 64512 c:\windows\system32\dllcache\serial.sys
+ 2002-08-29 12:00 . 2008-04-13 18:40 15744 c:\windows\system32\dllcache\serenum.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 39424 c:\windows\system32\dllcache\sens.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 54784 c:\windows\system32\dllcache\sendmail.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 29184 c:\windows\system32\dllcache\sendcmsg.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\seclogon.dll
+ 2007-11-03 14:15 . 2008-04-13 18:36 79232 c:\windows\system32\dllcache\sdbus.sys
+ 2002-08-29 12:00 . 2008-04-13 18:40 96384 c:\windows\system32\dllcache\scsiport.sys
+ 2007-11-03 14:01 . 2008-04-14 00:12 36352 c:\windows\system32\dllcache\scrcons.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\dllcache\sclgntfy.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 95744 c:\windows\system32\dllcache\scardsvr.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\dllcache\scarddlg.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\savedump.exe
+ 2007-11-03 14:02 . 2008-04-14 00:12 45568 c:\windows\system32\dllcache\safrslv.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 29696 c:\windows\system32\dllcache\safrdm.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 43520 c:\windows\system32\dllcache\safrcdlg.dll
- 2010-12-18 01:45 . 2001-08-17 19:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2010-12-18 01:45 . 2001-08-17 18:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\rundll32.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 44032 c:\windows\system32\dllcache\rtutils.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 31744 c:\windows\system32\dllcache\rtipxmib.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\dllcache\rtcshare.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\dllcache\rsvpsp.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\rsmps.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\rshx32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\dllcache\rsh.exe
+ 2007-11-03 14:02 . 2008-04-14 00:12 61440 c:\windows\system32\dllcache\rrcm.dll
+ 2007-11-03 14:15 . 2008-04-13 18:56 30592 c:\windows\system32\dllcache\rndismpx.sys
+ 2002-08-29 12:00 . 2008-04-13 18:56 30592 c:\windows\system32\dllcache\rndismp.sys
+ 2007-11-03 14:15 . 2008-04-13 18:46 59136 c:\windows\system32\dllcache\rfcomm.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\rexec.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 58880 c:\windows\system32\dllcache\resutils.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 60416 c:\windows\system32\dllcache\remotepg.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 11776 c:\windows\system32\dllcache\regsvr32.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 59904 c:\windows\system32\dllcache\regsvc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 49664 c:\windows\system32\dllcache\regapi.dll
+ 2007-11-03 08:58 . 2008-04-13 18:40 57600 c:\windows\system32\dllcache\redbook.sys
+ 2007-11-03 14:00 . 2008-04-14 00:12 13824 c:\windows\system32\dllcache\rdsaddin.exe
+ 2007-11-03 14:00 . 2008-04-14 00:13 87176 c:\windows\system32\dllcache\rdpwsx.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 19968 c:\windows\system32\dllcache\rdpsnd.dll
+ 2002-08-29 12:00 . 2008-04-14 00:13 92424 c:\windows\system32\dllcache\rdpdd.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 62976 c:\windows\system32\dllcache\rdpclip.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 21504 c:\windows\system32\dllcache\rcp.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\dllcache\rastapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\rassapi.dll
+ 2008-09-21 23:47 . 2008-04-14 00:12 61952 c:\windows\system32\dllcache\rasqec.dll
+ 2002-08-29 12:00 . 2008-04-13 19:19 48384 c:\windows\system32\dllcache\raspptp.sys
+ 2002-08-29 12:00 . 2008-04-13 18:57 41472 c:\windows\system32\dllcache\raspppoe.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 56832 c:\windows\system32\dllcache\rasphone.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 61440 c:\windows\system32\dllcache\rasman.dll
+ 2002-08-29 12:00 . 2008-04-13 19:19 51328 c:\windows\system32\dllcache\rasl2tp.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\rasauto.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 43520 c:\windows\system32\dllcache\racpldlg.dll
+ 2008-09-21 23:47 . 2008-04-14 00:12 76800 c:\windows\system32\dllcache\qutil.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\qmgrprxy.dll
+ 2008-09-21 23:47 . 2008-04-14 00:12 62464 c:\windows\system32\dllcache\qcliprov.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 34304 c:\windows\system32\dllcache\pstorsvc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 43520 c:\windows\system32\dllcache\pstorec.dll
+ 2002-08-29 12:00 . 2008-04-13 18:56 69120 c:\windows\system32\dllcache\psched.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 96768 c:\windows\system32\dllcache\psbase.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\dllcache\psapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\dllcache\proquota.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\dllcache\profmap.dll
+ 2002-08-29 01:05 . 2008-04-13 18:31 35840 c:\windows\system32\dllcache\processr.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\powrprof.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 49152 c:\windows\system32\dllcache\powercfg.exe
+ 2007-11-03 14:15 . 2008-04-14 00:12 58880 c:\windows\system32\dllcache\pnrpnsp.dll
+ 2002-08-29 12:00 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 22:36 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2001-08-17 22:36 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\pjlmon.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\dllcache\ping.exe
+ 2002-08-29 12:00 . 2008-04-13 18:35 24064 c:\windows\system32\dllcache\pidgen.dll
+ 2002-08-29 03:41 . 2008-04-14 00:12 35328 c:\windows\system32\dllcache\pid.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\dllcache\perfproc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\dllcache\perfos.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\dllcache\perfnet.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 15872 c:\windows\system32\dllcache\perfmon.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\dllcache\perfdisk.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\perfctrs.dll
+ 2002-08-29 12:00 . 2008-04-13 18:40 24960 c:\windows\system32\dllcache\pciidex.sys
+ 2002-08-29 12:00 . 2008-04-13 18:36 68224 c:\windows\system32\dllcache\pci.sys
+ 2007-11-03 14:02 . 2008-04-14 00:12 38400 c:\windows\system32\dllcache\pchsvc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\dllcache\pautoenr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:40 19712 c:\windows\system32\dllcache\partmgr.sys
+ 2002-08-29 01:27 . 2008-04-13 18:40 80128 c:\windows\system32\dllcache\parport.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\dllcache\packager.exe
+ 2002-08-29 01:05 . 2008-04-13 18:31 42752 c:\windows\system32\dllcache\p3.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\dllcache\osuninst.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 51200 c:\windows\system32\dllcache\oobebaln.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 24064 c:\windows\system32\dllcache\olesvr.dll
- 2007-11-03 08:55 . 2002-08-29 12:00 24064 c:\windows\system32\dllcache\olesvr.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 37376 c:\windows\system32\dllcache\olecnv32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 74752 c:\windows\system32\dllcache\olecli32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 82944 c:\windows\system32\dllcache\olecli.dll
- 2007-11-03 08:55 . 2002-08-29 12:00 82944 c:\windows\system32\dllcache\olecli.dll
+ 2002-08-29 12:00 . 2008-04-13 18:46 61696 c:\windows\system32\dllcache\ohci1394.sys
+ 2002-08-29 12:00 . 2008-04-13 17:26 12288 c:\windows\system32\dllcache\odbcp32r.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\ocmsn.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\ocgen.dll
+ 2002-08-29 12:00 . 2008-04-13 18:56 88320 c:\windows\system32\dllcache\nwlnkipx.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 91136 c:\windows\system32\dllcache\ntprint.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 62976 c:\windows\system32\dllcache\ntoc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 40960 c:\windows\system32\dllcache\ntmsapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 44032 c:\windows\system32\dllcache\ntlanman.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 67072 c:\windows\system32\dllcache\ntdsapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 76800 c:\windows\system32\dllcache\nslookup.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 54784 c:\windows\system32\dllcache\npptools.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\nppagent.exe
+ 2002-08-29 12:00 . 2008-04-13 18:32 30848 c:\windows\system32\dllcache\npfs.sys
- 2007-11-03 08:55 . 2008-04-14 00:12 69120 c:\windows\system32\dllcache\notepad.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 69120 c:\windows\system32\dllcache\notepad.exe
+ 2002-08-29 12:00 . 2008-04-13 18:53 40320 c:\windows\system32\dllcache\nmnt.sys
+ 2007-11-03 14:02 . 2008-04-14 00:12 28672 c:\windows\system32\dllcache\nmmkcert.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 77824 c:\windows\system32\dllcache\nmcom.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 81920 c:\windows\system32\dllcache\nmchat.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 28672 c:\windows\system32\dllcache\nmasnt.dll
+ 2002-08-29 01:33 . 2008-04-13 18:51 61824 c:\windows\system32\dllcache\nic1394.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 80896 c:\windows\system32\dllcache\netui0.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 36864 c:\windows\system32\dllcache\netstat.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 11776 c:\windows\system32\dllcache\netrap.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\dllcache\netoc.dll
+ 2002-08-29 12:00 . 2008-04-13 18:56 34688 c:\windows\system32\dllcache\netbios.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 42496 c:\windows\system32\dllcache\net.exe
+ 2002-08-29 01:35 . 2008-04-13 18:55 14592 c:\windows\system32\dllcache\ndisuio.sys
+ 2002-08-29 12:00 . 2008-04-13 18:57 10112 c:\windows\system32\dllcache\ndistapi.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 57344 c:\windows\system32\dllcache\ndisnpp.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\dllcache\nddenb32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\dllcache\nddeapi.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 47104 c:\windows\system32\dllcache\ncprov.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 36352 c:\windows\system32\dllcache\ncobjapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\narrator.exe
+ 2008-09-21 23:46 . 2008-04-14 00:12 30208 c:\windows\system32\dllcache\napipsec.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 90624 c:\windows\system32\dllcache\mydocs.dll
+ 2007-11-03 14:15 . 2008-04-13 18:43 12672 c:\windows\system32\dllcache\mutohpen.sys
+ 2007-11-03 14:01 . 2008-04-14 00:12 34304 c:\windows\system32\dllcache\mtxlegih.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\mtxdm.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 72704 c:\windows\system32\dllcache\msw3prt.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 57344 c:\windows\system32\dllcache\msvcirt.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 12288 c:\windows\system32\dllcache\mstinit.exe
+ 2007-11-03 14:02 . 2008-04-14 00:12 57344 c:\windows\system32\dllcache\mst123.dll
+ 2007-11-03 14:15 . 2008-04-13 18:36 15488 c:\windows\system32\dllcache\mssmbios.sys
+ 2008-09-21 23:46 . 2008-04-13 18:14 76800 c:\windows\system32\dllcache\msshamsg.dll
+ 2002-08-29 12:00 . 2008-04-13 16:23 48128 c:\windows\system32\dllcache\msprivs.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 29696 c:\windows\system32\dllcache\mspatcha.dll
+ 2002-08-29 12:00 . 2008-04-13 17:24 20480 c:\windows\system32\dllcache\msorc32r.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 29184 c:\windows\system32\dllcache\msoobe.exe
+ 2007-11-03 14:02 . 2008-04-14 00:12 19456 c:\windows\system32\dllcache\msobweb.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\msobshel.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\msobdl.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\mslwvtts.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\dllcache\mslbui.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 15360 c:\windows\system32\dllcache\msisip.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2002-08-29 12:00 . 2008-04-14 00:11 51712 c:\windows\system32\dllcache\msident.dll
- 2007-08-13 22:01 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2002-08-29 12:00 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2002-08-29 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 22:32 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2002-08-29 12:00 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2002-08-29 12:00 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\msgsvc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 15360 c:\windows\system32\dllcache\msgrocm.dll
+ 2002-08-29 12:00 . 2008-04-13 18:56 35072 c:\windows\system32\dllcache\msgpc.sys
+ 2002-08-29 12:00 . 2008-04-13 18:32 19072 c:\windows\system32\dllcache\msfs.sys
+ 2002-08-29 12:00 . 2008-04-14 00:11 90112 c:\windows\system32\dllcache\msdtcstp.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 14336 c:\windows\system32\dllcache\msdmo.dll
+ 2007-11-03 14:02 . 2008-04-14 00:11 94208 c:\windows\system32\dllcache\msdatl3.dll
+ 2007-11-03 14:02 . 2008-04-13 17:24 16384 c:\windows\system32\dllcache\msdaorar.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\msctfp.dll
+ 2002-08-29 12:00 . 2008-04-13 17:26 12288 c:\windows\system32\dllcache\mscpx32r.dll
+ 2007-11-03 14:02 . 2008-04-14 00:11 69632 c:\windows\system32\dllcache\msconf.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 86016 c:\windows\system32\dllcache\msapsspc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 71680 c:\windows\system32\dllcache\msacm32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 53248 c:\windows\system32\dllcache\mprdim.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 87040 c:\windows\system32\dllcache\mprapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 59904 c:\windows\system32\dllcache\mpr.dll
+ 2002-08-29 12:00 . 2008-04-13 18:39 42368 c:\windows\system32\dllcache\mountmgr.sys
+ 2001-08-17 13:48 . 2002-08-29 12:00 12160 c:\windows\system32\dllcache\mouhid.sys
+ 2002-08-29 01:27 . 2008-04-13 18:39 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2007-11-03 14:00 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\mofcomp.exe
+ 2001-08-17 13:57 . 2008-04-13 19:00 30080 c:\windows\system32\dllcache\modem.sys
+ 2007-11-03 14:02 . 2008-04-14 00:12 32768 c:\windows\system32\dllcache\mnmsrvc.exe
+ 2007-11-03 14:02 . 2008-04-14 00:11 34560 c:\windows\system32\dllcache\mnmdd.dll
- 2007-11-03 08:55 . 2004-08-04 03:51 68768 c:\windows\system32\dllcache\mmsystem.dll
+ 2002-08-29 12:00 . 2004-08-04 03:51 68768 c:\windows\system32\dllcache\mmsystem.dll
+ 2007-11-03 14:01 . 2008-04-14 00:11 17408 c:\windows\system32\dllcache\mmfutil.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\mmcshext.dll
+ 2008-09-21 23:46 . 2008-04-14 00:12 33792 c:\windows\system32\dllcache\mmcperf.exe
+ 2002-08-29 12:00 . 2008-04-14 00:11 60928 c:\windows\system32\dllcache\miglibnt.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 18944 c:\windows\system32\dllcache\midimap.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 14848 c:\windows\system32\dllcache\mgmtapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 40960 c:\windows\system32\dllcache\mf3216.dll
+ 2001-08-17 13:58 . 2008-04-13 18:36 63744 c:\windows\system32\dllcache\mf.sys
+ 2008-09-21 23:45 . 2008-04-13 16:44 17920 c:\windows\system32\dllcache\cobramsg.dll
- 2010-12-18 01:51 . 2001-08-17 18:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2010-12-18 01:51 . 2001-08-17 17:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2010-12-18 01:51 . 2001-08-17 16:11 31529 c:\windows\system32\dllcache\brzwlan.sys
- 2010-12-18 01:51 . 2001-08-17 17:11 31529 c:\windows\system32\dllcache\brzwlan.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2010-12-18 01:51 . 2001-08-17 17:12 10368 c:\windows\system32\dllcache\brusbscn.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2010-12-18 01:51 . 2001-08-17 17:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 60416 c:\windows\system32\dllcache\brserwdm.sys
+ 2010-12-18 01:51 . 2001-08-17 17:12 60416 c:\windows\system32\dllcache\brserwdm.sys
+ 2010-12-18 01:51 . 2001-08-17 17:12 39552 c:\windows\system32\dllcache\brparwdm.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 39552 c:\windows\system32\dllcache\brparwdm.sys
- 2010-12-18 01:51 . 2001-08-18 03:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2010-12-18 01:51 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
- 2010-12-18 01:51 . 2001-08-18 03:36 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 29696 c:\windows\system32\dllcache\brmflpt.dll
- 2010-12-18 01:51 . 2001-08-18 03:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
- 2010-12-18 01:51 . 2001-08-18 03:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2010-12-18 01:51 . 2001-08-17 17:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
- 2010-12-18 01:51 . 2001-08-18 03:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 19456 c:\windows\system32\dllcache\brbidiif.dll
- 2010-12-18 01:51 . 2001-08-18 03:36 19456 c:\windows\system32\dllcache\brbidiif.dll
+ 2010-12-18 01:51 . 2008-04-13 18:46 11776 c:\windows\system32\dllcache\bdasup.sys
- 2010-12-18 01:51 . 2008-04-13 19:46 11776 c:\windows\system32\dllcache\bdasup.sys
+ 2010-12-18 01:51 . 2001-08-17 16:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
- 2010-12-18 01:51 . 2001-08-17 17:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
- 2010-12-18 01:51 . 2001-08-17 17:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2010-12-18 01:51 . 2001-08-17 16:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2010-12-18 01:51 . 2001-08-17 16:11 66557 c:\windows\system32\dllcache\bcm42u.sys
- 2010-12-18 01:51 . 2001-08-17 17:11 66557 c:\windows\system32\dllcache\bcm42u.sys
- 2010-12-18 01:51 . 2008-04-13 19:36 14208 c:\windows\system32\dllcache\battc.sys
+ 2010-12-18 01:51 . 2008-04-13 18:36 14208 c:\windows\system32\dllcache\battc.sys
+ 2010-12-18 01:51 . 2001-08-17 16:48 36128 c:\windows\system32\dllcache\banshee.sys
- 2010-12-18 01:51 . 2001-08-17 17:48 36128 c:\windows\system32\dllcache\banshee.sys
+ 2010-12-18 01:51 . 2001-08-17 16:11 96640 c:\windows\system32\dllcache\b57xp32.sys
- 2010-12-18 01:51 . 2001-08-17 17:11 96640 c:\windows\system32\dllcache\b57xp32.sys
- 2010-12-18 01:51 . 2001-08-17 17:13 89952 c:\windows\system32\dllcache\b1cbase.sys
+ 2010-12-18 01:51 . 2001-08-17 16:13 89952 c:\windows\system32\dllcache\b1cbase.sys
+ 2010-12-18 01:51 . 2001-08-17 16:19 36992 c:\windows\system32\dllcache\aztw2320.sys
- 2010-12-18 01:51 . 2001-08-17 17:19 36992 c:\windows\system32\dllcache\aztw2320.sys
- 2010-12-18 01:51 . 2001-08-17 17:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2010-12-18 01:51 . 2001-08-17 16:13 37568 c:\windows\system32\dllcache\avmwan.sys
- 2010-12-18 01:51 . 2001-08-18 03:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
+ 2010-12-18 01:51 . 2008-04-13 18:46 13696 c:\windows\system32\dllcache\avcstrm.sys
- 2010-12-18 01:51 . 2008-04-13 19:46 13696 c:\windows\system32\dllcache\avcstrm.sys
- 2010-12-18 01:51 . 2001-08-17 19:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2010-12-18 01:51 . 2001-08-17 18:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2010-12-18 01:51 . 2008-04-13 18:46 38912 c:\windows\system32\dllcache\avc.sys
- 2010-12-18 01:51 . 2008-04-13 19:46 38912 c:\windows\system32\dllcache\avc.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 26624 c:\windows\system32\dllcache\ativxbar.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\ativxbar.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 19456 c:\windows\system32\dllcache\ativttxx.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 49920 c:\windows\system32\dllcache\atirtcap.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 49920 c:\windows\system32\dllcache\atirtcap.sys
+ 2010-12-18 01:51 . 2001-08-17 16:48 70528 c:\windows\system32\dllcache\atiragem.sys
- 2010-12-18 01:51 . 2001-08-17 17:48 70528 c:\windows\system32\dllcache\atiragem.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 75136 c:\windows\system32\dllcache\atimpae.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 75136 c:\windows\system32\dllcache\atimpae.sys
- 2010-12-18 01:51 . 2001-08-18 03:36 37376 c:\windows\system32\dllcache\atievxx.exe
+ 2010-12-18 01:51 . 2001-08-18 02:36 37376 c:\windows\system32\dllcache\atievxx.exe
- 2010-12-18 01:51 . 2001-08-17 17:49 46464 c:\windows\system32\dllcache\atibt829.sys
+ 2010-12-18 01:51 . 2001-08-17 16:49 46464 c:\windows\system32\dllcache\atibt829.sys
- 2010-12-18 01:51 . 2001-08-17 18:57 77568 c:\windows\system32\dllcache\ati.sys
+ 2010-12-18 01:51 . 2001-08-17 17:57 77568 c:\windows\system32\dllcache\ati.sys
- 2010-12-18 01:51 . 2001-08-17 19:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2010-12-18 01:51 . 2001-08-17 18:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2010-12-18 01:51 . 2001-08-17 16:12 97354 c:\windows\system32\dllcache\aspndis3.sys
- 2010-12-18 01:51 . 2001-08-17 17:12 97354 c:\windows\system32\dllcache\aspndis3.sys
- 2010-12-18 01:51 . 2001-08-17 18:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2010-12-18 01:51 . 2001-08-17 17:51 14848 c:\windows\system32\dllcache\asc3550.sys
- 2010-12-18 01:51 . 2001-08-17 18:52 22400 c:\windows\system32\dllcache\asc3350p.sys
+ 2010-12-18 01:51 . 2001-08-17 17:52 22400 c:\windows\system32\dllcache\asc3350p.sys
+ 2010-12-18 01:51 . 2001-08-17 17:52 26496 c:\windows\system32\dllcache\asc.sys
- 2010-12-18 01:51 . 2001-08-17 18:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2010-12-18 01:50 . 2004-08-04 03:31 36224 c:\windows\system32\dllcache\an983.sys
- 2010-12-18 01:50 . 2004-08-04 04:31 36224 c:\windows\system32\dllcache\an983.sys
+ 2010-12-18 01:50 . 2001-08-17 17:52 12032 c:\windows\system32\dllcache\amsint.sys
- 2010-12-18 01:50 . 2001-08-17 18:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2010-12-18 01:50 . 2001-08-17 16:11 16969 c:\windows\system32\dllcache\amb8002.sys
- 2010-12-18 01:50 . 2001-08-17 17:11 16969 c:\windows\system32\dllcache\amb8002.sys
+ 2010-12-18 01:50 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\alifir.sys
- 2010-12-18 01:50 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\alifir.sys
+ 2010-12-18 01:50 . 2001-08-17 16:11 27678 c:\windows\system32\dllcache\ali5261.sys
- 2010-12-18 01:50 . 2001-08-17 17:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2010-12-18 01:50 . 2001-08-17 18:07 56960 c:\windows\system32\dllcache\aic78xx.sys
- 2010-12-18 01:50 . 2001-08-17 19:07 56960 c:\windows\system32\dllcache\aic78xx.sys
- 2010-12-18 01:50 . 2001-08-17 19:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2010-12-18 01:50 . 2001-08-17 18:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2010-12-18 01:50 . 2001-08-17 17:52 12800 c:\windows\system32\dllcache\aha154x.sys
- 2010-12-18 01:50 . 2001-08-17 18:52 12800 c:\windows\system32\dllcache\aha154x.sys
+ 2010-12-18 01:46 . 2001-08-17 16:11 46112 c:\windows\system32\dllcache\adptsf50.sys
- 2010-12-18 01:46 . 2001-08-17 17:11 46112 c:\windows\system32\dllcache\adptsf50.sys
- 2010-12-18 01:46 . 2004-08-04 04:32 10880 c:\windows\system32\dllcache\admjoy.sys
+ 2010-12-18 01:46 . 2004-08-04 03:32 10880 c:\windows\system32\dllcache\admjoy.sys
- 2010-12-18 01:46 . 2001-08-17 17:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2010-12-18 01:46 . 2001-08-17 16:11 20160 c:\windows\system32\dllcache\adm8511.sys
- 2010-12-18 01:46 . 2001-08-18 03:36 61440 c:\windows\system32\dllcache\acerscad.dll
+ 2010-12-18 01:46 . 2001-08-18 02:36 61440 c:\windows\system32\dllcache\acerscad.dll
- 2010-12-18 01:46 . 2004-08-04 04:32 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2010-12-18 01:46 . 2004-08-04 03:32 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2010-12-18 01:46 . 2001-08-17 16:20 96256 c:\windows\system32\dllcache\ac97intc.sys
- 2010-12-18 01:46 . 2001-08-17 17:20 96256 c:\windows\system32\dllcache\ac97intc.sys
- 2010-12-18 01:46 . 2001-08-17 18:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2010-12-18 01:46 . 2001-08-17 17:52 23552 c:\windows\system32\dllcache\abp480n5.sys
- 2010-12-18 01:46 . 2001-08-18 03:36 98304 c:\windows\system32\dllcache\a3d.dll
+ 2010-12-18 01:46 . 2001-08-18 02:36 98304 c:\windows\system32\dllcache\a3d.dll
+ 2010-12-18 01:46 . 2001-08-17 18:55 38400 c:\windows\system32\dllcache\8514a.dll
- 2010-12-18 01:46 . 2001-08-17 19:55 38400 c:\windows\system32\dllcache\8514a.dll
- 2010-12-18 01:46 . 2008-04-13 19:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2010-12-18 01:46 . 2008-04-13 18:46 48128 c:\windows\system32\dllcache\61883.sys
- 2010-12-18 01:46 . 2008-04-13 19:40 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2010-12-18 01:46 . 2008-04-13 18:40 12288 c:\windows\system32\dllcache\4mmdat.sys
- 2010-12-18 01:46 . 2001-08-17 19:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2010-12-18 01:46 . 2001-08-17 18:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2007-11-03 14:05 . 2011-04-18 23:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-03 14:05 . 2008-09-22 20:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-18 23:31 . 2011-04-18 23:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-11-03 14:05 . 2008-09-22 20:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-03 14:00 . 2008-04-14 00:12 6656 c:\windows\system32\dllcache\wuauserv.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\wmm2res2.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 7680 c:\windows\system32\dllcache\wmm2ext.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 4096 c:\windows\system32\dllcache\wmm2eres.dll
+ 2007-11-03 14:01 . 2008-04-13 17:10 6656 c:\windows\system32\dllcache\wmiapres.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 5632 c:\windows\system32\dllcache\wmi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\winver.exe
- 2007-11-03 08:55 . 2002-08-29 12:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2002-08-29 12:00 . 2002-08-29 12:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2002-08-29 12:00 . 2002-08-29 12:00 4736 c:\windows\system32\dllcache\usbd.sys
- 2007-11-03 08:55 . 2002-08-29 12:00 4048 c:\windows\system32\dllcache\timer.drv
+ 2002-08-29 12:00 . 2002-08-29 12:00 4048 c:\windows\system32\dllcache\timer.drv
- 2007-11-03 08:55 . 2002-08-29 12:00 3360 c:\windows\system32\dllcache\system.drv
+ 2002-08-29 12:00 . 2002-08-29 12:00 3360 c:\windows\system32\dllcache\system.drv
+ 2001-08-17 13:48 . 2008-04-13 18:39 4352 c:\windows\system32\dllcache\swenum.sys
+ 2007-11-03 15:28 . 2008-04-13 18:45 6272 c:\windows\system32\dllcache\splitter.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 1744 c:\windows\system32\dllcache\sound.drv
- 2007-11-03 08:55 . 2002-08-29 12:00 1744 c:\windows\system32\dllcache\sound.drv
+ 2007-11-03 14:15 . 2008-04-14 00:12 8192 c:\windows\system32\dllcache\smbinst.exe
+ 2007-11-03 14:15 . 2008-04-13 18:36 5888 c:\windows\system32\dllcache\smbali.sys
+ 2007-11-03 14:15 . 2008-04-14 00:12 3901 c:\windows\system32\dllcache\siint5.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 5120 c:\windows\system32\dllcache\shell.dll
- 2007-11-03 08:55 . 2002-08-29 12:00 5120 c:\windows\system32\dllcache\shell.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 7168 c:\windows\system32\dllcache\sensapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\security.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 7680 c:\windows\system32\dllcache\rasadhlp.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 9216 c:\windows\system32\dllcache\proxycfg.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 8192 c:\windows\system32\dllcache\ntlsapi.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 4096 c:\windows\system32\dllcache\nddeapir.exe
+ 2007-11-03 14:01 . 2008-04-14 00:12 4096 c:\windows\system32\dllcache\mtxex.dll
+ 2007-11-03 15:28 . 2008-04-13 18:39 4992 c:\windows\system32\dllcache\mspqm.sys
+ 2007-11-03 15:28 . 2008-04-13 18:39 5376 c:\windows\system32\dllcache\mspclock.sys
+ 2007-11-03 15:28 . 2008-04-13 18:39 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2002-08-29 12:00 . 2008-04-14 00:11 4608 c:\windows\system32\dllcache\msimg32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 6656 c:\windows\system32\dllcache\msidle.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 6144 c:\windows\system32\dllcache\msdtc.exe
+ 2002-08-29 12:00 . 2008-04-14 00:10 3584 c:\windows\system32\dllcache\msafd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 2032 c:\windows\system32\dllcache\mouse.drv
- 2007-11-03 08:55 . 2002-08-29 12:00 2032 c:\windows\system32\dllcache\mouse.drv
- 2010-12-18 01:51 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 9728 c:\windows\system32\dllcache\brserif.dll
- 2010-12-18 01:51 . 2001-08-18 03:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2010-12-18 01:51 . 2001-08-17 17:12 3168 c:\windows\system32\dllcache\brparimg.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 3168 c:\windows\system32\dllcache\brparimg.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2010-12-18 01:51 . 2001-08-17 17:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2010-12-18 01:51 . 2001-08-17 17:12 2944 c:\windows\system32\dllcache\brfilt.sys
- 2010-12-18 01:51 . 2001-08-17 18:12 2944 c:\windows\system32\dllcache\brfilt.sys
- 2010-12-18 01:51 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2010-12-18 01:51 . 2001-08-17 16:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
- 2010-12-18 01:51 . 2001-08-17 17:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
+ 2010-12-18 01:50 . 2001-08-17 17:47 6272 c:\windows\system32\dllcache\apmbatt.sys
- 2010-12-18 01:50 . 2001-08-17 18:47 6272 c:\windows\system32\dllcache\apmbatt.sys
- 2010-12-18 01:50 . 2001-08-17 18:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2010-12-18 01:50 . 2001-08-17 17:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2010-12-18 01:46 . 2001-08-17 17:53 7424 c:\windows\system32\dllcache\adicvls.sys
- 2010-12-18 01:46 . 2001-08-17 18:53 7424 c:\windows\system32\dllcache\adicvls.sys
- 2002-08-29 12:00 . 2011-04-12 18:38 464632 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2011-05-01 03:06 464632 c:\windows\system32\perfh009.dat
+ 2011-04-19 16:54 . 2011-04-19 16:54 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2011-04-19 16:48 . 2011-04-19 16:48 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-19 16:48 . 2011-04-19 16:48 311456 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-05-06 02:32 . 2011-05-06 02:31 157472 c:\windows\system32\javaws.exe
+ 2011-05-06 02:32 . 2011-05-06 02:31 145184 c:\windows\system32\javaw.exe
- 2009-08-19 19:59 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
+ 2011-05-06 02:32 . 2011-05-06 02:31 145184 c:\windows\system32\java.exe
- 2009-08-19 19:59 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
+ 2010-02-03 17:13 . 2010-01-05 00:14 217136 c:\windows\system32\drivers\symtdi.sys
+ 2010-02-03 17:13 . 2010-01-05 00:14 310320 c:\windows\system32\drivers\SymEFA.sys
+ 2010-02-03 17:13 . 2010-01-05 00:14 482432 c:\windows\system32\drivers\cchpx86.sys
+ 2010-02-03 17:13 . 2010-01-05 00:14 259632 c:\windows\system32\drivers\BHDrvx86.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 338432 c:\windows\system32\dllcache\zipfldr.dll
+ 2007-03-09 10:02 . 2008-04-13 17:39 689152 c:\windows\system32\dllcache\xpsp3res.dll
+ 2002-08-29 12:00 . 2008-04-13 17:39 187392 c:\windows\system32\dllcache\xpsp1res.dll
+ 2007-11-03 14:15 . 2008-04-13 17:39 438784 c:\windows\system32\dllcache\xpob2res.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 129024 c:\windows\system32\dllcache\xmlprov.dll
+ 2002-08-29 03:41 . 2008-04-14 00:12 483840 c:\windows\system32\dllcache\wzcsvc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 383488 c:\windows\system32\dllcache\wzcdlg.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 183296 c:\windows\system32\dllcache\wuaueng1.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 165888 c:\windows\system32\dllcache\wuauclt1.exe
+ 2007-11-03 14:15 . 2008-04-14 00:12 108032 c:\windows\system32\dllcache\wshbth.dll

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sat 07 May 2011, 3:46 pm

+ 2002-08-29 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
- 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 264192 c:\windows\system32\dllcache\wow32.dll
+ 2007-11-03 14:01 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
- 2009-04-17 22:14 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2007-11-03 14:15 . 2008-04-14 00:12 325632 c:\windows\system32\dllcache\wmm2fxb.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 502272 c:\windows\system32\dllcache\wmm2fxa.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 402432 c:\windows\system32\dllcache\wmm2filt.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 167936 c:\windows\system32\dllcache\wmm2ae.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 144896 c:\windows\system32\dllcache\wmisvc.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 144896 c:\windows\system32\dllcache\wmiprov.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 132096 c:\windows\system32\dllcache\wmipdskq.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 156672 c:\windows\system32\dllcache\wmipcima.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 140800 c:\windows\system32\dllcache\wmidcprv.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 126464 c:\windows\system32\dllcache\wmiapsrv.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 172032 c:\windows\system32\dllcache\wldap32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 146432 c:\windows\system32\dllcache\winspool.drv
+ 2002-08-29 12:00 . 2008-04-14 00:11 756224 c:\windows\system32\dllcache\winntbbu.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\winmm.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 283648 c:\windows\system32\dllcache\winhlp32.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\win32spl.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 111104 c:\windows\system32\dllcache\wiavideo.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 589312 c:\windows\system32\dllcache\wiashext.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 333824 c:\windows\system32\dllcache\wiaservc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 124416 c:\windows\system32\dllcache\wiadss.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 463360 c:\windows\system32\dllcache\wiadefui.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 433664 c:\windows\system32\dllcache\wiaacmgr.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 135680 c:\windows\system32\dllcache\webvw.dll
- 2007-08-13 22:54 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2002-08-29 12:00 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 197120 c:\windows\system32\dllcache\wbemupgd.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 116224 c:\windows\system32\dllcache\wbemtest.exe
+ 2007-11-03 14:00 . 2008-04-14 00:12 273920 c:\windows\system32\dllcache\wbemess.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 178176 c:\windows\system32\dllcache\wbemdisp.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 531456 c:\windows\system32\dllcache\wbemcore.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 214528 c:\windows\system32\dllcache\wbemcomn.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 196608 c:\windows\system32\dllcache\wbemcntl.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 215552 c:\windows\system32\dllcache\wavemsp.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 175104 c:\windows\system32\dllcache\w32time.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 289792 c:\windows\system32\dllcache\vssvc.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 430592 c:\windows\system32\dllcache\vssapi.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 131584 c:\windows\system32\dllcache\viewprov.dll
- 2007-06-26 15:13 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2007-11-03 14:02 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\vgx.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 218624 c:\windows\system32\dllcache\uxtheme.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 727040 c:\windows\system32\dllcache\userenv.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\user32.dll
+ 2007-11-03 14:15 . 2008-04-13 18:46 121984 c:\windows\system32\dllcache\usbvideo.sys
+ 2002-08-29 12:00 . 2008-04-13 18:45 143872 c:\windows\system32\dllcache\usbport.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 239616 c:\windows\system32\dllcache\upnpui.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 185856 c:\windows\system32\dllcache\upnphost.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 133632 c:\windows\system32\dllcache\upnp.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 150528 c:\windows\system32\dllcache\uploadm.exe
+ 2002-08-29 12:00 . 2008-04-13 18:39 384768 c:\windows\system32\dllcache\update.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 316416 c:\windows\system32\dllcache\untfs.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 275456 c:\windows\system32\dllcache\ulib.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 101376 c:\windows\system32\dllcache\txflog.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 130048 c:\windows\system32\dllcache\tsoc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 279040 c:\windows\system32\dllcache\tshoot.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 347136 c:\windows\system32\dllcache\tourstrt.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 385536 c:\windows\system32\dllcache\themeui.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\termsrv.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 358400 c:\windows\system32\dllcache\termmgr.dll
+ 2002-08-29 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 135680 c:\windows\system32\dllcache\taskmgr.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\tapisrv.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 181760 c:\windows\system32\dllcache\tapi32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 858624 c:\windows\system32\dllcache\tapi3.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 990208 c:\windows\system32\dllcache\syssetup.dll
+ 2008-09-21 23:47 . 2008-04-14 00:12 173568 c:\windows\system32\dllcache\sysmoda.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 193024 c:\windows\system32\dllcache\sysmod.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 191488 c:\windows\system32\dllcache\syncui.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 713216 c:\windows\system32\dllcache\sxs.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 121856 c:\windows\system32\dllcache\stobject.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 136704 c:\windows\system32\dllcache\sti_ci.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 679936 c:\windows\system32\dllcache\sstext3d.scr
+ 2002-08-29 12:00 . 2008-04-14 00:12 610304 c:\windows\system32\dllcache\sspipes.scr
+ 2002-08-29 12:00 . 2008-04-14 00:12 393216 c:\windows\system32\dllcache\ssflwbox.scr
+ 2002-08-29 12:00 . 2008-04-14 00:12 704512 c:\windows\system32\dllcache\ss3dfo.scr
+ 2007-11-03 14:02 . 2008-04-14 00:12 171008 c:\windows\system32\dllcache\srsvc.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 239104 c:\windows\system32\dllcache\srrstr.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 726078 c:\windows\system32\dllcache\srchui.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 217088 c:\windows\system32\dllcache\sqlxmlx.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 180800 c:\windows\system32\dllcache\sqlunirl.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 110592 c:\windows\system32\dllcache\sqlse20.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 462848 c:\windows\system32\dllcache\sqlqp20.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 151552 c:\windows\system32\dllcache\sqldb20.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 250368 c:\windows\system32\dllcache\sptip.dll
+ 2008-09-21 23:47 . 2008-04-13 18:40 576512 c:\windows\system32\dllcache\sprc0424.dll
+ 2008-09-21 23:47 . 2008-04-13 18:40 577536 c:\windows\system32\dllcache\sprc041b.dll
+ 2007-11-03 14:15 . 2008-04-13 18:38 732160 c:\windows\system32\dllcache\sprb0424.dll
+ 2007-11-03 14:15 . 2008-04-13 18:38 757248 c:\windows\system32\dllcache\sprb041b.dll
+ 2007-11-03 14:15 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra0424.dll
+ 2007-11-03 14:15 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra041b.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 538624 c:\windows\system32\dllcache\spider.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 130048 c:\windows\system32\dllcache\softkbd.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 182272 c:\windows\system32\dllcache\snmpsnap.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 362496 c:\windows\system32\dllcache\smlogcfg.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 188508 c:\windows\system32\dllcache\slgen.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 286792 c:\windows\system32\dllcache\slextspk.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 152064 c:\windows\system32\dllcache\shmedia.dll
+ 2002-08-29 12:00 . 2008-04-13 17:03 549376 c:\windows\system32\dllcache\shdoclc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 140288 c:\windows\system32\dllcache\sfc_os.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 101376 c:\windows\system32\dllcache\setupqry.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 141312 c:\windows\system32\dllcache\sessmgr.exe
+ 2008-09-21 23:47 . 2008-04-14 00:12 199680 c:\windows\system32\dllcache\scripta.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 215552 c:\windows\system32\dllcache\script.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 192512 c:\windows\system32\dllcache\schedsvc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 314880 c:\windows\system32\dllcache\scesrv.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 181248 c:\windows\system32\dllcache\scecli.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 171008 c:\windows\system32\dllcache\sccsccp.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 159232 c:\windows\system32\dllcache\sbeio.dll
+ 2007-11-03 08:55 . 2008-04-14 00:12 741376 c:\windows\system32\dllcache\sapi.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 397056 c:\windows\system32\dllcache\s3gnb.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 380416 c:\windows\system32\dllcache\rstrui.exe
+ 2008-09-21 23:47 . 2008-04-14 00:12 290304 c:\windows\system32\dllcache\rhttpaa.dll
+ 2007-11-03 14:00 . 2008-04-14 00:12 178176 c:\windows\system32\dllcache\repdrvfs.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 397824 c:\windows\system32\dllcache\regwizc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 146432 c:\windows\system32\dllcache\regedit.exe
+ 2007-11-03 14:00 . 2008-04-14 00:13 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2007-11-03 14:00 . 2008-04-13 18:32 196224 c:\windows\system32\dllcache\rdpdr.sys
+ 2007-11-03 14:00 . 2008-04-14 00:12 147968 c:\windows\system32\dllcache\rdchost.dll
+ 2002-08-29 12:00 . 2008-04-13 19:28 175744 c:\windows\system32\dllcache\rdbss.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\rcbdyctl.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 210944 c:\windows\system32\dllcache\rasppp.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 186368 c:\windows\system32\dllcache\rasmans.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 658432 c:\windows\system32\dllcache\rasdlg.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 237056 c:\windows\system32\dllcache\rasapi32.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 409088 c:\windows\system32\dllcache\qmgr.dll
+ 2002-08-29 12:00 . 2008-04-13 17:21 733696 c:\windows\system32\dllcache\qedwipes.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 562176 c:\windows\system32\dllcache\qedit.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 279040 c:\windows\system32\dllcache\qdv.dll
+ 2008-09-21 23:47 . 2008-04-14 00:12 291328 c:\windows\system32\dllcache\qagentrt.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 237056 c:\windows\system32\dllcache\provthrd.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 109568 c:\windows\system32\dllcache\progman.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 560640 c:\windows\system32\dllcache\printui.dll
+ 2004-03-16 15:58 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 105472 c:\windows\system32\dllcache\polstore.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\photowiz.dll
+ 2002-08-29 12:00 . 2008-04-13 18:36 120192 c:\windows\system32\dllcache\pcmcia.sys
+ 2007-11-03 14:02 . 2008-04-14 00:12 102912 c:\windows\system32\dllcache\pchshell.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 554496 c:\windows\system32\dllcache\p2psvc.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 115712 c:\windows\system32\dllcache\p2pnetsh.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 313856 c:\windows\system32\dllcache\p2pgraph.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 105472 c:\windows\system32\dllcache\p2pgasvc.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 153600 c:\windows\system32\dllcache\p2p.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 713728 c:\windows\system32\dllcache\opengl32.dll
+ 2008-09-21 23:46 . 2008-04-14 00:12 144384 c:\windows\system32\dllcache\onex.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 122880 c:\windows\system32\dllcache\oledlg.dll
+ 2002-08-29 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 22:44 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-11-03 14:15 . 2008-04-13 18:40 408576 c:\windows\system32\dllcache\obrb0424.dll
+ 2007-11-03 14:15 . 2008-04-13 18:40 405504 c:\windows\system32\dllcache\obrb041b.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 286208 c:\windows\system32\dllcache\objsel.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 142336 c:\windows\system32\dllcache\nwprovau.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 420864 c:\windows\system32\dllcache\ntvdm.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 143360 c:\windows\system32\dllcache\ntshrui.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\ntmssvc.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 488448 c:\windows\system32\dllcache\ntmsmgr.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 179200 c:\windows\system32\dllcache\ntmsdba.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 118784 c:\windows\system32\dllcache\ntmarta.dll
+ 2007-11-03 14:01 . 2008-04-14 00:12 212992 c:\windows\system32\dllcache\ntevt.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 188416 c:\windows\system32\dllcache\nmwb.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 172032 c:\windows\system32\dllcache\nmoldwb.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 151552 c:\windows\system32\dllcache\nmft.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 229376 c:\windows\system32\dllcache\nmas.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 247808 c:\windows\system32\dllcache\newdev.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 245760 c:\windows\system32\dllcache\netui1.dll
+ 2002-08-29 12:00 . 2008-04-14 00:16 329728 c:\windows\system32\dllcache\netsetup.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 875008 c:\windows\system32\dllcache\netplwiz.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 198144 c:\windows\system32\dllcache\netman.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 407040 c:\windows\system32\dllcache\netlogon.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 139264 c:\windows\system32\dllcache\netid.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 111104 c:\windows\system32\dllcache\netdde.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 622592 c:\windows\system32\dllcache\netcfgx.dll
+ 2002-08-29 12:00 . 2008-04-13 19:21 162816 c:\windows\system32\dllcache\netbt.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 124928 c:\windows\system32\dllcache\net1.exe
+ 2002-08-29 12:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\ndis.sys
+ 2008-09-21 23:46 . 2008-04-14 00:12 176640 c:\windows\system32\dllcache\napstat.exe
+ 2007-11-03 14:02 . 2008-04-14 00:12 221184 c:\windows\system32\dllcache\nac.dll
+ 2002-08-29 12:00 . 2008-04-13 19:17 105344 c:\windows\system32\dllcache\mup.sys
+ 2002-08-29 12:00 . 2008-04-14 00:12 701440 c:\windows\system32\dllcache\msxml2.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 506368 c:\windows\system32\dllcache\msxml.dll
- 2007-11-03 08:55 . 2002-08-29 12:00 126912 c:\windows\system32\dllcache\msvideo.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 126912 c:\windows\system32\dllcache\msvideo.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 121344 c:\windows\system32\dllcache\msvfw32.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 413696 c:\windows\system32\dllcache\msvcp60.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 195072 c:\windows\system32\dllcache\msutb.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 116224 c:\windows\system32\dllcache\mstlsapi.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2002-08-29 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 274944 c:\windows\system32\dllcache\mstask.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 274432 c:\windows\system32\dllcache\mst120.dll
+ 2008-09-21 23:46 . 2008-04-14 00:12 155136 c:\windows\system32\dllcache\mssha.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 134656 c:\windows\system32\dllcache\mssap.dll
- 2007-08-13 22:44 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2002-08-29 12:00 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 105984 c:\windows\system32\dllcache\msoert2.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 252928 c:\windows\system32\dllcache\msoeacct.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 565248 c:\windows\system32\dllcache\msobmain.dll
+ 2007-11-03 14:02 . 2008-04-14 00:12 122368 c:\windows\system32\dllcache\msobcomm.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 290816 c:\windows\system32\dllcache\msnsspc.dll
+ 2002-08-29 12:00 . 2008-03-25 04:50 355112 c:\windows\system32\dllcache\msjetol1.dll
- 2008-03-25 04:50 . 2008-03-25 04:50 355112 c:\windows\system32\dllcache\msjetol1.dll
+ 2007-11-03 14:02 . 2008-04-14 00:11 376832 c:\windows\system32\dllcache\msinfo.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 159232 c:\windows\system32\dllcache\msimtf.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 248832 c:\windows\system32\dllcache\msieftp.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 997376 c:\windows\system32\dllcache\msgina.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 539136 c:\windows\system32\dllcache\msftedit.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 151552 c:\windows\system32\dllcache\msdart.dll
+ 2007-11-03 14:15 . 2008-04-14 00:11 118784 c:\windows\system32\dllcache\msdadiag.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 297984 c:\windows\system32\dllcache\msctf.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 220160 c:\windows\system32\dllcache\mscandui.dll
+ 2002-08-29 12:00 . 2008-04-13 18:32 180608 c:\windows\system32\dllcache\mrxdav.sys
+ 2007-11-03 14:15 . 2009-01-31 01:33 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2002-08-29 12:00 . 2008-04-13 16:45 216064 c:\windows\system32\dllcache\moricons.dll
+ 2007-11-03 14:00 . 2008-04-14 00:11 123904 c:\windows\system32\dllcache\mofd.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 153600 c:\windows\system32\dllcache\modemui.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 207360 c:\windows\system32\dllcache\mobsync.dll
+ 2008-09-21 23:46 . 2008-04-14 00:11 106496 c:\windows\system32\dllcache\Mmcfxc.dll
+ 2008-09-21 23:46 . 2008-04-14 00:11 397312 c:\windows\system32\dllcache\mmcex.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 163328 c:\windows\system32\dllcache\mmcbase.dll
+ 2008-09-21 23:46 . 2008-04-14 00:11 184320 c:\windows\system32\dllcache\mmc30.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 586240 c:\windows\system32\dllcache\mlang.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 673088 c:\windows\system32\dllcache\mlang.dat
+ 2008-09-21 23:46 . 2008-04-14 00:12 241152 c:\windows\system32\dllcache\migwiza.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 245248 c:\windows\system32\dllcache\migwiz.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 103936 c:\windows\system32\dllcache\migload.exe
+ 2008-09-21 23:46 . 2008-04-14 00:11 261120 c:\windows\system32\dllcache\migisma.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 274432 c:\windows\system32\dllcache\migism.dll
+ 2008-09-21 23:45 . 2008-04-14 00:11 115200 c:\windows\system32\dllcache\guitrna.dll
- 2010-12-18 01:51 . 2001-08-18 03:36 102400 c:\windows\system32\dllcache\binlsvc.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 102400 c:\windows\system32\dllcache\binlsvc.dll
+ 2010-12-18 01:51 . 2001-08-17 17:28 871388 c:\windows\system32\dllcache\bcmdm.sys
- 2010-12-18 01:51 . 2001-08-17 18:28 871388 c:\windows\system32\dllcache\bcmdm.sys
- 2010-12-18 01:51 . 2001-08-17 19:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2010-12-18 01:51 . 2001-08-17 18:56 342336 c:\windows\system32\dllcache\banshee.dll
- 2010-12-18 01:51 . 2001-08-18 03:36 144384 c:\windows\system32\dllcache\avmenum.dll
+ 2010-12-18 01:51 . 2001-08-18 02:36 144384 c:\windows\system32\dllcache\avmenum.dll
+ 2010-12-18 01:51 . 2001-08-17 18:56 104832 c:\windows\system32\dllcache\atiraged.dll
- 2010-12-18 01:51 . 2001-08-17 19:56 104832 c:\windows\system32\dllcache\atiraged.dll
- 2010-12-18 01:51 . 2001-08-17 17:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2010-12-18 01:51 . 2001-08-17 16:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2010-12-18 01:51 . 2001-08-17 16:48 289664 c:\windows\system32\dllcache\atimpab.sys
- 2010-12-18 01:51 . 2001-08-17 17:48 289664 c:\windows\system32\dllcache\atimpab.sys
- 2010-12-18 01:51 . 2001-08-17 19:56 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2010-12-18 01:51 . 2001-08-17 18:56 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2010-12-18 01:51 . 2001-08-17 18:56 137216 c:\windows\system32\dllcache\atidrae.dll
- 2010-12-18 01:51 . 2001-08-17 19:56 137216 c:\windows\system32\dllcache\atidrae.dll
+ 2010-12-18 01:51 . 2001-08-17 18:55 382592 c:\windows\system32\dllcache\atidrab.dll
- 2010-12-18 01:51 . 2001-08-17 19:55 382592 c:\windows\system32\dllcache\atidrab.dll
+ 2010-12-18 01:46 . 2001-08-17 18:07 101888 c:\windows\system32\dllcache\adpu160m.sys
- 2010-12-18 01:46 . 2001-08-17 19:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2010-12-18 01:46 . 2001-08-17 16:19 747392 c:\windows\system32\dllcache\adm8830.sys
- 2010-12-18 01:46 . 2001-08-17 17:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2010-12-18 01:46 . 2001-08-17 16:19 553984 c:\windows\system32\dllcache\adm8820.sys
- 2010-12-18 01:46 . 2001-08-17 17:19 553984 c:\windows\system32\dllcache\adm8820.sys
- 2010-12-18 01:46 . 2001-08-17 17:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2010-12-18 01:46 . 2001-08-17 16:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2010-12-18 01:46 . 2001-08-17 16:20 297728 c:\windows\system32\dllcache\ac97sis.sys
- 2010-12-18 01:46 . 2001-08-17 17:20 297728 c:\windows\system32\dllcache\ac97sis.sys
- 2010-12-18 01:46 . 2004-08-04 04:32 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2010-12-18 01:46 . 2004-08-04 03:32 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2010-12-18 01:46 . 2001-08-18 02:36 462848 c:\windows\system32\dllcache\a3dapi.dll
- 2010-12-18 01:46 . 2001-08-18 03:36 462848 c:\windows\system32\dllcache\a3dapi.dll
- 2010-12-18 01:46 . 2001-08-17 17:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2010-12-18 01:46 . 2001-08-17 16:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2010-12-18 01:46 . 2001-08-17 18:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
- 2010-12-18 01:46 . 2001-08-17 19:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
+ 2010-12-18 01:46 . 2001-08-17 17:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
- 2010-12-18 01:46 . 2001-08-17 18:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2011-05-06 02:32 . 2011-05-06 02:32 180224 c:\windows\Installer\edb145.msi
+ 2011-05-06 02:31 . 2011-05-06 02:31 677376 c:\windows\Installer\edb137.msi
+ 2011-04-23 19:02 . 2011-04-23 19:02 219648 c:\windows\Installer\a12f6.msi
+ 2011-04-30 20:28 . 2011-04-30 20:28 385024 c:\windows\Installer\{C5E8249E-93E2-4745-8543-01C9885BE454}\Icon.exe
+ 2011-03-13 21:12 . 2011-04-18 23:31 380928 c:\windows\Installer\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}\iTunesIco.exe
- 2011-03-13 21:12 . 2011-03-13 21:12 380928 c:\windows\Installer\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}\iTunesIco.exe
- 2010-10-31 22:13 . 2011-04-10 19:27 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-10-31 22:13 . 2011-04-19 16:54 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-03 14:14 . 2008-04-13 17:39 2897920 c:\windows\system32\dllcache\xpsp2res.dll
+ 2002-08-29 12:00 . 2009-01-31 01:34 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 4256768 c:\windows\system32\dllcache\wmm2res.dll
+ 2002-08-29 12:00 . 2008-04-13 16:48 1647616 c:\windows\system32\dllcache\winbrand.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 1499136 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-11-03 14:02 . 2009-01-30 22:40 1669632 c:\windows\system32\dllcache\setup_wm.exe
+ 2002-08-29 01:04 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-17 21:51 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2002-08-29 12:00 . 2008-04-14 00:12 1703936 c:\windows\system32\dllcache\netshell.dll
+ 2007-11-03 14:15 . 2008-04-14 00:12 1737856 c:\windows\system32\dllcache\mtxparhd.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 1428992 c:\windows\system32\dllcache\msvidctl.dll
+ 2007-11-03 14:02 . 2008-04-13 16:23 2479616 c:\windows\system32\dllcache\msoeres.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 2843136 c:\windows\system32\dllcache\msi.dll
+ 2002-08-29 12:00 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
+ 2007-11-03 14:03 . 2008-04-14 00:11 3166208 c:\windows\system32\dllcache\msgr3en.dll
+ 2002-08-29 12:00 . 2008-04-14 00:11 1872896 c:\windows\system32\dllcache\mmcndmgr.dll
+ 2002-08-29 12:00 . 2008-04-14 00:12 1414656 c:\windows\system32\dllcache\mmc.exe
+ 2011-04-23 19:02 . 2011-04-23 19:02 1611776 c:\windows\Installer\a12fa.msi
+ 2011-04-30 20:28 . 2011-04-30 20:28 1463808 c:\windows\Installer\5ac040.msi
+ 2011-04-30 18:45 . 2011-04-30 18:45 3446272 c:\windows\Installer\14ed16.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-23 2423752]
"DriverUpdate"="c:\program files\DriverUpdate\DriverUpdate.exe" [2011-04-13 25589600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57636:TCP"= 57636:TCP:Pando Media Booster
"57636:UDP"= 57636:UDP:Pando Media Booster
"58803:TCP"= 58803:TCP:Pando Media Booster
"58803:UDP"= 58803:UDP:Pando Media Booster
"59125:TCP"= 59125:TCP:Pando Media Booster
"59125:UDP"= 59125:UDP:Pando Media Booster
"56608:TCP"= 56608:TCP:Pando Media Booster
"56608:UDP"= 56608:UDP:Pando Media Booster
.
R0 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [11/3/2007 4:29 AM 83200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/3/2010 1:13 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/3/2010 1:13 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/3/2010 1:13 PM 482432]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110506.001\IDSXpx86.sys [5/6/2011 6:34 PM 341944]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/3/2010 1:13 PM 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [4/19/2011 3:33 PM 120248]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [4/19/2011 3:33 PM 126392]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 4:00 AM 102448]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva320;XDva320;\??\c:\windows\system32\XDva320.sys --> c:\windows\system32\XDva320.sys [?]
S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 17:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-07 03:32]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-07 03:32]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: evony.com
Trusted Zone: microsoft.com\[You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nqd8dzvb.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-07 00:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-07 00:39:58
ComboFix-quarantined-files.txt 2011-05-07 04:39
ComboFix2.txt 2011-04-18 22:20
.
Pre-Run: 562,521,378,816 bytes free
Post-Run: 562,601,648,128 bytes free
.
- - End Of File - - FC285827ABA4B918F3430934765CDE01

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Sun 08 May 2011, 12:55 am

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sun 08 May 2011, 7:33 am

Thanks. Here's the log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=d52f3536fca3d44983aa1417683bd7e6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-07 08:24:35
# local_time=2011-05-07 04:24:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 289913 289913 0 0
# compatibility_mode=3589 16777189 100 100 11892115 42063591 0 0
# compatibility_mode=8192 67108863 100 0 696553 696553 0 0
# scanned=103158
# found=1
# cleaned=1
# scan_time=3020
C:\Qoobox\Quarantine\C\WINDOWS\uyarewerilupavid.dll.vir a variant of Win32/Kryptik.NCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Tue 10 May 2011, 6:49 am

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Tue 10 May 2011, 6:54 am

Little bit better in terms of speed. Norton says I'm still getting attacked every time I use the internet. Especially while using Google. Want me to post more pictures of the intrusion alerts Norton's showing?

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Wed 11 May 2011, 1:36 am

Not just yet. Norton is known for that, finding false alerts from memorized items.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Wed 11 May 2011, 5:07 am

It said that rootkit activity was found, but I clicked no to the full scan.
I followed your instructions and it generated the following log:

GMER 1.0.15.15627 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-10 14:05:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\rr172x1 HPT_____ rev.4.00
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwldikow.sys


---- System - GMER 1.0.15 ----

SSDT 8A318728 ZwAlertResumeThread
SSDT 8A3189C8 ZwAlertThread
SSDT 8A380740 ZwAllocateVirtualMemory
SSDT 8A32A8D0 ZwAssignProcessToJobObject
SSDT 8A3DCAD0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA4324130]
SSDT 8A32AE78 ZwCreateMutant
SSDT 8A32A6F0 ZwCreateSymbolicLinkObject
SSDT 8A32C3C8 ZwCreateThread
SSDT 8A32A9B0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA43243B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA4324910]
SSDT 8A3808D0 ZwDuplicateObject
SSDT 8A318F38 ZwFreeVirtualMemory
SSDT 8A32AF48 ZwImpersonateAnonymousToken
SSDT 8A318668 ZwImpersonateThread
SSDT 8A44AA28 ZwLoadDriver
SSDT 8A318E58 ZwMapViewOfSection
SSDT 8A32AD98 ZwOpenEvent
SSDT 8A380A70 ZwOpenProcess
SSDT 8A380810 ZwOpenProcessToken
SSDT 8A32ABD8 ZwOpenSection
SSDT 8A3809A0 ZwOpenThread
SSDT 8A32A7E0 ZwProtectVirtualMemory
SSDT 8A32C348 ZwResumeThread
SSDT 8A318C08 ZwSetContextThread
SSDT 8A318CC8 ZwSetInformationProcess
SSDT 8A32AA90 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA4324B60]
SSDT 8A32ACB8 ZwSuspendProcess
SSDT 8A318A88 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA40CA620]
SSDT 8A318B48 ZwTerminateThread
SSDT 8A318D98 ZwUnmapViewOfSection
SSDT 8A380670 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB3C07360, 0x307AC7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C
.text C:\WINDOWS\System32\svchost.exe[1420] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\SearchIndexer.exe[1588] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[2088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 028C000A
.text C:\WINDOWS\system32\wuauclt.exe[2088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0296000A
.text C:\WINDOWS\system32\wuauclt.exe[2088] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 028B000C
.text C:\WINDOWS\Explorer.EXE[2848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[2848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 014E000A
.text C:\WINDOWS\Explorer.EXE[2848] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FE000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\rr172x -> DriverStartIo \Device\Scsi\rr172x1 8A6AE33B
Device \Driver\rr172x -> DriverStartIo \Device\Scsi\rr172x1Port1Path1Target0Lun0 8A6AE33B
Device \Driver\rr172x -> DriverStartIo \Device\Scsi\rr172x1Port1Path0Target0Lun0 8A6AE33B

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Wed 11 May 2011, 6:00 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Wed 11 May 2011, 6:57 am

Didn't seem to find anything.
Here's the log:

2011/05/10 15:53:17.0562 3216 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 15:53:17.0609 3216 ================================================================================
2011/05/10 15:53:17.0609 3216 SystemInfo:
2011/05/10 15:53:17.0609 3216
2011/05/10 15:53:17.0609 3216 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/10 15:53:17.0609 3216 Product type: Workstation
2011/05/10 15:53:17.0609 3216 ComputerName: OWNER-1DGH5EX7D
2011/05/10 15:53:17.0609 3216 UserName: Owner
2011/05/10 15:53:17.0609 3216 Windows directory: C:\WINDOWS
2011/05/10 15:53:17.0609 3216 System windows directory: C:\WINDOWS
2011/05/10 15:53:17.0609 3216 Processor architecture: Intel x86
2011/05/10 15:53:17.0609 3216 Number of processors: 2
2011/05/10 15:53:17.0609 3216 Page size: 0x1000
2011/05/10 15:53:17.0609 3216 Boot type: Normal boot
2011/05/10 15:53:17.0609 3216 ================================================================================
2011/05/10 15:53:18.0609 3216 !crdlk
2011/05/10 15:53:18.0703 3216 Initialize success
2011/05/10 15:53:35.0718 3640 ================================================================================
2011/05/10 15:53:35.0718 3640 Scan started
2011/05/10 15:53:35.0718 3640 Mode: Manual;
2011/05/10 15:53:35.0718 3640 ================================================================================
2011/05/10 15:53:35.0984 3640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 15:53:36.0031 3640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/10 15:53:36.0109 3640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 15:53:36.0156 3640 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/10 15:53:36.0187 3640 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 15:53:36.0328 3640 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/05/10 15:53:36.0390 3640 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
2011/05/10 15:53:36.0468 3640 AR5416 (00e031fe2d849be503fc4a47271f1ea5) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/05/10 15:53:36.0562 3640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/10 15:53:36.0687 3640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 15:53:36.0734 3640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 15:53:36.0781 3640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 15:53:36.0828 3640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 15:53:36.0859 3640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 15:53:36.0937 3640 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2011/05/10 15:53:37.0109 3640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 15:53:37.0156 3640 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 15:53:37.0203 3640 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2011/05/10 15:53:37.0265 3640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 15:53:37.0328 3640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 15:53:37.0375 3640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 15:53:37.0468 3640 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/05/10 15:53:37.0531 3640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 15:53:37.0578 3640 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/05/10 15:53:37.0640 3640 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/10 15:53:37.0656 3640 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/10 15:53:37.0703 3640 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/05/10 15:53:37.0750 3640 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/10 15:53:37.0765 3640 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/10 15:53:37.0781 3640 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/10 15:53:37.0796 3640 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/05/10 15:53:37.0828 3640 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/10 15:53:37.0843 3640 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/10 15:53:37.0906 3640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 15:53:37.0968 3640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 15:53:37.0984 3640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 15:53:38.0015 3640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 15:53:38.0093 3640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 15:53:38.0140 3640 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/10 15:53:38.0156 3640 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/10 15:53:38.0218 3640 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/10 15:53:38.0359 3640 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/10 15:53:38.0406 3640 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/05/10 15:53:38.0437 3640 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/10 15:53:38.0468 3640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 15:53:38.0515 3640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/10 15:53:38.0562 3640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 15:53:38.0578 3640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/10 15:53:38.0593 3640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/10 15:53:38.0656 3640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 15:53:38.0671 3640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 15:53:38.0718 3640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/10 15:53:38.0734 3640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 15:53:38.0781 3640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 15:53:38.0812 3640 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 15:53:38.0890 3640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 15:53:38.0953 3640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/10 15:53:39.0093 3640 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110506.001\IDSxpx86.sys
2011/05/10 15:53:39.0156 3640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 15:53:39.0250 3640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/10 15:53:39.0281 3640 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/10 15:53:39.0312 3640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 15:53:39.0343 3640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 15:53:39.0375 3640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 15:53:39.0406 3640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 15:53:39.0437 3640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 15:53:39.0468 3640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 15:53:39.0484 3640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 15:53:39.0515 3640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/10 15:53:39.0546 3640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 15:53:39.0578 3640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 15:53:39.0656 3640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 15:53:39.0718 3640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 15:53:39.0765 3640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 15:53:39.0812 3640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/10 15:53:39.0875 3640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 15:53:39.0906 3640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 15:53:39.0937 3640 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 15:53:39.0984 3640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 15:53:40.0015 3640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 15:53:40.0046 3640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 15:53:40.0078 3640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 15:53:40.0125 3640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 15:53:40.0156 3640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 15:53:40.0171 3640 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 15:53:40.0234 3640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 15:53:40.0437 3640 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110507.002\NAVENG.SYS
2011/05/10 15:53:40.0515 3640 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110507.002\NAVEX15.SYS
2011/05/10 15:53:40.0578 3640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 15:53:40.0609 3640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 15:53:40.0640 3640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 15:53:40.0671 3640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 15:53:40.0718 3640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 15:53:40.0750 3640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 15:53:40.0796 3640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 15:53:40.0828 3640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 15:53:40.0890 3640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/10 15:53:40.0937 3640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 15:53:41.0078 3640 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/05/10 15:53:41.0203 3640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 15:53:41.0281 3640 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/05/10 15:53:41.0296 3640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 15:53:41.0437 3640 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/10 15:53:41.0609 3640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 15:53:41.0640 3640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 15:53:41.0687 3640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/10 15:53:41.0718 3640 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/05/10 15:53:41.0781 3640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/10 15:53:41.0812 3640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 15:53:41.0859 3640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 15:53:41.0875 3640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 15:53:41.0921 3640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 15:53:41.0953 3640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 15:53:41.0984 3640 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/05/10 15:53:42.0171 3640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 15:53:42.0187 3640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/10 15:53:42.0234 3640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 15:53:42.0265 3640 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/05/10 15:53:42.0281 3640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 15:53:42.0312 3640 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 15:53:42.0421 3640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 15:53:42.0453 3640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 15:53:42.0468 3640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 15:53:42.0484 3640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 15:53:42.0515 3640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 15:53:42.0546 3640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 15:53:42.0609 3640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 15:53:42.0640 3640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 15:53:42.0687 3640 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/10 15:53:42.0734 3640 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/10 15:53:42.0765 3640 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/10 15:53:42.0812 3640 rr172x (a203f18d51cebdf181f6259c6bed5842) C:\WINDOWS\system32\drivers\rr172x.sys
2011/05/10 15:53:42.0937 3640 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/10 15:53:42.0953 3640 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/10 15:53:43.0000 3640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 15:53:43.0062 3640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/10 15:53:43.0140 3640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/10 15:53:43.0203 3640 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 15:53:43.0265 3640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 15:53:43.0312 3640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 15:53:43.0375 3640 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2011/05/10 15:53:43.0390 3640 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2011/05/10 15:53:43.0437 3640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 15:53:43.0500 3640 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/10 15:53:43.0562 3640 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 15:53:43.0593 3640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 15:53:43.0640 3640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 15:53:43.0734 3640 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2011/05/10 15:53:43.0781 3640 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/10 15:53:43.0812 3640 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2011/05/10 15:53:43.0828 3640 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2011/05/10 15:53:43.0875 3640 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/05/10 15:53:43.0890 3640 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/05/10 15:53:43.0906 3640 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2011/05/10 15:53:43.0937 3640 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2011/05/10 15:53:44.0000 3640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 15:53:44.0062 3640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 15:53:44.0109 3640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 15:53:44.0140 3640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 15:53:44.0187 3640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 15:53:44.0265 3640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 15:53:44.0359 3640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 15:53:44.0406 3640 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/10 15:53:44.0437 3640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 15:53:44.0468 3640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 15:53:44.0500 3640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 15:53:44.0546 3640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/10 15:53:44.0593 3640 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 15:53:44.0625 3640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/10 15:53:44.0671 3640 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/05/10 15:53:44.0718 3640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 15:53:44.0781 3640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 15:53:44.0828 3640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 15:53:44.0890 3640 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/10 15:53:44.0937 3640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 15:53:45.0031 3640 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/10 15:53:45.0078 3640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 15:53:45.0109 3640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/10 15:53:45.0171 3640 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/05/10 15:53:45.0453 3640 ================================================================================
2011/05/10 15:53:45.0453 3640 Scan finished
2011/05/10 15:53:45.0453 3640 ================================================================================

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Wed 11 May 2011, 7:09 am

Hello.
Were gonna need to fix this the manual way then, I recommend backing up any data you don't want to lose as this fix isn't 100% right now.

Let me know when your ready to proceed.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Thu 12 May 2011, 4:35 am

Alright. I've backed up all of the files that I need, except for Norton 360 and Microsoft office 2010. Is it possible for me to back up my Microsoft Office program? I have the CD for re-installation but I've used the code on the max amount of computers already.

I also keep getting the following popup 5 minutes after I turn on my computer:




Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Thu 12 May 2011, 4:58 am

Don't worry about that error for now.

Your OS should be fine, but this infection is known to fight when removed and causes the machine to become unstable.

Please reboot your machine.

As it is rebooting, you will notice an extra menu, and an extra option for the Microsoft Windows Recovery Console.

Please select that option to boot the RC, Windows will boot to a text based screen and ask you to select the installation to log into, please choose the correct one, usually option 1 and press enter.

In there, type in the following commands, 1 line at a time.


fixmbr
exit

After the copy command, you may be prompted with a yes/no to confirm the copy, type in "y" to confirm it.

After that, boot back to normal mode and re-run GMER, then post the new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Thu 12 May 2011, 11:43 am

Here's what happened:



Should I try again?

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Thu 12 May 2011, 8:15 pm

Yes please, TDSSKiller failed in killing the TDL infection and this is the only way to stop it.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Fri 13 May 2011, 4:03 am

I've done it 4 more times and got the exact same message.

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Sat 14 May 2011, 7:49 am

Try this for me. Rename TDSSKiller.exe to xxx.exe and try run it, see if it lets you.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sat 14 May 2011, 12:14 pm

Still getting the same message. Here's the file name I changed:



Was it the correct one?

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Sun 15 May 2011, 2:55 am

Hello.
You have file extensions hidden, that's maybe why it doesn't work.

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Uncheck (untick) Hide extensions of known file types.
  6. Click Yes when prompted.
  7. Click OK.
  8. Close My Computer.

xxx.exe now should be xxx.exe.exe, remove one of the ".exe" extensions and try running it again.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sun 15 May 2011, 3:49 am

I fixed the xxx.exe.exe but it still shows the blue screen.

Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Sun 15 May 2011, 4:30 am

It blue screens when you run TDSSKiller?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sun 15 May 2011, 5:56 am

No. When I use the Microsoft Windows Recovery Console I get the blue screen I posted before.

This is what I get when I run TDSSKiller and click start scan:


Marc0c

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2011-05-06
Operating System : XP Home

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Sponsored content Today at 7:39 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum