Inactive BSODs and pop ups

[exmatt]

Alright, I'm here for finally finish this. I started in the Windows BSOD, Freezing, Restarting Help section and got sent here, so more info is on that topic over there. I don't know if you wanted me to post a link so I'll leave it at that.
There has been blue screens, black screens, memory dumps, supposively porn pop ups (although I have yet to encounter one). The only pop ups I encountered were when I was trying to do DDS in the 6 steps, it made a lot of pop ups appear for some reason? Also most the time it's very hard to get to the actually desktop. You'll get to welcome and it will black screen and restart. Oh, and no matter what I try I can't get microsofts update to check for updates through their website. Thank you whoever can make a little time.
GMER took forever to run (about half a day) and also had to be done in safemode. It was not fun trying to get it to work.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4794

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/11/2010 12:40:02 PM
mbam-log-2010-10-11 (12-40-02).txt

Scan type: Quick scan
Objects scanned: 144214
Time elapsed: 15 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{7db0a0e2-fd42-43ae-a12a-760dbbc3c876} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\wmpdxm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-11 23:33:34
Windows 5.1.2600 Service Pack 2
Running: hhgcoi36.exe; Driver: C:\DOCUME~1\Becky\LOCALS~1\Temp\aflcikob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\System32\DRIVERS\netbt.sys entry point in ".rsrc" section [0xF746FA14]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A9000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A7000C
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007F000C
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 008D000A
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B4000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B3000C

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 83537EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\netbt.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



DDS (Ver_10-11-09.01) - NTFSx86
Run by Becky at 11:11:16.59 on Tue 11/09/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735.478 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Becky\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-system: WallpaperStyle = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: Wallpaper = c:\wp.bmp
IE: &Search - ?p=ZCfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\becky\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\becky\applic~1\mozilla\firefox\profiles\k8y9lwa5.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-17 7168]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100611.003\naveng.sys [2010-6-11 85552]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100611.003\navex15.sys [2010-6-11 1347504]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\xdva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

=============== Created Last 30 ================

2010-10-11 16:12:12 -------- d-----w- c:\docume~1\becky\applic~1\Malwarebytes
2010-10-11 16:12:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 16:12:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 16:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-10-11 17:51:11 90112 ----a-w- c:\windows\DUMP8359.tmp
2002-08-29 12:00:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56:46 50688 -csh--w- c:\windows\twain_32.dll
2004-08-04 07:56:42 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-04 07:56:43 54784 -csha-w- c:\windows\system32\msvcirt.dll
2004-08-04 07:56:43 413696 --sha-w- c:\windows\system32\msvcp60.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SV4002H rev.QP100-06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83338EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x82ba5872; SUB DWORD [EBP-0x4], 0x82ba512e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83790AB8]
3 CLASSPNP[0xF795005B] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000067[0x837CEF18]
5 ACPI[0xF78C6620] -> nt!IofCallDriver[0x804E37D5] -> [0x8375ED98]
[0x836E6F10] -> IRP_MJ_CREATE -> 0x83338EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SV4002H_________________________QP100-06#33303937314a5246343830383738_0_0_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83338AEA
user & kernel MBR OK
sectors 78242974 (+213): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 11:13:36.40 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-09.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/3/2004 4:19:48 PM
System Uptime: 11/9/2010 11:04:21 AM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 7VKMP
Processor: AMD Athlon(tm) Processor | Socket-A | 1405/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 21.561 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_80\3&61AAA01&0&81
Manufacturer: VIA Technologies
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_80\3&61AAA01&0&81
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AGN Virtual Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: AT&T
Name: AGN Virtual Network Adapter
PNP Device ID: ROOT\NET\0000
Service: avpnnic

==== System Restore Points ===================

RP1828: 4/16/2010 3:54:49 AM - System Checkpoint
RP1829: 4/21/2010 8:08:05 AM - Software Distribution Service 3.0
RP1830: 4/21/2010 8:34:21 AM - Removed Network Magic
RP1831: 4/21/2010 8:37:22 AM - Removed TuneUp Utilities 2006
RP1832: 4/27/2010 11:00:00 PM - System Checkpoint
RP1833: 4/28/2010 11:52:02 PM - System Checkpoint
RP1834: 4/30/2010 12:52:02 AM - System Checkpoint
RP1835: 5/1/2010 2:04:19 AM - System Checkpoint
RP1836: 5/2/2010 2:52:03 AM - System Checkpoint
RP1837: 5/3/2010 3:05:36 AM - System Checkpoint
RP1838: 5/4/2010 3:52:06 AM - System Checkpoint
RP1839: 5/5/2010 4:45:12 AM - System Checkpoint
RP1840: 5/6/2010 5:45:11 AM - System Checkpoint
RP1841: 5/7/2010 6:45:11 AM - System Checkpoint
RP1842: 5/8/2010 7:45:11 AM - System Checkpoint
RP1843: 5/9/2010 8:45:17 AM - System Checkpoint
RP1844: 5/10/2010 9:45:11 AM - System Checkpoint
RP1845: 5/11/2010 10:45:12 AM - System Checkpoint
RP1846: 5/12/2010 3:00:25 AM - Software Distribution Service 3.0
RP1847: 5/13/2010 3:44:58 AM - System Checkpoint
RP1848: 5/14/2010 4:45:05 AM - System Checkpoint
RP1849: 5/15/2010 5:44:57 AM - System Checkpoint
RP1850: 5/16/2010 6:44:59 AM - System Checkpoint
RP1851: 5/17/2010 6:46:06 AM - System Checkpoint
RP1852: 5/18/2010 7:44:58 AM - System Checkpoint
RP1853: 5/19/2010 8:43:55 AM - System Checkpoint
RP1854: 5/20/2010 9:43:55 AM - System Checkpoint
RP1855: 5/21/2010 12:37:46 PM - System Checkpoint
RP1856: 5/23/2010 12:56:13 PM - System Checkpoint
RP1857: 5/24/2010 1:10:09 PM - System Checkpoint
RP1858: 5/25/2010 6:52:59 PM - System Checkpoint
RP1859: 5/26/2010 3:00:25 AM - Software Distribution Service 3.0
RP1860: 5/27/2010 3:35:58 AM - System Checkpoint
RP1861: 5/28/2010 4:35:45 AM - System Checkpoint
RP1862: 5/29/2010 5:35:45 AM - System Checkpoint
RP1863: 5/30/2010 6:35:48 AM - System Checkpoint
RP1864: 5/31/2010 7:35:45 AM - System Checkpoint
RP1865: 6/1/2010 8:35:45 AM - System Checkpoint
RP1866: 6/2/2010 9:33:42 AM - System Checkpoint
RP1867: 6/3/2010 6:05:22 PM - System Checkpoint
RP1868: 6/4/2010 8:19:12 PM - System Checkpoint
RP1869: 6/6/2010 5:52:16 PM - System Checkpoint
RP1870: 6/7/2010 6:30:16 PM - System Checkpoint
RP1871: 6/8/2010 11:41:15 PM - System Checkpoint
RP1872: 6/10/2010 12:33:17 AM - System Checkpoint
RP1873: 6/10/2010 3:00:48 AM - Software Distribution Service 3.0
RP1874: 6/11/2010 4:02:30 AM - System Checkpoint
RP1875: 6/12/2010 4:59:07 AM - System Checkpoint
RP1876: 6/13/2010 5:59:00 AM - System Checkpoint
RP1877: 6/14/2010 6:12:53 AM - System Checkpoint
RP1878: 6/15/2010 7:12:53 AM - System Checkpoint
RP1879: 6/16/2010 8:14:02 AM - System Checkpoint
RP1880: 6/17/2010 9:12:52 AM - System Checkpoint
RP1881: 6/18/2010 7:25:54 PM - System Checkpoint
RP1882: 6/19/2010 7:56:33 PM - System Checkpoint
RP1883: 6/20/2010 8:56:25 PM - System Checkpoint
RP1884: 6/21/2010 9:56:27 PM - System Checkpoint
RP1885: 6/22/2010 10:56:26 PM - System Checkpoint
RP1886: 6/23/2010 3:00:23 AM - Software Distribution Service 3.0
RP1887: 6/24/2010 4:00:19 AM - System Checkpoint
RP1888: 6/25/2010 4:56:26 AM - System Checkpoint
RP1889: 6/26/2010 5:54:52 AM - System Checkpoint
RP1890: 6/27/2010 6:54:16 AM - System Checkpoint
RP1891: 7/9/2010 6:16:44 PM - Restore Operation
RP1892: 7/10/2010 6:28:14 PM - System Checkpoint
RP1893: 7/11/2010 6:32:43 PM - System Checkpoint
RP1894: 7/13/2010 10:23:42 PM - System Checkpoint
RP1895: 9/20/2010 3:43:29 PM - Cleaned registry with Windows Live OneCare safety scanner

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8
Art Explosion Scrapbook Factory Deluxe
AT&T Global Network Client Managed VPN Edition
AT&T Passport for Windows 95
Auslogics Disk Defrag
CCScore
Critical Update for Windows Media Player 11 (KB959772)
Diskeeper Professional Edition
DNA
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Estate Planner 2.0
EVEREST Home Edition v2.20
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp photosmart 1115 series
hp photosmart printer series (Remove only)
HP Share-to-Web
IMVU Avatar Chat Software
Java(TM) 6 Update 17
kgcbase
Kodak EasyShare software
LBT Preschool Adventure
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Wal-Mart Digital Photo Center
netbrdg
NetObjects Fusion 9.0
OfotoXMI
Outspark Launcher
Pando Media Booster
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
Symantec AntiVirus
Tonka Raceway
tooltips
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Media Player (Remove Only)
VPRINTOL
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

11/9/2010 11:06:56 AM, error: Service Control Manager [7023] - The Symantec AntiVirus service terminated with the following error: The environment is incorrect.
11/9/2010 11:05:56 AM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 000D611BD59A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



Edit: Pop ups are now always coming whenever I refresh or try to go anywhere on the internet almost.

 

[Bobbye]

I see why the popups! The system has numerous infections- some of which Mbam quarantined, but you have a rootkit from the TDL 3 family, so let's start here:
From bleeping computer:

What this infection does:
TDSS, or TDL3, is the name of a family of rootkits for the Windows operating system that downloads and execute other malware, delivers advertisements to your computer, and block programs from running. This rootkit infects your computer in various ways that include replacing hard disk drivers with malicious versions. Once a computer is infected, TDSS will be invisible to Windows and anti-malware programs while downloading and executing further malware and delivering advertisements to your computer. This particular infections is detected under various names depending on the particular anti-virus vendor.

===================================

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

======================================
Then please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

While you're doing this, I'll be checking the logs you left.

 

[exmatt]

ComboFix 10-11-11.01 - Becky 11/11/2010 17:17:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735.518 [GMT -5:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Becky\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\program files\Helper
c:\windows\Fonts\acrsec.fon

.
((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 22:00 . 2002-08-29 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-10-11 17:51 . 2004-11-03 14:57 90112 ----a-w- c:\windows\DUMP8359.tmp
2010-09-20 18:25 . 2010-09-20 18:25 162816 ----a-w- c:\windows\system32\drivers\iqxjeyrp.sys
2002-08-29 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56 50688 -csh--w- c:\windows\twain_32.dll
2004-08-04 07:56 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-04 07:56 54784 -csha-w- c:\windows\system32\msvcirt.dll
2004-08-04 07:56 413696 --sha-w- c:\windows\system32\msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2008-01-21 66840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-06 2923192]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-11-21 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-08-23 11:24 196608 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2001-08-23 11:24 311296 -c--a-w- c:\windows\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 20:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 14:11 57344 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"58474:TCP"= 58474:TCPando Media Booster
"58474:UDP"= 58474:UDPando Media Booster

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/17/2005 11:00 PM 7168]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 3:18 PM 169192]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2002-08-29 07:56]

2010-11-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Becky\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\k8y9lwa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 17:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Completion time: 2010-11-11 17:27:37
ComboFix-quarantined-files.txt 2010-11-11 22:27

Pre-Run: 22,963,834,880 bytes free
Post-Run: 23,020,572,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - E73F6FFC5C4982879581CE2A082F4518

 

[Bobbye]

Did you run the TDSSKiller scan? Where is the log? I have script to run through Combofix set up but I want to see the TDSS log first.

 

[exmatt]

I did run it but I never saw a log or anything...? It said it found one thing, cured it and then told me to restart and nothing else popped up before the restart or after. It never said anything about suspicious objects after asking to cure the one thing, nor was any quarantine asked about.

After reading other post (I'm bored) It sounds like theres a folder that holds the log? I'll go start up that computer and take a quick look in that folder and see if I can't find it for you. Sorry but I seriously didn't see one, sounds like if you restart the log goes straight into a folder?

~~~~~~~Found it~~~~~~~~

2010/11/11 16:56:40.0265 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/11 16:56:40.0265 ================================================================================
2010/11/11 16:56:40.0265 SystemInfo:
2010/11/11 16:56:40.0265
2010/11/11 16:56:40.0265 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/11 16:56:40.0265 Product type: Workstation
2010/11/11 16:56:40.0265 ComputerName: BECKY-HFZPWDQNI
2010/11/11 16:56:40.0265 UserName: Becky
2010/11/11 16:56:40.0265 Windows directory: C:\WINDOWS
2010/11/11 16:56:40.0265 System windows directory: C:\WINDOWS
2010/11/11 16:56:40.0265 Processor architecture: Intel x86
2010/11/11 16:56:40.0265 Number of processors: 1
2010/11/11 16:56:40.0265 Page size: 0x1000
2010/11/11 16:56:40.0265 Boot type: Normal boot
2010/11/11 16:56:40.0265 ================================================================================
2010/11/11 16:56:40.0578 Initialize success
2010/11/11 16:56:43.0859 ================================================================================
2010/11/11 16:56:43.0859 Scan started
2010/11/11 16:56:43.0859 Mode: Manual;
2010/11/11 16:56:43.0859 ================================================================================
2010/11/11 16:56:47.0843 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 16:56:48.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/11 16:56:48.0453 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 16:56:48.0671 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 16:56:48.0906 agnfilt (4301fbb2dcd21edf6ea9efda8902f8b5) C:\WINDOWS\system32\DRIVERS\agnfilt.sys
2010/11/11 16:56:49.0140 agnwifi (685443afa5d1a94c5f47e4846b0e4c3d) C:\WINDOWS\system32\DRIVERS\agnwifi.sys
2010/11/11 16:56:50.0515 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 16:56:50.0765 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 16:56:51.0343 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 16:56:51.0890 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 16:56:52.0828 avpnnic (255284c2475588f79edea559d8d110f7) C:\WINDOWS\system32\DRIVERS\avpnnic.sys
2010/11/11 16:56:53.0640 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
2010/11/11 16:56:54.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 16:56:54.0781 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 16:56:55.0937 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 16:56:56.0515 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 16:56:57.0015 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 16:57:01.0250 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 16:57:02.0703 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 16:57:04.0031 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/11 16:57:04.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 16:57:05.0531 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 16:57:06.0109 Dot4 HPH09 (1ede0bb35d251b09e2a390bad7e59bf7) C:\WINDOWS\system32\DRIVERS\hphid409.sys
2010/11/11 16:57:07.0000 Dot4Print HPH09 (87b3599d0276e1716df978e2da910043) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
2010/11/11 16:57:07.0765 Dot4Storage HPH09 (7e1a9a3af48befc4e2d857245ef9d46b) C:\WINDOWS\system32\Drivers\hphs2k09.sys
2010/11/11 16:57:09.0140 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 16:57:09.0484 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
2010/11/11 16:57:10.0125 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
2010/11/11 16:57:13.0000 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 16:57:13.0953 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 16:57:14.0609 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 16:57:15.0593 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 16:57:16.0406 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/11 16:57:17.0000 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
2010/11/11 16:57:17.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 16:57:18.0406 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 16:57:19.0296 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/11 16:57:20.0312 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 16:57:20.0875 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 16:57:22.0890 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/11/11 16:57:24.0296 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/11/11 16:57:26.0390 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
2010/11/11 16:57:28.0859 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 16:57:29.0687 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/11 16:57:29.0890 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 16:57:30.0343 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/11 16:57:30.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 16:57:30.0734 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 16:57:30.0937 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 16:57:31.0156 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 16:57:31.0734 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 16:57:31.0968 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 16:57:32.0203 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
2010/11/11 16:57:32.0859 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 16:57:33.0093 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/11 16:57:33.0765 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 16:57:34.0203 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 16:57:34.0875 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/11 16:57:35.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 16:57:35.0421 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 16:57:35.0703 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/11 16:57:35.0937 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 16:57:36.0156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 16:57:36.0734 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 16:57:37.0109 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 16:57:37.0390 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 16:57:37.0671 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 16:57:37.0890 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 16:57:38.0125 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 16:57:38.0375 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 16:57:38.0812 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 16:57:39.0031 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/11/11 16:57:39.0250 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 16:57:39.0468 MxlW2k (88f57a15b786bf2af9458f7903768085) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/11/11 16:57:39.0687 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\naveng.sys
2010/11/11 16:57:40.0031 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\navex15.sys
2010/11/11 16:57:40.0359 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 16:57:40.0593 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 16:57:40.0828 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 16:57:41.0046 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 16:57:41.0265 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 16:57:41.0484 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 16:57:41.0703 NetBT (7262da5880bff9581dbfc59b8341ba1e) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 16:57:41.0703 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 7262da5880bff9581dbfc59b8341ba1e, Fake md5: 0c80e410cd2f47134407ee7dd19cc86b
2010/11/11 16:57:41.0750 NetBT - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/11 16:57:42.0109 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 16:57:42.0375 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 16:57:42.0703 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 16:57:42.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 16:57:43.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 16:57:43.0343 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 16:57:44.0437 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 16:57:44.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 16:57:44.0875 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 16:57:45.0390 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/11 16:57:46.0593 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/11 16:57:46.0828 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/11 16:57:47.0046 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 16:57:47.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 16:57:47.0515 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/11 16:57:48.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 16:57:48.0671 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 16:57:48.0906 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 16:57:49.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 16:57:49.0328 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 16:57:49.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 16:57:49.0734 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 16:57:50.0000 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 16:57:50.0234 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
2010/11/11 16:57:50.0531 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/11 16:57:50.0765 S3Psddr (f5c5903c601a193e659485cd8258fcb3) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2010/11/11 16:57:51.0046 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/11/11 16:57:51.0265 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/11/11 16:57:51.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 16:57:51.0781 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 16:57:52.0000 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 16:57:52.0250 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 16:57:52.0703 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
2010/11/11 16:57:53.0031 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 16:57:53.0265 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 16:57:53.0609 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 16:57:53.0890 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 16:57:54.0093 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 16:57:54.0734 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS
2010/11/11 16:57:54.0953 SYMREDRV (145eaae477f5b56f2621956150a143b0) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/11/11 16:57:55.0187 SYMTDI (926efafc087d356bba50bdf6e640bc13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/11/11 16:57:55.0781 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 16:57:56.0093 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 16:57:56.0375 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 16:57:56.0625 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 16:57:56.0843 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 16:57:57.0109 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
2010/11/11 16:57:57.0484 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 16:57:57.0828 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 16:57:58.0109 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/11 16:57:58.0312 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/11 16:57:58.0640 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 16:57:58.0859 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/11 16:57:59.0031 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 16:57:59.0203 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/11 16:57:59.0562 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
2010/11/11 16:57:59.0812 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 16:58:00.0031 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/11 16:58:00.0250 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/11 16:58:00.0484 VIAudio (abd8a8264ff61be6c26f7fb6f01747ff) C:\WINDOWS\system32\drivers\viaudio.sys
2010/11/11 16:58:00.0718 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 16:58:01.0000 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 16:58:01.0609 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 16:58:01.0906 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/11/11 16:58:03.0093 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/11 16:58:03.0265 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/11 16:58:04.0250 ================================================================================
2010/11/11 16:58:04.0250 Scan finished
2010/11/11 16:58:04.0250 ================================================================================
2010/11/11 16:58:04.0328 Detected object count: 1
2010/11/11 16:58:21.0250 NetBT (7262da5880bff9581dbfc59b8341ba1e) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 16:58:21.0250 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 7262da5880bff9581dbfc59b8341ba1e, Fake md5: 0c80e410cd2f47134407ee7dd19cc86b
2010/11/11 16:58:30.0984 Backup copy found, using it..
2010/11/11 16:58:31.0046 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2010/11/11 16:58:31.0046 Rootkit.Win32.TDSS.tdl3(NetBT) - User select action: Cure
2010/11/11 16:59:14.0125 Deinitialize success

 

[Bobbye]

Please run this Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
c:\windows\system32\xdva143.sys
c:\windows\system32\xdva219.sys
c:\windows\system32\xdva273.sys
c:\windows\system32\xdva281.sys
Folder::
c:\windows\DUMP8359.tmp

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
IE: &Search - ?p=ZCfox000
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

Extra::
File::
c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
Firefox::
Firefox-: - Profile- c:\docume~1\becky\applic~1\mozilla\firefox\profiles\k8y9lwa5.default\

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap

Driver::
XDva143
XDva219
XDva273
XDva281

FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
   netbt.*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[exmatt]

Sorry about the disappearance, had some family things come up.

ComboFix 10-12-15.03 - Becky 12/15/2010 14:42:13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735.504 [GMT -5:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
"c:\windows\system32\xdva143.sys"
"c:\windows\system32\xdva219.sys"
"c:\windows\system32\xdva273.sys"
"c:\windows\system32\xdva281.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\System32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA143
-------\Legacy_XDVA219
-------\Legacy_XDVA273
-------\Legacy_XDVA281
-------\Service_XDva143
-------\Service_XDva219
-------\Service_XDva273
-------\Service_XDva281


((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 22:00 . 2002-08-29 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-10-11 17:51 . 2004-11-03 14:57 90112 ----a-w- c:\windows\DUMP8359.tmp
2010-09-20 18:25 . 2010-09-20 18:25 162816 ----a-w- c:\windows\system32\drivers\iqxjeyrp.sys
2002-08-29 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56 50688 -csh--w- c:\windows\twain_32.dll
2004-08-04 07:56 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-04 07:56 54784 -csha-w- c:\windows\system32\msvcirt.dll
2004-08-04 07:56 413696 --sha-w- c:\windows\system32\msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2008-01-21 66840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-06 2923192]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-11-21 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-08-23 11:24 196608 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2001-08-23 11:24 311296 -c--a-w- c:\windows\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 20:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 14:11 57344 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"58474:TCP"= 58474:TCPando Media Booster
"58474:UDP"= 58474:UDPando Media Booster

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 3:18 PM 169192]
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2002-08-29 07:56]

2010-12-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Becky\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\k8y9lwa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 14:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AT&T Global Network Client\netcfgsvr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-12-15 15:01:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-15 20:01
ComboFix2.txt 2010-11-11 22:27

Pre-Run: 22,920,331,264 bytes free
Post-Run: 22,832,050,176 bytes free

- - End Of File - - 25050B13556D6EB2BE551C66B097C583







SystemLook 04.09.10 by jpshortstuff
Log created at 15:05 on 15/12/2010 by Becky
Administrator - Elevation successful

========== filefind ==========

Searching for " netbt.*"
No files found.

-= EOF =-

I think you didn't want that space there? I just noticed that and if I run it without the space it actually finds something.

SystemLook 04.09.10 by jpshortstuff
Log created at 15:08 on 15/12/2010 by Becky
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.*"
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 157056 bytes [17:24 15/05/2005] [12:00 29/08/2002] D96F3BC5A6E7452B0E3275B560DC8528
C:\WINDOWS\ServicePackFiles\i386\netbt.sys -----c- 162816 bytes [06:14 04/08/2004] [06:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\netbt.sys --a--c- 162816 bytes [06:14 04/08/2004] [06:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netbt.sys --a--c- 162816 bytes [15:16 30/08/2008] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [12:00 29/08/2002] [22:00 11/11/2010] 0C80E410CD2F47134407EE7DD19CC86B

-= EOF =-

 

[Bobbye]

You did the rithg thing moving the space one over in System Look. That's where it should have been.

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.

File::
Folder::
c:\windows\DUMP8359.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

FCopy::
C:\WINDOWS\ServicePackFiles\i386\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bit Torrent for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

You have it loading on boot and fireall allowing BitTorrent.
=============================================
Suggest you take entrie for all of the following off of Startup:
All HP and image related entries
Kodak Easyshare
QuickTime
Adobe
Java
None need to start on boot and run in the background using system resources.
==============================================
Since it's been a while, please give me description of current malware related problems:
===============================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

======================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

[exmatt]

It appears Bit torrent was already tried to be deleted so it's no longer in the add/ remove prograrms therefore how do I get rid of it?
As for the computer it seems to be doing great. No blue screens, pop ups, anything bad really. My only problem right now is when I try to paste the combofix.txt Internet Explorer becomes nonresponsive. I'm going to keep trying to post it though, if I can't get it tonight I'll try again tomorrow.

EDIT: I figured it out lol, the combofix.txt is Hugely over the characters allowed.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=73a9848f1d11364a9362d0d66956f883
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-17 03:23:53
# local_time=2010-12-16 10:23:53 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=70514
# found=0
# cleaned=0
# scan_time=2886





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:30 PM, on 12/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Becky\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {C4493D35-6857-4863-A619-61EC73972208} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C4493D35-6857-4863-A619-61EC73972208} - (no file) (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6009 bytes

 

[exmatt]

ComboFix 10-12-15.03 - Becky 12/16/2010 21:04:28.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735.494 [GMT -5:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 01:56 . 2010-12-17 01:56 1409 ----a-w- c:\windows\QTFont.for
2010-12-16 21:54 . 2010-12-16 21:54 -------- d-----w- c:\windows\LastGood

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-11 17:51 . 2004-11-03 14:57 90112 ----a-w- c:\windows\DUMP8359.tmp
2010-09-20 18:25 . 2010-09-20 18:25 162816 ----a-w- c:\windows\system32\drivers\iqxjeyrp.sys
2002-08-29 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56 50688 -csh--w- c:\windows\twain_32.dll
2004-08-04 07:56 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-04 07:56 54784 -csha-w- c:\windows\system32\msvcirt.dll
2004-08-04 07:56 413696 --sha-w- c:\windows\system32\msvcp60.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-11_22.24.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 07:57 . 2004-08-04 07:57 54784 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
+ 2004-11-03 15:01 . 2002-08-29 12:00 50688 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcirt.dll
+ 2004-11-03 15:01 . 2002-08-29 12:00 50688 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08 . 2006-12-02 05:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:26 . 2006-12-02 05:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:25 . 2006-12-02 05:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 03:56 . 2006-12-02 03:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2007-02-15 01:14 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2004-11-03 15:01 . 2002-08-29 12:00 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\vmmreg32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\twunk_32.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 49680 c:\windows\twunk_16.exe
+ 2010-12-16 21:41 . 2010-12-16 21:41 16384 c:\windows\Temp\Perflib_Perfdata_5fc.dat
+ 2004-11-03 15:02 . 2002-08-29 12:00 15360 c:\windows\TASKMAN.EXE
+ 2004-12-19 20:26 . 2004-01-10 05:11 26112 c:\windows\system32\xpsp1hfm.exe
+ 2004-11-03 20:11 . 2006-03-01 19:42 11776 c:\windows\system32\xolehlp.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 50176 c:\windows\system32\xmlprovi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 30720 c:\windows\system32\xcopy.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 91648 c:\windows\system32\xactsrv.dll
+ 2002-08-29 03:41 . 2004-08-04 07:56 51712 c:\windows\system32\wzcsapi.dll
+ 2005-05-26 08:16 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll
+ 2004-11-16 03:26 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 32256 c:\windows\system32\wupdmgr.exe
+ 2006-09-28 22:56 . 2006-09-28 22:56 55808 c:\windows\system32\WudfSvc.dll
+ 2006-09-29 00:13 . 2006-09-29 00:13 95344 c:\windows\system32\WUDFCoinstaller.dll
+ 2004-11-03 20:10 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 18432 c:\windows\system32\wtsapi32.dll
+ 2005-03-20 18:01 . 2004-08-04 07:56 50688 c:\windows\system32\wstdecod.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 22528 c:\windows\system32\wsock32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 42496 c:\windows\system32\wsnmp32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 19968 c:\windows\system32\wshtcpip.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 11776 c:\windows\system32\wshrm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\wshisn.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\wship6.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\wshext.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 28672 c:\windows\system32\wshcon.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 81408 c:\windows\system32\wscsvc.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 13824 c:\windows\system32\wscntfy.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 19968 c:\windows\system32\ws2help.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 82944 c:\windows\system32\ws2_32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 32256 c:\windows\system32\wpnpinst.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 00:00 . 2006-10-19 00:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47 . 2006-10-19 01:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-19 01:47 . 2006-10-19 01:47 35840 c:\windows\system32\wpdconns.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 32256 c:\windows\system32\wpabaln.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 13824 c:\windows\system32\wowfaxui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 10368 c:\windows\system32\wowexec.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 20480 c:\windows\system32\wmpui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 77824 c:\windows\system32\wmpstub.exe
+ 2002-08-29 12:00 . 2006-10-19 01:47 99840 c:\windows\system32\wmpshell.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20480 c:\windows\system32\wmpcore.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20480 c:\windows\system32\wmpcd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\wmiprop.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51200 c:\windows\system32\wmerrenu.dll
+ 2002-08-29 12:00 . 2006-10-19 01:47 37376 c:\windows\system32\wmdmps.dll
+ 2002-08-29 12:00 . 2006-10-19 01:47 33792 c:\windows\system32\wmdmlog.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 92672 c:\windows\system32\wlnotify.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\winstrm.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 53760 c:\windows\system32\winsta.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 17408 c:\windows\system32\winshfhc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 99328 c:\windows\system32\winscard.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 16896 c:\windows\system32\winrnr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\winmsd.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 32768 c:\windows\system32\winipsec.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 35328 c:\windows\system32\winchat.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\win87em.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18432 c:\windows\system32\win.com
+ 2002-08-29 12:00 . 2004-08-04 07:56 75776 c:\windows\system32\wiascr.dll
+ 2004-11-04 01:11 . 2001-10-02 13:58 36864 c:\windows\system32\WiaMicro.dll
+ 2004-11-07 19:39 . 2001-08-18 03:36 87040 c:\windows\system32\wiafbdrv.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13600 c:\windows\system32\wfwnet.drv
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\wextract.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 40448 c:\windows\system32\webhits.dll
+ 2002-08-29 12:00 . 2006-01-04 03:35 68096 c:\windows\system32\webclnt.dll
+ 2001-08-17 22:37 . 2004-08-04 07:56 23552 c:\windows\system32\wdmaud.drv
+ 2002-08-29 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 45568 c:\windows\system32\wbem\xml\wmi2xml.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 52224 c:\windows\system32\wbem\wmitimep.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 62976 c:\windows\system32\wbem\wmipjobj.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 62464 c:\windows\system32\wbem\wmipiprt.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 75264 c:\windows\system32\wbem\wmipicmp.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 61440 c:\windows\system32\wbem\wmimsg.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 89088 c:\windows\system32\wbem\wmiaprpl.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 16384 c:\windows\system32\wbem\winmgmtr.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 13312 c:\windows\system32\wbem\winmgmt.exe
+ 2004-11-03 20:11 . 2004-08-04 07:56 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 12288 c:\windows\system32\wbem\wbemads.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 16896 c:\windows\system32\wbem\unsecapp.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 59904 c:\windows\system32\wbem\trnsprov.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 61952 c:\windows\system32\wbem\tmplprov.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 86528 c:\windows\system32\wbem\stdprov.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 40960 c:\windows\system32\wbem\smtpcons.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 36864 c:\windows\system32\wbem\scrcons.exe
+ 2004-11-03 20:10 . 2004-08-04 07:56 47104 c:\windows\system32\wbem\ncprov.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2004-11-03 20:11 . 2004-08-04 07:56 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 53248 c:\windows\system32\wbem\fwdprov.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 22016 c:\windows\system32\wbem\evntrprv.dll
+ 2002-08-29 12:00 . 2004-08-04 06:07 17664 c:\windows\system32\watchdog.sys
+ 2004-08-04 07:56 . 2004-08-04 07:56 15872 c:\windows\system32\w3ssl.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\w32topl.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49664 c:\windows\system32\w32tm.exe
+ 2007-03-26 06:00 . 2007-03-26 06:00 88824 c:\windows\system32\vxblock.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 33792 c:\windows\system32\vssadmin.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\vss_ps.dll
+ 2005-02-26 00:27 . 1998-08-17 09:21 10240 c:\windows\system32\vidx16.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18176 c:\windows\system32\vga64k.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51456 c:\windows\system32\vga256.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 20535 c:\windows\system32\vfpodbc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\version.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 98304 c:\windows\system32\verifier.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\verifier.dll
+ 2006-03-17 00:38 . 2006-03-17 00:38 28672 c:\windows\system32\verclsid.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 51712 c:\windows\system32\vdmredir.dll
+ 2004-06-17 17:58 . 2004-08-04 07:56 26112 c:\windows\system32\vdmdbg.dll
+ 1999-11-24 22:40 . 1999-11-24 22:40 40960 c:\windows\system32\VBAME.DLL
+ 2002-08-29 12:00 . 2004-08-04 07:56 30749 c:\windows\system32\vbajet32.dll
+ 2005-03-20 18:00 . 2002-08-03 02:25 53248 c:\windows\system32\uvsc.dll
+ 2005-03-20 18:00 . 2002-09-25 23:05 86016 c:\windows\system32\uvAC3Enc.dll
+ 2002-08-29 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\system32\utildll.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 49211 c:\windows\system32\usrvpa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 45116 c:\windows\system32\usrvoica.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 49209 c:\windows\system32\usrv80a.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 41019 c:\windows\system32\usrsvpia.dll
+ 2001-08-17 22:37 . 2002-08-29 12:00 69700 c:\windows\system32\usrshuta.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 49211 c:\windows\system32\usrsdpia.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 77883 c:\windows\system32\usrrtosa.dll
+ 2001-08-17 22:37 . 2002-08-29 12:00 61508 c:\windows\system32\usrprbda.exe
+ 2001-08-17 22:37 . 2002-08-29 12:00 77891 c:\windows\system32\usrmlnka.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 53305 c:\windows\system32\usrlbva.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 86073 c:\windows\system32\usrfaxa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 77890 c:\windows\system32\usrdpa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 69699 c:\windows\system32\usrcoina.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 61500 c:\windows\system32\usrcntra.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 19968 c:\windows\system32\usmt\log.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 24576 c:\windows\system32\userinit.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 47872 c:\windows\system32\user.exe
+ 2004-11-03 15:04 . 2004-08-04 07:56 74240 c:\windows\system32\usbui.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 16896 c:\windows\system32\usbmon.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 37888 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 17920 c:\windows\system32\ureg.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 18432 c:\windows\system32\ups.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 16896 c:\windows\system32\upnpcont.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 13824 c:\windows\system32\uniplat.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 74240 c:\windows\system32\unimdmat.dll
+ 2005-02-26 00:28 . 1998-09-02 08:28 63488 c:\windows\system32\unam4ie.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\umdmxfrm.dll
+ 2002-08-29 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 82432 c:\windows\system32\ufat.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 25600 c:\windows\system32\udhisapi.dll
+ 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 44032 c:\windows\system32\twext.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 16896 c:\windows\system32\tsshutdn.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 16384 c:\windows\system32\tskill.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 14848 c:\windows\system32\tsdiscon.exe
+ 2002-08-29 12:00 . 2004-08-04 08:01 12168 c:\windows\system32\tsddd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 15360 c:\windows\system32\tsd32.dll
+ 2004-11-03 20:10 . 2004-08-04 05:59 44544 c:\windows\system32\tscupgrd.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 14848 c:\windows\system32\tscon.exe
+ 2004-11-03 20:10 . 2004-08-04 07:56 93696 c:\windows\system32\tscfgwmi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 52224 c:\windows\system32\tsappcmp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 90624 c:\windows\system32\trkwks.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11264 c:\windows\system32\tree.com
+ 2002-08-29 12:00 . 2002-08-29 12:00 31232 c:\windows\system32\traffic.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 31744 c:\windows\system32\tracert6.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 12288 c:\windows\system32\tracert.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13888 c:\windows\system32\toolhelp.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\tftp.exe
+ 2002-08-29 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 19456 c:\windows\system32\tcpsvcs.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 45568 c:\windows\system32\tcpmonui.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 45568 c:\windows\system32\tcpmon.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\tcpmib.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12288 c:\windows\system32\tcmsetup.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 15360 c:\windows\system32\taskman.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 78848 c:\windows\system32\tapiui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 19200 c:\windows\system32\tapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 36864 c:\windows\system32\syskey.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 15872 c:\windows\system32\sysinv.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18896 c:\windows\system32\sysedit.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 57856 c:\windows\system32\synceng.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51200 c:\windows\system32\syncapp.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\svchost.exe
+ 2004-08-04 07:56 . 2009-10-21 06:00 75776 c:\windows\system32\strmfilt.dll
+ 2004-11-03 15:02 . 2004-08-04 07:56 74752 c:\windows\system32\storprop.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\stimon.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 67584 c:\windows\system32\sti.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 54272 c:\windows\system32\stclient.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\ssstars.scr
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\ssmyst.scr
+ 2002-08-29 12:00 . 2004-08-04 07:56 47104 c:\windows\system32\ssmypics.scr
+ 2002-08-29 12:00 . 2004-08-04 07:56 20992 c:\windows\system32\ssmarque.scr
+ 2002-08-29 12:00 . 2004-08-04 07:56 71680 c:\windows\system32\ssdpsrv.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 34816 c:\windows\system32\ssdpapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 19968 c:\windows\system32\ssbezier.scr
+ 2002-08-29 12:00 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 67584 c:\windows\system32\srclient.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49179 c:\windows\system32\sqlwoa.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 24603 c:\windows\system32\sqlwid.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 24661 c:\windows\system32\spxcoins.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 21504 c:\windows\system32\spupdwxp.exe
+ 2005-05-15 17:28 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 72192 c:\windows\system32\sprio800.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 70656 c:\windows\system32\sprio600.dll
+ 2002-08-29 12:00 . 2005-06-10 23:53 57856 c:\windows\system32\spoolsv.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 74752 c:\windows\system32\spoolss.dll
+ 2001-08-23 11:24 . 2001-08-23 11:24 73728 c:\windows\system32\spool\drivers\w32x86\hpztbi04.dll
+ 2001-08-23 11:24 . 2001-08-23 11:24 81920 c:\windows\system32\spool\drivers\w32x86\hpzflt04.dll
+ 2001-08-23 11:22 . 2001-08-23 11:22 57344 c:\windows\system32\spool\drivers\w32x86\hphacr.exe
+ 2001-08-23 11:24 . 2001-08-23 11:24 37362 c:\windows\system32\spool\drivers\w32x86\hph1115.dat
+ 2001-08-23 11:24 . 2001-08-23 11:24 40448 c:\windows\system32\spool\drivers\w32x86\hpfinsta.exe
+ 2001-08-23 11:24 . 2001-08-23 11:24 73728 c:\windows\system32\spool\drivers\w32x86\3\hpztbi04.dll
+ 2001-08-23 11:24 . 2001-08-23 11:24 81920 c:\windows\system32\spool\drivers\w32x86\3\hpzflt04.dll
+ 2003-01-30 23:54 . 2003-01-30 23:54 57344 c:\windows\system32\spool\drivers\w32x86\3\hphacr.exe
+ 2001-08-23 11:24 . 2001-08-23 11:24 37362 c:\windows\system32\spool\drivers\w32x86\3\hph1115.dat
+ 2004-12-20 16:44 . 2004-08-04 05:56 11776 c:\windows\system32\spnpinst.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 69632 c:\windows\system32\spnike.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\sort.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 56832 c:\windows\system32\sol.exe
+ 2007-08-22 02:05 . 2007-07-30 23:19 43352 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
+ 2007-05-22 18:21 . 2007-04-17 02:45 43352 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.374\wups2.dll
+ 2007-08-22 02:05 . 2007-07-30 23:18 33624 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-05-22 18:21 . 2007-04-17 02:47 33624 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374\wups.dll
+ 2005-06-23 19:53 . 2005-05-26 08:16 41240 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\wups.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\snmpapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 50688 c:\windows\system32\smss.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 89600 c:\windows\system32\smlogsvc.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 73796 c:\windows\system32\slserv.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 32866 c:\windows\system32\slrundll.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 73832 c:\windows\system32\slcoinst.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\slbrccsp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 98304 c:\windows\system32\slbiop.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 25088 c:\windows\system32\slayerxp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 26112 c:\windows\system32\skeys.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13824 c:\windows\system32\sisbkup.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 70144 c:\windows\system32\sigverif.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 13312 c:\windows\system32\sigtab.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 19456 c:\windows\system32\shutdown.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 27648 c:\windows\system32\shscrap.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 77824 c:\windows\system32\shrpubw.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 42496 c:\windows\system32\shmgrate.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\shimeng.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 68096 c:\windows\system32\shgina.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 25088 c:\windows\system32\shfolder.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 14848 c:\windows\system32\shadow.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\sfmapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11753 c:\windows\system32\setver.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 22016 c:\windows\system32\Setup\startoc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 17408 c:\windows\system32\Setup\ocmsn.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15872 c:\windows\system32\Setup\ocgen.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 62976 c:\windows\system32\Setup\ntoc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 77312 c:\windows\system32\Setup\netoc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15360 c:\windows\system32\Setup\msgrocm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 82432 c:\windows\system32\Setup\msdtcstp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 23040 c:\windows\system32\setup.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 31232 c:\windows\system32\sethc.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\serwvdrv.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 56320 c:\windows\system32\servdeps.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14336 c:\windows\system32\serialui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13824 c:\windows\system32\senscfg.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 38912 c:\windows\system32\sens.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 55296 c:\windows\system32\sendmail.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 29184 c:\windows\system32\sendcmsg.dll
+ 2002-08-29 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\seclogon.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 29184 c:\windows\system32\sdhcinst.dll
+ 2004-06-30 20:04 . 2004-06-30 20:04 40960 c:\windows\system32\SDelete.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 77312 c:\windows\system32\sdbinst.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 57856 c:\windows\system32\scripto.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 26624 c:\windows\system32\scredir.dll
+ 1998-03-25 01:54 . 1998-03-25 01:54 15872 c:\windows\system32\SCP32.DLL
+ 2002-08-29 12:00 . 2004-08-04 07:56 20992 c:\windows\system32\sclgntfy.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 95744 c:\windows\system32\scardsvr.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 69632 c:\windows\system32\scarddlg.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 13312 c:\windows\system32\savedump.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 64000 c:\windows\system32\samlib.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 45568 c:\windows\system32\safrslv.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 29696 c:\windows\system32\safrdm.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 43520 c:\windows\system32\safrcdlg.dll
+ 2004-12-19 20:13 . 2004-03-05 04:46 83168 c:\windows\system32\S32EVNT1.DLL
+ 2004-11-03 20:11 . 2002-08-29 12:00 15872 c:\windows\system32\rwinsta.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\runonce.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 33280 c:\windows\system32\rundll32.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16384 c:\windows\system32\runas.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 44032 c:\windows\system32\rtutils.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 98304 c:\windows\system32\rtm.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 31744 c:\windows\system32\rtipxmib.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 77312 c:\windows\system32\rtcshare.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 90112 c:\windows\system32\rsvpsp.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\rsvpmsg.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49152 c:\windows\system32\rsmui.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 24576 c:\windows\system32\rsmsink.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\rsmps.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49152 c:\windows\system32\rsm.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 39936 c:\windows\system32\rshx32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\rsh.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\rpcns4.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\system32\routemon.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 19968 c:\windows\system32\route.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 13824 c:\windows\system32\rexec.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 58880 c:\windows\system32\resutils.dll
+ 2004-11-03 20:13 . 2002-08-29 12:00 47104 c:\windows\system32\Restore\srdiag.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 12800 c:\windows\system32\replace.exe
+ 2004-11-03 20:10 . 2004-08-04 07:56 60416 c:\windows\system32\remotepg.dll
+ 2005-05-15 17:29 . 2001-08-17 13:58 27392 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\VIAAGP.SYS
+ 2005-05-15 17:29 . 2002-08-29 12:00 30592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\processr.sys
+ 2005-05-15 17:29 . 2001-08-17 13:28 50751 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\HSF_TONE.sys
+ 2005-05-15 17:29 . 2001-08-17 13:28 73279 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\HSF_SPKP.sys
+ 2005-05-15 17:29 . 2001-08-17 13:28 44863 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\HSF_SOAR.sys
+ 2005-05-15 17:29 . 2001-08-17 13:28 57471 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\HSF_SAMP.sys
+ 2005-05-15 17:29 . 2001-08-17 13:28 67167 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\HSF_BSC2.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 11776 c:\windows\system32\regsvr32.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 59904 c:\windows\system32\regsvc.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 33792 c:\windows\system32\regini.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 49664 c:\windows\system32\regapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 50176 c:\windows\system32\reg.exe
+ 2004-11-03 20:11 . 2004-08-04 07:56 67072 c:\windows\system32\rdshost.exe
+ 2004-11-03 20:10 . 2004-08-04 07:56 13824 c:\windows\system32\rdsaddin.exe
+ 2004-11-03 20:10 . 2004-08-04 08:01 87176 c:\windows\system32\rdpwsx.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 19968 c:\windows\system32\rdpsnd.dll
+ 2002-08-29 12:00 . 2004-08-04 08:01 92168 c:\windows\system32\rdpdd.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 62464 c:\windows\system32\rdpclip.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 21504 c:\windows\system32\rcp.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 35840 c:\windows\system32\rcimlby.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 58880 c:\windows\system32\rastapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12800 c:\windows\system32\rasser.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 16896 c:\windows\system32\rassapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\rasrad.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 56832 c:\windows\system32\rasphone.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 22528 c:\windows\system32\rasmxs.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 61440 c:\windows\system32\rasman.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11264 c:\windows\system32\rasdial.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\rasctrs.dll
+ 2002-08-29 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\rasautou.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 89088 c:\windows\system32\rasauto.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 43520 c:\windows\system32\racpldlg.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 22016 c:\windows\system32\qwinsta.exe
+ 2004-11-03 20:11 . 2004-08-04 07:56 20480 c:\windows\system32\qprocess.exe
+ 2004-11-16 03:29 . 2004-08-04 07:56 18944 c:\windows\system32\qmgrprxy.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 16896 c:\windows\system32\qappsrv.exe
+ 2007-03-29 13:56 . 2007-03-29 13:56 64760 c:\windows\system32\pxinsa64.exe
+ 2004-05-19 17:33 . 2004-05-19 17:33 53248 c:\windows\system32\pxhpinst.exe
+ 2007-03-29 13:56 . 2007-03-29 13:56 66296 c:\windows\system32\pxcpya64.exe
+ 1998-09-29 21:43 . 1998-09-29 21:43 45056 c:\windows\system32\PUBDLG.DLL
+ 2007-02-08 06:40 . 2007-02-08 06:40 64512 c:\windows\system32\ptpitcp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 34304 c:\windows\system32\pstorsvc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 43520 c:\windows\system32\pstorec.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 10752 c:\windows\system32\pschdprf.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 96768 c:\windows\system32\psbase.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 23040 c:\windows\system32\psapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 50176 c:\windows\system32\proquota.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 27648 c:\windows\system32\profmap.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16384 c:\windows\system32\prflbmsg.dll
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 17408 c:\windows\system32\powrprof.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 49152 c:\windows\system32\powercfg.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 48640 c:\windows\system32\pnrpnsp.dll
+ 2002-08-29 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 46592 c:\windows\system32\pmspl.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 30720 c:\windows\system32\plustab.dll
+ 2001-08-17 22:36 . 2004-08-04 07:56 15360 c:\windows\system32\pjlmon.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 33280 c:\windows\system32\ping6.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 17920 c:\windows\system32\ping.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 35328 c:\windows\system32\pifmgr.dll
+ 2002-08-29 12:00 . 2004-08-04 06:04 24064 c:\windows\system32\pidgen.dll
+ 2002-08-29 03:41 . 2004-08-04 07:56 35328 c:\windows\system32\pid.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12288 c:\windows\system32\perfts.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 34816 c:\windows\system32\perfproc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 25088 c:\windows\system32\perfos.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\perfnet.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15872 c:\windows\system32\perfmon.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 26624 c:\windows\system32\perfdisk.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 28626 c:\windows\system32\perfd009.dat
+ 2002-08-29 12:00 . 2004-08-04 07:56 39936 c:\windows\system32\perfctrs.dll
+ 2002-08-29 12:00 . 2010-12-16 21:50 79748 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2002-08-29 12:00 15360 c:\windows\system32\pentnt.exe
+ 2003-06-09 22:21 . 2003-06-09 22:21 65590 c:\windows\system32\pds.dll
+ 2005-03-20 18:00 . 2002-06-05 14:33 61440 c:\windows\system32\pcmaout.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 62976 c:\windows\system32\pautoenr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 21504 c:\windows\system32\pathping.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 10240 c:\windows\system32\panmap.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 58368 c:\windows\system32\packager.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 88064 c:\windows\system32\p2pnetsh.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 86016 c:\windows\system32\p2pgasvc.dll
+ 1999-02-04 18:09 . 1999-02-04 18:09 57393 c:\windows\system32\OUTLWAB.DLL
+ 2002-08-29 12:00 . 2002-08-29 12:00 40448 c:\windows\system32\osuninst.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 67584 c:\windows\system32\osuninst.dll
+ 2004-03-07 18:51 . 2004-03-07 18:51 24924 c:\windows\system32\openports.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 51200 c:\windows\system32\oobe\oobebaln.exe
+ 2004-11-03 20:13 . 2002-08-29 12:00 28160 c:\windows\system32\oobe\msoobe.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 18944 c:\windows\system32\oobe\msobweb.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 30720 c:\windows\system32\oobe\msobshel.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 16384 c:\windows\system32\oobe\msobdl.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 69120 c:\windows\system32\olethk32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\olesvr32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 24064 c:\windows\system32\olesvr.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 83456 c:\windows\system32\olepro32.dll
+ 2002-08-29 12:00 . 2005-07-26 04:39 37888 c:\windows\system32\olecnv32.dll
+ 2005-01-14 05:33 . 2005-07-26 04:39 74752 c:\windows\system32\olecli32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 82944 c:\windows\system32\olecli.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\oleaccrc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 39744 c:\windows\system32\ole2.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20511 c:\windows\system32\odtext32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20510 c:\windows\system32\odpdx32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20510 c:\windows\system32\odfox32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20510 c:\windows\system32\odexl32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20511 c:\windows\system32\oddbse32.dll
+ 2006-07-01 17:39 . 1998-05-13 22:49 72704 c:\windows\system32\odbctl32.dll
+ 2006-07-01 17:39 . 1996-11-17 04:00 22016 c:\windows\system32\ODBCSTF.DLL
+ 2002-08-29 12:00 . 2004-08-04 07:56 12288 c:\windows\system32\odbcp32r.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 53279 c:\windows\system32\odbcji32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 94208 c:\windows\system32\odbcint.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\odbccu32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\odbccr32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 69632 c:\windows\system32\odbcconf.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 24576 c:\windows\system32\odbcbcp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 32768 c:\windows\system32\odbcad32.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 16384 c:\windows\system32\odbc32gt.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 26224 c:\windows\system32\odbc16gt.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 60928 c:\windows\system32\ocmanage.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 96256 c:\windows\system32\occache.dll
+ 2004-06-17 17:58 . 2004-06-17 17:58 13312 c:\windows\system32\ntvdmd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 36864 c:\windows\system32\ntsdexts.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 31744 c:\windows\system32\ntsd.exe
+ 2003-06-09 22:21 . 2003-06-09 22:21 77875 c:\windows\system32\nts.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 91136 c:\windows\system32\ntprint.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 36864 c:\windows\system32\ntmsevt.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 40960 c:\windows\system32\ntmsapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14336 c:\windows\system32\ntlanui2.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 57856 c:\windows\system32\ntlanui.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 43520 c:\windows\system32\ntlanman.dll
+ 2004-05-17 22:43 . 2004-05-17 22:43 34560 c:\windows\system32\ntio804.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 35424 c:\windows\system32\ntio412.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 35648 c:\windows\system32\ntio411.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 34560 c:\windows\system32\ntio404.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 33840 c:\windows\system32\ntio.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 67072 c:\windows\system32\ntdsapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 29146 c:\windows\system32\ntdos804.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 29274 c:\windows\system32\ntdos412.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 29370 c:\windows\system32\ntdos411.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 29146 c:\windows\system32\ntdos404.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 27866 c:\windows\system32\ntdos.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 76800 c:\windows\system32\nslookup.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 54784 c:\windows\system32\npptools.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15360 c:\windows\system32\npp\nppagent.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 57344 c:\windows\system32\npp\ndisnpp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 69120 c:\windows\system32\notepad.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 28672 c:\windows\system32\nmmkcert.dll
+ 2004-11-03 20:13 . 2002-08-29 12:00 12288 c:\windows\system32\nmevtmsg.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 80896 c:\windows\system32\netui0.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 36864 c:\windows\system32\netstat.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 86016 c:\windows\system32\netsh.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 12288 c:\windows\system32\netrap.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 42496 c:\windows\system32\net.exe
+ 2004-06-17 00:24 . 2004-08-04 07:56 18944 c:\windows\system32\nddenb32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 17920 c:\windows\system32\nddeapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 36352 c:\windows\system32\ncobjapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 20480 c:\windows\system32\nbtstat.exe
+ 2004-03-12 20:17 . 2004-03-12 20:17 83176 c:\windows\system32\NavLogon.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 35840 c:\windows\system32\narrhook.dll
+ 2002-08-29 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 90624 c:\windows\system32\mydocs.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 90112 c:\windows\system32\mycomput.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 87552 c:\windows\system32\mui\0009\hhctrlui.dll

 

[exmatt]

+ 2004-12-19 20:30 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 25088 c:\windows\system32\mtxlegih.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 20480 c:\windows\system32\mtxdm.dll
+ 2004-12-19 20:30 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2005-03-20 18:01 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 26624 c:\windows\system32\msxmlr.dll
+ 2007-05-08 21:08 . 2007-05-08 21:08 86728 c:\windows\system32\msxml6r.dll
+ 2003-04-18 21:29 . 2003-04-18 21:29 82432 c:\windows\system32\msxml4r.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 44032 c:\windows\system32\msxml3r.dll
+ 2006-04-20 01:43 . 2001-03-08 23:30 24064 c:\windows\system32\msxml3a.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 37916 c:\windows\system32\msxml2r.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 72704 c:\windows\system32\msw3prt.dll
+ 2002-08-29 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
+ 2002-08-29 12:00 . 2004-08-04 05:58 61440 c:\windows\system32\msvcrt40.dll
+ 2002-01-05 08:38 . 2002-01-05 08:38 54784 c:\windows\system32\msvci70.dll
+ 2004-11-03 20:12 . 2004-08-04 07:56 12288 c:\windows\system32\mstinit.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\msswch.dll
+ 1998-08-09 15:07 . 1998-08-09 15:07 94208 c:\windows\system32\MSSTKPRP.DLL
+ 2002-08-29 12:00 . 2002-08-29 12:00 35840 c:\windows\system32\mssign32.dll
+ 1999-01-22 18:46 . 1999-01-22 18:46 65536 c:\windows\system32\MSRTEDIT.DLL
+ 2006-07-01 17:40 . 1999-04-27 00:08 44304 c:\windows\system32\msrpfs35.dll
+ 2002-08-29 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 28746 c:\windows\system32\msrecr40.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 73802 c:\windows\system32\msrclr40.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 60416 c:\windows\system32\msratelc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 69632 c:\windows\system32\msr2c.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 48128 c:\windows\system32\msprivs.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 41984 c:\windows\system32\msports.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 30208 c:\windows\system32\mspatcha.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20480 c:\windows\system32\msorc32r.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 33280 c:\windows\system32\msobjs.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 25088 c:\windows\system32\mslbui.dll
+ 2002-08-29 12:00 . 2008-03-25 04:50 60192 c:\windows\system32\msjter40.dll
+ 2006-07-01 17:39 . 1997-06-23 12:06 24848 c:\windows\system32\msjter35.dll
+ 2004-12-19 20:24 . 2003-02-28 23:26 21264 c:\windows\system32\msjdbc10.dll
+ 2002-08-29 12:00 . 2005-03-21 19:00 15360 c:\windows\system32\msisip.dll
+ 1997-07-11 05:00 . 1997-07-11 05:00 22016 c:\windows\system32\MSIMRT32.DLL
+ 1997-07-11 05:00 . 1997-07-11 05:00 10544 c:\windows\system32\MSIMRT16.DLL
+ 1997-07-11 05:00 . 1997-07-11 05:00 14336 c:\windows\system32\MSIMRT.DLL
+ 2002-08-29 12:00 . 2005-03-21 19:00 78848 c:\windows\system32\msiexec.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\msidntld.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 51712 c:\windows\system32\msident.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 56832 c:\windows\system32\mshtmler.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 29184 c:\windows\system32\mshta.exe
+ 2003-06-09 22:21 . 2003-06-09 22:21 41017 c:\windows\system32\msgsys.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 33792 c:\windows\system32\msgsvc.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 20992 c:\windows\system32\msg.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 94282 c:\windows\system32\msencode.dll
+ 2004-11-03 20:11 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2005-03-20 18:01 . 2004-08-04 07:56 14336 c:\windows\system32\msdmo.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 69120 c:\windows\system32\msctfp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 36864 c:\windows\system32\mscpxl32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 12288 c:\windows\system32\mscpx32r.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 69632 c:\windows\system32\msconf.dll
+ 2002-08-29 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 65024 c:\windows\system32\msaudite.dll
+ 2002-08-29 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 86016 c:\windows\system32\msapsspc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 20480 c:\windows\system32\msacm32.drv
+ 2002-08-29 12:00 . 2004-08-04 07:56 71680 c:\windows\system32\msacm32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 61168 c:\windows\system32\msacm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12800 c:\windows\system32\mrinfo.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 47104 c:\windows\system32\mprui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 99840 c:\windows\system32\mprmsg.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49152 c:\windows\system32\mprdim.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 69120 c:\windows\system32\mprddm.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 87040 c:\windows\system32\mprapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 59904 c:\windows\system32\mpr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\mpnotify.exe
+ 2005-03-20 18:00 . 2003-04-09 18:15 90112 c:\windows\system32\mpgvparse.dll
+ 2005-03-20 18:00 . 2002-12-12 16:17 10752 c:\windows\system32\MPGVOUT.dll
+ 2005-03-20 18:00 . 2002-10-07 17:52 65536 c:\windows\system32\mpgcheck.dll
+ 2005-03-20 18:00 . 2003-03-07 01:32 90112 c:\windows\system32\mpgaparse.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 15872 c:\windows\system32\more.com
+ 2002-08-29 12:00 . 2002-08-29 12:00 10112 c:\windows\system32\modex.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 19456 c:\windows\system32\mode.com
+ 2004-11-03 20:13 . 2004-08-04 07:56 32768 c:\windows\system32\mnmsrvc.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 34560 c:\windows\system32\mnmdd.dll
+ 2002-08-29 12:00 . 2004-08-04 05:51 68768 c:\windows\system32\mmsystem.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 17408 c:\windows\system32\mmfutil.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12288 c:\windows\system32\mmdrv.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 50688 c:\windows\system32\mmcshext.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 70656 c:\windows\system32\mmcbase.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\mimefilt.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51712 c:\windows\system32\migpwd.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 60928 c:\windows\system32\miglibnt.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\midimap.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 46258 c:\windows\system32\mib.bin
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\mgmtapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 22528 c:\windows\system32\mfcsubs.dll
+ 1998-06-17 23:08 . 1998-06-17 23:08 53248 c:\windows\system32\MFC42ENU.DLL
+ 2004-03-30 01:48 . 2007-03-08 15:36 40960 c:\windows\system32\mf3216.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 39274 c:\windows\system32\mem.exe
+ 1999-03-03 16:05 . 1999-03-03 16:05 81920 c:\windows\system32\MDT2FW95.DLL
+ 2004-08-04 07:56 . 2004-08-04 07:56 86016 c:\windows\system32\mdmxsdk.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 50176 c:\windows\system32\mdhcp.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 28160 c:\windows\system32\mciwave.drv
+ 2002-08-29 12:00 . 2004-08-04 07:56 23552 c:\windows\system32\mciwave.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 25264 c:\windows\system32\mciseq.drv
+ 2002-08-29 12:00 . 2004-08-04 07:56 23040 c:\windows\system32\mciseq.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 35328 c:\windows\system32\mciqtz32.dll
+ 2005-02-26 00:27 . 1998-08-17 09:21 11776 c:\windows\system32\mciqtz.drv
+ 2002-08-29 12:00 . 2002-08-29 12:00 17408 c:\windows\system32\mcicda.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 84480 c:\windows\system32\mciavi32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 73376 c:\windows\system32\mciavi.drv
+ 2002-08-29 12:00 . 2002-08-29 12:00 10496 c:\windows\system32\mcdsrv32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 10240 c:\windows\system32\mcd32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\mcastmib.dll
+ 1998-03-26 05:00 . 1998-03-26 05:00 38160 c:\windows\system32\MAPISRVR.EXE
+ 2002-08-29 12:00 . 2004-08-04 07:56 85504 c:\windows\system32\makecab.exe
+ 2002-08-29 12:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
+ 2007-09-22 01:27 . 2008-03-27 02:44 74137 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 13312 c:\windows\system32\lsass.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 10240 c:\windows\system32\lprhelp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 22016 c:\windows\system32\lpk.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 15360 c:\windows\system32\logoff.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 59392 c:\windows\system32\logman.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 50176 c:\windows\system32\loghours.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 75264 c:\windows\system32\locator.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 11776 c:\windows\system32\localui.dll
+ 1998-03-04 17:47 . 1998-03-04 17:47 77824 c:\windows\system32\loc32vc0.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 97280 c:\windows\system32\loadperf.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 25088 c:\windows\system32\lnkstub.exe
+ 2005-02-26 00:29 . 1998-09-02 08:28 38160 c:\windows\system32\LMRTREND.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 13824 c:\windows\system32\lmhsvc.dll
+ 2004-08-20 22:01 . 2005-09-01 01:41 19968 c:\windows\system32\linkinfo.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 29696 c:\windows\system32\lights.exe
+ 2004-11-03 20:10 . 2004-08-04 07:56 58880 c:\windows\system32\licwmi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 22016 c:\windows\system32\licmgr10.dll
+ 2004-11-04 01:11 . 2000-05-23 16:36 36864 c:\windows\system32\Lfbmp11n.dll
+ 2005-03-20 18:06 . 2006-10-19 01:47 11264 c:\windows\system32\LAPRXY.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 89600 c:\windows\system32\langwrbk.dll
+ 2004-05-17 22:48 . 2004-08-04 05:49 92224 c:\windows\system32\krnl386.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 42537 c:\windows\system32\keyboard.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 42809 c:\windows\system32\key01.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 14710 c:\windows\system32\kb16.com
+ 2002-08-29 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll
+ 2004-11-04 01:08 . 2000-01-05 17:50 65024 c:\windows\system32\JPEGACC.DLL
+ 2002-08-29 12:00 . 2002-08-29 12:00 47952 c:\windows\system32\jobexec.dll
+ 2004-11-04 01:06 . 2001-05-31 19:49 13312 c:\windows\system32\Jgst500.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 65536 c:\windows\system32\jgsh400.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 45568 c:\windows\system32\jgsd400.dll
+ 2004-11-04 01:06 . 2001-05-31 19:49 15872 c:\windows\system32\Jgpl500.dll
+ 2002-08-29 12:00 . 2006-06-01 18:47 27648 c:\windows\system32\jgpl400.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 35840 c:\windows\system32\jgmd400.dll
+ 2004-11-04 01:06 . 2001-05-31 19:49 11264 c:\windows\system32\Jgid500.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 44544 c:\windows\system32\jgaw400.dll
+ 2004-11-04 01:06 . 2001-05-31 19:49 11264 c:\windows\system32\Jgar500.dll
+ 2006-07-01 17:40 . 1998-05-05 15:36 39424 c:\windows\system32\JETCOMP.exe
+ 2004-12-19 20:24 . 2003-02-28 23:26 15120 c:\windows\system32\jdbgmgr.exe
+ 2004-12-19 20:23 . 2003-02-28 23:26 63248 c:\windows\system32\javaprxy.dll
+ 2001-08-17 22:36 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 54272 c:\windows\system32\ixsso.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 32768 c:\windows\system32\isrdbg32.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 81920 c:\windows\system32\isign32.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 13312 c:\windows\system32\irclass.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 20992 c:\windows\system32\ipxwan.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 66560 c:\windows\system32\ipxsap.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 39936 c:\windows\system32\ipxrtmgr.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 23552 c:\windows\system32\ipxroute.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 21504 c:\windows\system32\ipxrip.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 69120 c:\windows\system32\ipxpromn.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 83968 c:\windows\system32\ipxmontr.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 59904 c:\windows\system32\ipv6mon.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 53248 c:\windows\system32\ipv6.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 44032 c:\windows\system32\ipsec6.exe
+ 2002-08-29 12:00 . 2006-05-19 12:59 94720 c:\windows\system32\iphlpapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 55808 c:\windows\system32\ipconfig.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 30720 c:\windows\system32\iologmsg.dll
+ 2004-08-26 14:53 . 2010-04-16 15:36 96256 c:\windows\system32\inseng.dll
+ 1996-10-15 14:53 . 1996-10-15 13:53 78848 c:\windows\system32\INLOADER.DLL
+ 2004-11-03 20:13 . 2004-08-04 07:56 48128 c:\windows\system32\inetres.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15872 c:\windows\system32\inetppui.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 75264 c:\windows\system32\inetpp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 33280 c:\windows\system32\inetmib1.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 35840 c:\windows\system32\imgutil.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 36921 c:\windows\system32\imeshare.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 81920 c:\windows\system32\ils.dll
+ 2004-11-04 01:08 . 2000-01-05 17:50 34304 c:\windows\system32\IGLZW32S.DLL
+ 2004-11-04 01:08 . 2000-01-05 17:50 68096 c:\windows\system32\IGFPX32P.DLL
+ 2002-08-29 12:00 . 2002-08-29 12:00 70656 c:\windows\system32\ifsutil.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 62976 c:\windows\system32\iesetup.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 48640 c:\windows\system32\iernonce.dll
+ 2004-08-04 07:56 . 2010-04-16 15:36 81920 c:\windows\system32\ieencode.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 34304 c:\windows\system32\ie4uinit.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 65536 c:\windows\system32\icwphbk.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 73728 c:\windows\system32\icwdial.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 54784 c:\windows\system32\icmui.dll
+ 2004-11-03 20:13 . 2002-08-29 12:00 16384 c:\windows\system32\icfgnt5.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 80384 c:\windows\system32\iccvid.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 11264 c:\windows\system32\icaapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 59392 c:\windows\system32\iassvcs.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 86528 c:\windows\system32\iassam.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 17920 c:\windows\system32\iaspolcy.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 62464 c:\windows\system32\iasnap.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 32256 c:\windows\system32\iashlpr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 41472 c:\windows\system32\iasads.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\iasacct.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 41984 c:\windows\system32\htui.dll
+ 2004-08-04 07:56 . 2009-10-21 06:00 25088 c:\windows\system32\httpapi.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 44544 c:\windows\system32\hticons.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 32285 c:\windows\system32\hsfcisp2.dll
+ 2001-08-23 11:24 . 2001-08-23 11:24 81920 c:\windows\system32\hphipr09.dll
+ 2001-08-23 11:24 . 2001-08-23 11:24 77824 c:\windows\system32\hphipm09.exe
+ 2001-08-23 11:24 . 2001-08-23 11:24 98304 c:\windows\system32\hphidr09.dll
+ 2001-08-23 11:24 . 2001-08-23 11:24 40448 c:\windows\system32\hpfinsta.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\hnetmon.dll
+ 2004-11-16 21:32 . 2006-07-21 08:24 72704 c:\windows\system32\hlink.dll
+ 2001-08-17 22:36 . 2004-08-04 07:56 20992 c:\windows\system32\hid.dll
+ 2002-08-29 12:00 . 2005-05-27 02:04 41472 c:\windows\system32\hhsetup.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\help.exe
+ 2004-07-29 22:50 . 2004-08-04 07:56 39424 c:\windows\system32\grpconv.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 19694 c:\windows\system32\graphics.com
+ 2002-08-29 12:00 . 2002-08-29 12:00 26112 c:\windows\system32\graftabl.com
+ 2002-08-29 12:00 . 2002-08-29 12:00 24576 c:\windows\system32\gdi.exe
+ 1999-04-17 15:06 . 1999-04-17 15:06 10752 c:\windows\system32\gcmd5query.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 76800 c:\windows\system32\gcdef.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 60416 c:\windows\system32\fwcfg.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 42496 c:\windows\system32\ftp.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 56320 c:\windows\system32\fsutil.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 81408 c:\windows\system32\fsusd.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 55296 c:\windows\system32\freecell.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\system32\format.com
+ 2002-08-29 12:00 . 2004-08-04 07:56 20992 c:\windows\system32\fontview.exe
+ 2002-08-29 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16384 c:\windows\system32\fmifs.dll
+ 1999-10-18 00:01 . 1999-10-18 00:01 26384 c:\windows\system32\FM20ENU.DLL
+ 2004-08-04 07:56 . 2006-08-21 09:14 23040 c:\windows\system32\fltmc.exe
+ 2004-08-04 07:56 . 2006-08-21 12:21 16896 c:\windows\system32\fltlib.dll
+ 2004-08-20 22:01 . 2004-08-04 07:56 87552 c:\windows\system32\fldrclnr.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 27136 c:\windows\system32\findstr.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 21504 c:\windows\system32\feclient.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\fc.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 20992 c:\windows\system32\faxpatch.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 80384 c:\windows\system32\faultrep.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 45568 c:\windows\system32\extrac32.exe
+ 2004-08-04 07:56 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll
+ 1999-02-16 19:38 . 1999-02-16 19:38 38912 c:\windows\system32\EXSEC32.DLL
+ 2002-08-29 12:00 . 2002-08-29 12:00 15872 c:\windows\system32\expand.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 55808 c:\windows\system32\eventlog.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 33280 c:\windows\system32\eventcls.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 39424 c:\windows\system32\esentutl.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 17408 c:\windows\system32\esentprf.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 23040 c:\windows\system32\ersvc.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 20480 c:\windows\system32\encapi.dll
+ 2004-11-03 20:12 . 2004-11-03 20:12 21640 c:\windows\system32\emptyregdb.dat
+ 2002-08-29 12:00 . 2002-08-29 12:00 12642 c:\windows\system32\edlin.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 69886 c:\windows\system32\edit.com
+ 2005-03-20 18:00 . 2002-12-12 05:14 44544 c:\windows\system32\dxdllreg.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 17920 c:\windows\system32\dvdupgrd.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 55296 c:\windows\system32\dvdplay.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 10752 c:\windows\system32\dumprep.exe
+ 2005-03-20 18:00 . 2004-08-04 07:56 19456 c:\windows\system32\dswave.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 51200 c:\windows\system32\dssec.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 92672 c:\windows\system32\dskquota.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 71680 c:\windows\system32\dsdmoprp.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 62976 c:\windows\system32\dsauth.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 16384 c:\windows\system32\ds32gt.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 45568 c:\windows\system32\drwtsn32.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 28112 c:\windows\system32\drwatson.exe
+ 2007-03-29 13:56 . 2007-03-29 13:56 68344 c:\windows\system32\drvins64.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\drprov.dll
+ 2005-03-20 18:05 . 2004-08-04 07:56 87040 c:\windows\system32\drmstor.dll
+ 2006-09-28 23:00 . 2006-09-28 23:00 82944 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 22:55 . 2006-09-28 22:55 77568 c:\windows\system32\drivers\WudfPf.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 19328 c:\windows\system32\drivers\wstcodec.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 12032 c:\windows\system32\drivers\ws2ifsl.sys
+ 2006-10-19 00:00 . 2006-10-19 00:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2004-11-03 15:05 . 2006-06-14 09:00 82944 c:\windows\system32\drivers\wdmaud.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 25471 c:\windows\system32\drivers\watv10nt.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 22271 c:\windows\system32\drivers\watv06nt.sys
+ 2002-08-29 12:00 . 2004-08-04 06:04 34560 c:\windows\system32\drivers\wanarp.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 11935 c:\windows\system32\drivers\wadv11nt.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 11871 c:\windows\system32\drivers\wadv09nt.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 11295 c:\windows\system32\drivers\wadv08nt.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 11807 c:\windows\system32\drivers\wadv07nt.sys
+ 2004-08-04 06:04 . 2004-08-04 06:04 13568 c:\windows\system32\drivers\wacompen.sys
+ 2002-08-29 12:00 . 2004-08-04 06:00 52352 c:\windows\system32\drivers\volsnap.sys
+ 2002-08-29 12:00 . 2004-08-04 06:07 79744 c:\windows\system32\drivers\videoprt.sys
+ 2001-09-10 06:30 . 2001-09-10 06:30 42880 c:\windows\system32\drivers\viaudio.sys
+ 2004-11-03 15:04 . 2004-08-04 06:07 42240 c:\windows\system32\drivers\viaagp.sys
+ 2002-08-29 12:00 . 2004-08-04 06:07 20992 c:\windows\system32\drivers\vga.sys
+ 2001-08-17 14:02 . 2002-08-29 12:00 58112 c:\windows\system32\drivers\vdmindvd.sys
+ 2004-08-04 07:56 . 2004-08-04 07:56 11325 c:\windows\system32\drivers\vchnt5.dll
+ 2004-08-04 06:10 . 2004-08-04 06:10 78464 c:\windows\system32\drivers\usbvideo.sys
+ 2002-08-29 12:00 . 2004-08-04 06:08 20480 c:\windows\system32\drivers\usbuhci.sys
+ 2005-03-21 19:44 . 2004-08-04 06:08 26496 c:\windows\system32\drivers\usbstor.sys
+ 2004-11-03 20:36 . 2004-08-04 05:58 15104 c:\windows\system32\drivers\usbscan.sys
+ 2002-08-29 01:32 . 2004-08-04 06:08 16000 c:\windows\system32\drivers\usbintel.sys
+ 2002-08-29 12:00 . 2004-08-04 06:08 57600 c:\windows\system32\drivers\usbhub.sys
+ 2002-08-29 12:00 . 2004-08-04 06:08 26624 c:\windows\system32\drivers\usbehci.sys
+ 2001-08-17 14:03 . 2002-08-29 12:00 23936 c:\windows\system32\drivers\usbcamd2.sys
+ 2001-08-17 14:03 . 2002-08-29 12:00 23808 c:\windows\system32\drivers\usbcamd.sys
+ 2004-08-04 06:04 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\usb8023x.sys
+ 2002-08-29 12:00 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\usb8023.sys
+ 2002-08-29 12:00 . 2004-08-04 06:00 66176 c:\windows\system32\drivers\udfs.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 44672 c:\windows\system32\drivers\uagp35.sys
+ 2002-08-29 01:35 . 2004-08-04 06:03 12416 c:\windows\system32\drivers\tunmp.sys
+ 2001-08-17 14:06 . 2002-08-29 12:00 21376 c:\windows\system32\drivers\tsbvcap.sys
+ 2001-08-17 14:01 . 2002-08-29 12:00 51712 c:\windows\system32\drivers\tosdvd.sys
+ 2004-11-03 20:10 . 2004-08-04 08:01 40840 c:\windows\system32\drivers\termdd.sys
+ 2004-11-03 20:11 . 2004-08-04 08:01 21896 c:\windows\system32\drivers\tdtcp.sys
+ 2004-11-03 20:11 . 2004-08-04 08:01 12040 c:\windows\system32\drivers\tdpipe.sys
+ 2002-08-29 12:00 . 2004-08-04 06:07 18560 c:\windows\system32\drivers\tdi.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 14976 c:\windows\system32\drivers\tape.sys
+ 2004-11-03 15:05 . 2004-08-04 06:15 60800 c:\windows\system32\drivers\sysaudio.sys
+ 2004-03-11 19:58 . 2004-03-11 19:58 16288 c:\windows\system32\drivers\symredrv.sys
+ 2004-03-11 19:58 . 2004-03-11 19:58 51520 c:\windows\system32\drivers\symndis.sys
+ 2004-03-11 19:58 . 2004-03-11 19:58 46528 c:\windows\system32\drivers\symids.sys
+ 2004-12-19 20:13 . 2004-03-05 04:46 82832 c:\windows\system32\drivers\SYMEVENT.SYS
+ 2004-03-11 19:58 . 2004-03-11 19:58 10688 c:\windows\system32\drivers\symdns.sys
+ 2004-11-03 15:05 . 2001-08-17 14:00 54272 c:\windows\system32\drivers\swmidi.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 15360 c:\windows\system32\drivers\streamip.sys
+ 2005-03-20 18:01 . 2004-08-04 06:08 48640 c:\windows\system32\drivers\stream.sys
+ 2004-11-03 20:13 . 2004-08-04 06:06 73472 c:\windows\system32\drivers\sr.sys
+ 2002-08-29 01:33 . 2004-08-04 06:09 25472 c:\windows\system32\drivers\sonydcam.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 14592 c:\windows\system32\drivers\smclib.sys
+ 2004-08-04 05:41 . 2004-08-04 05:41 13240 c:\windows\system32\drivers\slwdmsup.sys
+ 2004-08-04 05:41 . 2004-08-04 05:41 95424 c:\windows\system32\drivers\slnthal.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 11136 c:\windows\system32\drivers\slip.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 41088 c:\windows\system32\drivers\sisagp.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 11392 c:\windows\system32\drivers\sfloppy.sys
+ 2004-08-04 05:59 . 2004-08-04 05:59 10240 c:\windows\system32\drivers\sffp_sd.sys
+ 2004-08-04 05:59 . 2004-08-04 05:59 11136 c:\windows\system32\drivers\sffdisk.sys
+ 2002-08-29 12:00 . 2004-08-04 06:15 64896 c:\windows\system32\drivers\serial.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 15488 c:\windows\system32\drivers\serenum.sys
+ 2002-08-29 12:00 . 2007-11-13 10:25 20480 c:\windows\system32\drivers\secdrv.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 67584 c:\windows\system32\drivers\sdbus.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 96256 c:\windows\system32\drivers\scsiport.sys
+ 2004-11-03 15:04 . 2004-08-04 05:31 20992 c:\windows\system32\drivers\rtl8139.sys
+ 2004-08-04 06:04 . 2004-08-04 06:04 30080 c:\windows\system32\drivers\rndismpx.sys
+ 2002-08-29 12:00 . 2004-08-04 06:04 30080 c:\windows\system32\drivers\rndismp.sys
+ 2001-08-17 13:24 . 2002-08-29 12:00 12032 c:\windows\system32\drivers\riodrv.sys
+ 2001-08-17 13:24 . 2002-08-29 12:00 12032 c:\windows\system32\drivers\rio8drv.sys
+ 2004-08-04 06:10 . 2004-08-04 06:10 59648 c:\windows\system32\drivers\rfcomm.sys
+ 2004-11-03 15:05 . 2004-08-04 05:59 57472 c:\windows\system32\drivers\redbook.sys
+ 2004-08-04 05:41 . 2004-08-04 05:41 13776 c:\windows\system32\drivers\recagent.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 34432 c:\windows\system32\drivers\rawwan.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 16512 c:\windows\system32\drivers\raspti.sys
+ 2002-08-29 12:00 . 2004-08-04 06:14 48384 c:\windows\system32\drivers\raspptp.sys
+ 2002-08-29 12:00 . 2004-08-04 06:05 41472 c:\windows\system32\drivers\raspppoe.sys
+ 2002-08-29 12:00 . 2004-08-04 06:14 51328 c:\windows\system32\drivers\rasl2tp.sys
+ 2007-03-29 08:00 . 2007-03-29 08:00 43528 c:\windows\system32\drivers\pxhelp20.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 17792 c:\windows\system32\drivers\ptilink.sys
+ 2002-08-29 12:00 . 2004-08-04 06:04 69120 c:\windows\system32\drivers\psched.sys
+ 2002-08-29 01:05 . 2004-08-04 05:59 35328 c:\windows\system32\drivers\processr.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 25088 c:\windows\system32\drivers\pciidex.sys
+ 2002-08-29 12:00 . 2004-08-04 06:07 68224 c:\windows\system32\drivers\pci.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 18688 c:\windows\system32\drivers\partmgr.sys
+ 2002-08-29 01:27 . 2004-08-04 05:59 80128 c:\windows\system32\drivers\parport.sys
+ 2002-08-29 01:05 . 2004-08-04 05:59 42496 c:\windows\system32\drivers\p3.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 55936 c:\windows\system32\drivers\nwlnkspx.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 63232 c:\windows\system32\drivers\nwlnknb.sys
+ 2002-08-29 12:00 . 2004-08-04 06:03 88448 c:\windows\system32\drivers\nwlnkipx.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 32512 c:\windows\system32\drivers\nwlnkfwd.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 12416 c:\windows\system32\drivers\nwlnkflt.sys
+ 2002-08-29 12:00 . 2004-08-04 06:00 30848 c:\windows\system32\drivers\npfs.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 40320 c:\windows\system32\drivers\nmnt.sys
+ 2001-08-17 13:24 . 2002-08-29 12:00 12032 c:\windows\system32\drivers\nikedrv.sys
+ 2002-08-29 01:33 . 2004-08-04 05:58 61824 c:\windows\system32\drivers\nic1394.sys
+ 2002-08-29 12:00 . 2004-08-04 06:03 34560 c:\windows\system32\drivers\netbios.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 38016 c:\windows\system32\drivers\ndproxy.sys
+ 2002-08-29 12:00 . 2004-08-04 06:14 91776 c:\windows\system32\drivers\ndiswan.sys
+ 2002-08-29 01:35 . 2004-08-04 06:03 12928 c:\windows\system32\drivers\ndisuio.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 10880 c:\windows\system32\drivers\ndisip.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 85376 c:\windows\system32\drivers\nabtsfec.sys
+ 2006-04-24 00:36 . 2006-04-24 00:39 28352 c:\windows\system32\drivers\MxlW2k.sys
+ 2004-08-04 06:04 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\mutohpen.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 15488 c:\windows\system32\drivers\mssmbios.sys
+ 2002-08-29 12:00 . 2004-08-04 06:04 35072 c:\windows\system32\drivers\msgpc.sys
+ 2002-08-29 12:00 . 2004-08-04 06:00 19072 c:\windows\system32\drivers\msfs.sys
+ 2005-03-20 18:01 . 2004-08-04 06:09 51328 c:\windows\system32\drivers\msdv.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 15360 c:\windows\system32\drivers\mpe.sys
+ 2002-08-29 12:00 . 2004-08-04 05:58 42240 c:\windows\system32\drivers\mountmgr.sys
+ 2002-08-29 01:27 . 2004-08-04 05:58 23040 c:\windows\system32\drivers\mouclass.sys
+ 2004-11-03 15:05 . 2001-08-17 13:57 16128 c:\windows\system32\drivers\MODEMCSA.sys
+ 2001-08-17 13:57 . 2004-08-04 06:08 30080 c:\windows\system32\drivers\modem.sys
+ 2001-08-17 13:58 . 2004-08-04 06:07 63744 c:\windows\system32\drivers\mf.sys
+ 2004-08-04 05:41 . 2004-08-04 05:41 11868 c:\windows\system32\drivers\mdmxsdk.sys
+ 2002-08-29 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2002-08-29 12:00 . 2004-08-04 05:58 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 35840 c:\windows\system32\drivers\isapnp.sys
+ 2004-11-03 15:02 . 2004-08-04 06:00 11264 c:\windows\system32\drivers\irenum.sys
+ 2002-08-29 12:00 . 2004-08-04 06:14 74752 c:\windows\system32\drivers\ipsec.sys
+ 2002-08-29 12:00 . 2004-08-04 06:04 20992 c:\windows\system32\drivers\ipinip.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 32896 c:\windows\system32\drivers\ipfltdrv.sys
+ 2004-08-04 06:00 . 2004-08-04 06:00 29056 c:\windows\system32\drivers\ip6fw.sys
+ 2004-08-04 05:59 . 2004-08-04 05:59 36096 c:\windows\system32\drivers\intelppm.sys
+ 2002-08-29 12:00 . 2004-08-04 06:00 41856 c:\windows\system32\drivers\imapi.sys
+ 2002-08-29 12:00 . 2004-08-04 06:14 52736 c:\windows\system32\drivers\i8042prt.sys
+ 2004-11-03 15:04 . 2001-08-17 13:28 50751 c:\windows\system32\drivers\HSF_TONE.sys
+ 2004-11-03 15:04 . 2001-08-17 13:28 73279 c:\windows\system32\drivers\HSF_SPKP.sys
+ 2004-11-03 15:04 . 2001-08-17 13:28 44863 c:\windows\system32\drivers\HSF_SOAR.sys
+ 2004-11-03 15:04 . 2001-08-17 13:28 57471 c:\windows\system32\drivers\HSF_SAMP.sys
+ 2004-11-03 15:04 . 2001-08-17 13:28 67167 c:\windows\system32\drivers\HSF_BSC2.sys
+ 2001-08-23 11:24 . 2001-08-23 11:24 50211 c:\windows\system32\drivers\hphs2k09.sys
+ 2001-08-23 11:24 . 2001-08-23 11:24 18864 c:\windows\system32\drivers\hphius09.sys
+ 2001-08-23 11:24 . 2001-08-23 11:24 15984 c:\windows\system32\drivers\hphipr09.sys
+ 2001-08-23 11:24 . 2001-08-23 11:24 50704 c:\windows\system32\drivers\hphid409.sys
+ 2002-08-29 12:00 . 2004-08-04 06:08 24960 c:\windows\system32\drivers\hidparse.sys
+ 2004-08-04 06:08 . 2004-08-04 06:08 15104 c:\windows\system32\drivers\hidir.sys
+ 2002-08-29 12:00 . 2004-08-04 06:08 36224 c:\windows\system32\drivers\hidclass.sys
+ 2004-08-04 06:10 . 2004-08-04 06:10 25600 c:\windows\system32\drivers\hidbth.sys
+ 2004-11-03 15:04 . 2004-08-04 06:08 10624 c:\windows\system32\drivers\gameenum.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 46464 c:\windows\system32\drivers\gagp30kx.sys
+ 2001-08-17 13:57 . 2002-08-29 12:00 12160 c:\windows\system32\drivers\fsvga.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 20480 c:\windows\system32\drivers\flpydisk.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 34944 c:\windows\system32\drivers\fips.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 27392 c:\windows\system32\drivers\fdc.sys
+ 2002-08-29 12:00 . 2004-08-04 06:00 71040 c:\windows\system32\drivers\dxg.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 10496 c:\windows\system32\drivers\dxapi.sys
+ 2004-12-19 20:04 . 2004-08-04 06:07 60288 c:\windows\system32\drivers\drmk.sys
+ 2004-11-03 15:05 . 2004-08-04 06:07 52864 c:\windows\system32\drivers\dmusic.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 14208 c:\windows\system32\drivers\diskdump.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 36352 c:\windows\system32\drivers\disk.sys
+ 2002-08-29 01:05 . 2004-08-04 05:59 36480 c:\windows\system32\drivers\crusoe.sys
+ 2001-08-17 13:24 . 2002-08-29 12:00 11776 c:\windows\system32\drivers\cpqdap01.sys
+ 2002-08-29 12:00 . 2004-08-04 06:14 49664 c:\windows\system32\drivers\classpnp.sys
+ 2004-08-04 07:56 . 2004-08-04 07:56 15423 c:\windows\system32\drivers\ch7xxnt5.dll
+ 2002-08-29 12:00 . 2004-08-04 05:59 49536 c:\windows\system32\drivers\cdrom.sys
+ 2002-08-29 12:00 . 2004-08-04 06:14 63744 c:\windows\system32\drivers\cdfs.sys
+ 2001-08-17 13:52 . 2002-08-29 12:00 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 17024 c:\windows\system32\drivers\ccdecode.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 13952 c:\windows\system32\drivers\cbidf2k.sys
+ 2004-08-04 06:10 . 2004-08-04 06:10 18944 c:\windows\system32\drivers\bthusb.sys
+ 2004-08-04 06:10 . 2004-08-04 06:10 35456 c:\windows\system32\drivers\bthprint.sys
+ 2004-08-04 06:10 . 2004-08-04 06:10 38016 c:\windows\system32\drivers\bthmodem.sys
+ 2004-08-04 06:10 . 2004-08-04 06:10 17024 c:\windows\system32\drivers\bthenum.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 71552 c:\windows\system32\drivers\bridge.sys
+ 2005-03-20 18:01 . 2004-08-04 06:10 11776 c:\windows\system32\drivers\bdasup.sys
+ 2007-07-20 20:18 . 2007-07-20 20:18 11392 c:\windows\system32\drivers\avpnnic.sys
+ 2004-08-04 07:56 . 2004-08-04 07:56 17279 c:\windows\system32\drivers\atv10nt5.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 14143 c:\windows\system32\drivers\atv06nt5.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 25471 c:\windows\system32\drivers\atv04nt5.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 11359 c:\windows\system32\drivers\atv02nt5.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 21183 c:\windows\system32\drivers\atv01nt5.dll
+ 2002-08-29 12:00 . 2004-08-04 05:58 55936 c:\windows\system32\drivers\atmlane.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 31360 c:\windows\system32\drivers\atmepvc.sys
+ 2002-08-29 12:00 . 2004-08-04 05:58 59904 c:\windows\system32\drivers\atmarpc.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 63488 c:\windows\system32\drivers\atinxsxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 31744 c:\windows\system32\drivers\atinxbxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 73216 c:\windows\system32\drivers\atintuxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 13824 c:\windows\system32\drivers\atinttxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 28672 c:\windows\system32\drivers\atinsnxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 52224 c:\windows\system32\drivers\atinraxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 14336 c:\windows\system32\drivers\atinpdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 13824 c:\windows\system32\drivers\atinmdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 57856 c:\windows\system32\drivers\atinbtxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 34735 c:\windows\system32\drivers\ati1xsxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 29455 c:\windows\system32\drivers\ati1xbxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 36463 c:\windows\system32\drivers\ati1tuxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 21343 c:\windows\system32\drivers\ati1ttxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 26367 c:\windows\system32\drivers\ati1snxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 63663 c:\windows\system32\drivers\ati1rvxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 30671 c:\windows\system32\drivers\ati1raxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 12047 c:\windows\system32\drivers\ati1pdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 11615 c:\windows\system32\drivers\ati1mdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 56623 c:\windows\system32\drivers\ati1btxx.sys
+ 2002-08-29 12:00 . 2004-08-04 05:59 95360 c:\windows\system32\drivers\atapi.sys
+ 2002-08-29 12:00 . 2004-08-04 06:05 14336 c:\windows\system32\drivers\asyncmac.sys
+ 2002-08-29 01:33 . 2004-08-04 05:58 60800 c:\windows\system32\drivers\arp1394.sys
+ 2002-08-29 01:05 . 2004-08-04 05:59 37376 c:\windows\system32\drivers\amdk7.sys
+ 2002-08-29 01:05 . 2004-08-04 05:59 36992 c:\windows\system32\drivers\amdk6.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 43008 c:\windows\system32\drivers\amdagp.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 42752 c:\windows\system32\drivers\alim1541.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 44928 c:\windows\system32\drivers\agpcpq.sys
+ 2004-08-04 06:07 . 2004-08-04 06:07 42368 c:\windows\system32\drivers\agp440.sys
+ 2004-04-29 21:19 . 2004-04-29 21:19 19328 c:\windows\system32\drivers\agnwifi.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 11648 c:\windows\system32\drivers\acpiec.sys
+ 2005-03-20 18:00 . 2004-08-04 07:56 57344 c:\windows\system32\dpwsockx.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 42768 c:\windows\system32\dpwsock.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 83456 c:\windows\system32\dpvsetup.exe
+ 2005-03-20 18:00 . 2004-08-04 07:56 21504 c:\windows\system32\dpvacm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 53520 c:\windows\system32\dpserial.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 61952 c:\windows\system32\dpnwsock.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 18432 c:\windows\system32\dpnsvr.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 62464 c:\windows\system32\dpnmodem.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 60928 c:\windows\system32\dpnhupnp.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 35328 c:\windows\system32\dpnhpast.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 23552 c:\windows\system32\dpmodemx.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 30208 c:\windows\system32\dplaysvr.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 33040 c:\windows\system32\dplay.dll
+ 2002-08-29 12:00 . 2004-08-04 06:13 97280 c:\windows\system32\dpcdll.dll
+ 2002-08-29 12:00 . 2004-08-04 05:51 53840 c:\windows\system32\dosx.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 10752 c:\windows\system32\doskey.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 48128 c:\windows\system32\docprop2.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 46080 c:\windows\system32\docprop.dll
+ 2002-08-29 12:00 . 2008-02-20 05:32 45568 c:\windows\system32\dnsrslvr.dll
+ 2001-08-17 22:36 . 2004-08-04 07:56 52224 c:\windows\system32\dmutil.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 23552 c:\windows\system32\dmserver.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 82432 c:\windows\system32\dmscript.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15872 c:\windows\system32\dmremote.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 19456 c:\windows\system32\dmocx.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 35840 c:\windows\system32\dmloader.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18432 c:\windows\system32\dmintf.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 61440 c:\windows\system32\dmcompos.dll
+ 2005-03-20 18:00 . 2004-08-04 07:56 28672 c:\windows\system32\dmband.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 13894 c:\windows\system32\dllcache\zonelibm.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 29760 c:\windows\system32\dllcache\znetm.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 41029 c:\windows\system32\dllcache\zcorem.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 36937 c:\windows\system32\dllcache\zclientm.exe
+ 2004-11-03 20:11 . 2006-03-01 19:42 11776 c:\windows\system32\dllcache\xolehlp.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 50176 c:\windows\system32\dllcache\xmlprovi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 30720 c:\windows\system32\dllcache\xcopy.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 91648 c:\windows\system32\dllcache\xactsrv.dll
+ 2004-11-16 03:26 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 32256 c:\windows\system32\dllcache\wupdmgr.exe
+ 2004-11-03 20:10 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2005-03-20 18:01 . 2004-08-04 07:56 50688 c:\windows\system32\dllcache\wstdecod.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 42496 c:\windows\system32\dllcache\wsnmp32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 11776 c:\windows\system32\dllcache\wshrm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\dllcache\wshisn.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\wship6.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 28672 c:\windows\system32\dllcache\wshcon.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12032 c:\windows\system32\dllcache\ws2ifsl.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 32256 c:\windows\system32\dllcache\wpnpinst.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 32256 c:\windows\system32\dllcache\wpabaln.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 13824 c:\windows\system32\dllcache\wowfaxui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 10368 c:\windows\system32\dllcache\wowexec.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 20480 c:\windows\system32\dllcache\wmpui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 77824 c:\windows\system32\dllcache\wmpstub.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 20480 c:\windows\system32\dllcache\wmpcore.dll

 

[exmatt]

+ 2002-08-29 12:00 . 2004-08-04 07:56 20480 c:\windows\system32\dllcache\wmpcd.dll
+ 2004-08-04 07:56 . 2006-10-19 01:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 52224 c:\windows\system32\dllcache\wmitimep.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 41472 c:\windows\system32\dllcache\wmipsess.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\dllcache\wmiprop.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 62976 c:\windows\system32\dllcache\wmipjobj.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 62464 c:\windows\system32\dllcache\wmipiprt.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 75264 c:\windows\system32\dllcache\wmipicmp.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 61440 c:\windows\system32\dllcache\wmimsg.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 60928 c:\windows\system32\dllcache\wmicookr.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 89088 c:\windows\system32\dllcache\wmiaprpl.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 45568 c:\windows\system32\dllcache\wmi2xml.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51200 c:\windows\system32\dllcache\wmerrenu.dll
+ 2002-08-29 12:00 . 2006-10-19 01:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2002-08-29 12:00 . 2006-10-19 01:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2004-11-03 20:13 . 2002-08-29 12:00 25088 c:\windows\system32\dllcache\wisc10.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\dllcache\winstrm.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 17408 c:\windows\system32\dllcache\winshfhc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\dllcache\winmsd.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 16384 c:\windows\system32\dllcache\winmgmtr.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 13312 c:\windows\system32\dllcache\winmgmt.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 35328 c:\windows\system32\dllcache\winchat.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\dllcache\win87em.dll
+ 2004-11-07 19:39 . 2001-08-18 03:36 87040 c:\windows\system32\dllcache\wiafbdrv.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 13600 c:\windows\system32\dllcache\wfwnet.drv
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\dllcache\wextract.exe
+ 2004-11-03 20:19 . 2002-08-29 12:00 31232 c:\windows\system32\dllcache\weitekp9.sys
+ 2004-11-03 20:19 . 2002-08-29 12:00 41600 c:\windows\system32\dllcache\weitekp9.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 40448 c:\windows\system32\dllcache\webhits.dll
+ 2006-06-14 09:00 . 2006-06-14 09:00 82944 c:\windows\system32\dllcache\wdmaud.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 43008 c:\windows\system32\dllcache\wbemperf.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 12288 c:\windows\system32\dllcache\wbemads.dll
+ 2004-11-03 20:13 . 2002-08-29 12:00 12288 c:\windows\system32\dllcache\wb32.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 30208 c:\windows\system32\dllcache\wabmig.exe
+ 2004-11-03 20:13 . 2007-05-16 15:12 85504 c:\windows\system32\dllcache\wabimp.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 46080 c:\windows\system32\dllcache\wab.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\dllcache\w32topl.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49664 c:\windows\system32\dllcache\w32tm.exe
+ 2004-11-03 20:19 . 2002-08-29 12:00 48256 c:\windows\system32\dllcache\w32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 33792 c:\windows\system32\dllcache\vssadmin.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\dllcache\vss_ps.dll
+ 2004-11-03 20:19 . 2004-08-04 05:32 86073 c:\windows\system32\dllcache\voicesub.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18944 c:\windows\system32\dllcache\vmmreg32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18176 c:\windows\system32\dllcache\vga64k.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51456 c:\windows\system32\dllcache\vga256.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 98304 c:\windows\system32\dllcache\verifier.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\dllcache\verifier.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 51712 c:\windows\system32\dllcache\vdmredir.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 30749 c:\windows\system32\dllcache\vbajet32.dll
+ 2002-08-29 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\system32\dllcache\utildll.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 49211 c:\windows\system32\dllcache\usrvpa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 45116 c:\windows\system32\dllcache\usrvoica.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 49209 c:\windows\system32\dllcache\usrv80a.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 41019 c:\windows\system32\dllcache\usrsvpia.dll
+ 2001-08-17 22:37 . 2002-08-29 12:00 69700 c:\windows\system32\dllcache\usrshuta.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 49211 c:\windows\system32\dllcache\usrsdpia.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 77883 c:\windows\system32\dllcache\usrrtosa.dll
+ 2001-08-17 22:37 . 2002-08-29 12:00 61508 c:\windows\system32\dllcache\usrprbda.exe
+ 2001-08-17 22:37 . 2002-08-29 12:00 77891 c:\windows\system32\dllcache\usrmlnka.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 53305 c:\windows\system32\dllcache\usrlbva.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 86073 c:\windows\system32\dllcache\usrfaxa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 77890 c:\windows\system32\dllcache\usrdpa.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 69699 c:\windows\system32\dllcache\usrcoina.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 61500 c:\windows\system32\dllcache\usrcntra.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 47872 c:\windows\system32\dllcache\user.exe
+ 2004-11-03 15:04 . 2004-08-04 07:56 74240 c:\windows\system32\dllcache\usbui.dll
+ 2004-11-03 20:36 . 2004-08-04 05:58 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 17920 c:\windows\system32\dllcache\ureg.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 16896 c:\windows\system32\dllcache\upnpcont.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 16896 c:\windows\system32\dllcache\unsecapp.exe
+ 2004-11-03 20:19 . 2004-08-04 06:04 76288 c:\windows\system32\dllcache\uniime.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 32339 c:\windows\system32\dllcache\uniansi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13312 c:\windows\system32\dllcache\umdmxfrm.dll
+ 2002-08-29 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 82432 c:\windows\system32\dllcache\ufat.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 25600 c:\windows\system32\dllcache\udhisapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\system32\dllcache\twunk_32.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 49680 c:\windows\system32\dllcache\twunk_16.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 50688 c:\windows\system32\dllcache\twain_32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 94784 c:\windows\system32\dllcache\twain.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 16896 c:\windows\system32\dllcache\tsshutdn.exe
+ 2004-11-03 20:19 . 2002-08-29 12:00 14336 c:\windows\system32\dllcache\tsprof.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 16384 c:\windows\system32\dllcache\tskill.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 14848 c:\windows\system32\dllcache\tsdiscon.exe
+ 2002-08-29 12:00 . 2004-08-04 08:01 12168 c:\windows\system32\dllcache\tsddd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 15360 c:\windows\system32\dllcache\tsd32.dll
+ 2004-11-03 20:10 . 2004-08-04 05:59 44544 c:\windows\system32\dllcache\tscupgrd.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 14848 c:\windows\system32\dllcache\tscon.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 52224 c:\windows\system32\dllcache\tsappcmp.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 59904 c:\windows\system32\dllcache\trnsprov.dll
+ 2004-11-03 20:13 . 2002-08-29 12:00 40960 c:\windows\system32\dllcache\trialoc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 31232 c:\windows\system32\dllcache\traffic.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 31744 c:\windows\system32\dllcache\tracert6.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 12288 c:\windows\system32\dllcache\tracert.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13888 c:\windows\system32\dllcache\toolhelp.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 61952 c:\windows\system32\dllcache\tmplprov.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 10240 c:\windows\system32\dllcache\tmigrate.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 44032 c:\windows\system32\dllcache\tintlphr.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\dllcache\tftp.exe
+ 2002-08-29 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-11-03 20:19 . 2002-08-29 12:00 19464 c:\windows\system32\dllcache\tdspx.sys
+ 2004-11-03 20:19 . 2002-08-29 12:00 21896 c:\windows\system32\dllcache\tdipx.sys
+ 2004-11-03 20:19 . 2002-08-29 12:00 13192 c:\windows\system32\dllcache\tdasync.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 19456 c:\windows\system32\dllcache\tcpsvcs.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 45568 c:\windows\system32\dllcache\tcpmonui.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\dllcache\tcpmib.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12288 c:\windows\system32\dllcache\tcmsetup.exe
+ 2004-11-03 15:02 . 2002-08-29 12:00 15360 c:\windows\system32\dllcache\taskman.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 78848 c:\windows\system32\dllcache\tapiui.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 19200 c:\windows\system32\dllcache\tapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 36864 c:\windows\system32\dllcache\syskey.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 15872 c:\windows\system32\dllcache\sysinv.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 18896 c:\windows\system32\dllcache\sysedit.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 57856 c:\windows\system32\dllcache\synceng.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 51200 c:\windows\system32\dllcache\syncapp.exe
+ 2004-08-04 07:56 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-11-03 15:02 . 2004-08-04 07:56 74752 c:\windows\system32\dllcache\storprop.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\dllcache\stimon.exe
+ 2004-11-03 20:10 . 2004-08-04 07:56 86528 c:\windows\system32\dllcache\stdprov.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 54272 c:\windows\system32\dllcache\stclient.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 22016 c:\windows\system32\dllcache\startoc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 33280 c:\windows\system32\dllcache\sstub.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\ssstars.scr
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\dllcache\ssmyst.scr
+ 2002-08-29 12:00 . 2004-08-04 07:56 20992 c:\windows\system32\dllcache\ssmarque.scr
+ 2002-08-29 12:00 . 2004-08-04 07:56 19968 c:\windows\system32\dllcache\ssbezier.scr
+ 2004-11-03 20:13 . 2002-08-29 12:00 47104 c:\windows\system32\dllcache\srdiag.exe
+ 2004-11-03 15:02 . 2002-08-29 12:00 24661 c:\windows\system32\dllcache\spxcoins.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 72192 c:\windows\system32\dllcache\sprio800.dll
+ 2001-08-17 22:36 . 2002-08-29 12:00 70656 c:\windows\system32\dllcache\sprio600.dll
+ 2004-12-20 16:44 . 2004-08-04 05:56 11776 c:\windows\system32\dllcache\spnpinst.exe
+ 2001-08-17 22:36 . 2002-08-29 12:00 69632 c:\windows\system32\dllcache\spnike.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 62976 c:\windows\system32\dllcache\spgrmr.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 61440 c:\windows\system32\dllcache\spcplui.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 77824 c:\windows\system32\dllcache\spcommon.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\dllcache\sort.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 56832 c:\windows\system32\dllcache\sol.exe
+ 2004-11-03 20:19 . 2002-08-29 12:00 10240 c:\windows\system32\dllcache\snmpstup.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 34816 c:\windows\system32\dllcache\sniffpol.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 40960 c:\windows\system32\dllcache\smtpcons.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 15872 c:\windows\system32\dllcache\smierrsm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14592 c:\windows\system32\dllcache\smclib.sys
+ 2004-11-03 20:19 . 2002-08-29 12:00 31744 c:\windows\system32\dllcache\smb6w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 31744 c:\windows\system32\dllcache\sma3w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 38912 c:\windows\system32\dllcache\sm9aw.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 26624 c:\windows\system32\dllcache\sm93w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 26624 c:\windows\system32\dllcache\sm92w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 26112 c:\windows\system32\dllcache\sm90w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 26112 c:\windows\system32\dllcache\sm8dw.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 29184 c:\windows\system32\dllcache\sm8cw.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 26112 c:\windows\system32\dllcache\sm8aw.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 26112 c:\windows\system32\dllcache\sm89w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 30208 c:\windows\system32\dllcache\sm87w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 30208 c:\windows\system32\dllcache\sm81w.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 25088 c:\windows\system32\dllcache\sm59w.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 73796 c:\windows\system32\dllcache\slserv.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 32866 c:\windows\system32\dllcache\slrundll.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 73832 c:\windows\system32\dllcache\slcoinst.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\dllcache\slbrccsp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 98304 c:\windows\system32\dllcache\slbiop.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 26112 c:\windows\system32\dllcache\skeys.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 13824 c:\windows\system32\dllcache\sisbkup.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 18944 c:\windows\system32\dllcache\simptcp.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 70144 c:\windows\system32\dllcache\sigverif.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 13312 c:\windows\system32\dllcache\sigtab.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 42573 c:\windows\system32\dllcache\shvlzm.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 66113 c:\windows\system32\dllcache\shvl.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 19456 c:\windows\system32\dllcache\shutdown.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 77824 c:\windows\system32\dllcache\shrpubw.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 14848 c:\windows\system32\dllcache\shadow.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\dllcache\sfmapi.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 23040 c:\windows\system32\dllcache\setup.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 31232 c:\windows\system32\dllcache\sethc.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 14848 c:\windows\system32\dllcache\serwvdrv.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 56320 c:\windows\system32\dllcache\servdeps.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14336 c:\windows\system32\dllcache\serialui.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 13824 c:\windows\system32\dllcache\senscfg.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 29184 c:\windows\system32\dllcache\sendcmsg.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 29184 c:\windows\system32\dllcache\sdhcinst.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 77312 c:\windows\system32\dllcache\sdbinst.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 57856 c:\windows\system32\dllcache\scripto.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 26624 c:\windows\system32\dllcache\scredir.dll
+ 2004-11-03 20:11 . 2004-08-04 07:56 36864 c:\windows\system32\dllcache\scrcons.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 69632 c:\windows\system32\dllcache\scarddlg.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-11-03 15:02 . 2002-08-29 12:00 36864 c:\windows\system32\dllcache\sapisvr.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 45568 c:\windows\system32\dllcache\safrslv.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 29696 c:\windows\system32\dllcache\safrdm.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 43520 c:\windows\system32\dllcache\safrcdlg.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 15872 c:\windows\system32\dllcache\rwinsta.exe
+ 2004-11-03 20:19 . 2002-08-29 12:00 79872 c:\windows\system32\dllcache\rwia330.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 79872 c:\windows\system32\dllcache\rwia001.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 26624 c:\windows\system32\dllcache\rw330ext.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 24576 c:\windows\system32\dllcache\rw001ext.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 42574 c:\windows\system32\dllcache\rvsezm.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 48706 c:\windows\system32\dllcache\rvse.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 14336 c:\windows\system32\dllcache\runonce.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16384 c:\windows\system32\dllcache\runas.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 98304 c:\windows\system32\dllcache\rtm.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 31744 c:\windows\system32\dllcache\rtipxmib.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 77312 c:\windows\system32\dllcache\rtcshare.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 90112 c:\windows\system32\dllcache\rsvpsp.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\dllcache\rsvpmsg.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49152 c:\windows\system32\dllcache\rsmui.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 24576 c:\windows\system32\dllcache\rsmsink.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 18944 c:\windows\system32\dllcache\rsmps.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 49152 c:\windows\system32\dllcache\rsm.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 14848 c:\windows\system32\dllcache\rsh.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 61440 c:\windows\system32\dllcache\rrcm.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\dllcache\rpcns4.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 25600 c:\windows\system32\dllcache\routemon.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 19968 c:\windows\system32\dllcache\route.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 13824 c:\windows\system32\dllcache\rexec.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 12800 c:\windows\system32\dllcache\replace.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 59904 c:\windows\system32\dllcache\regsvc.dll
+ 2004-11-03 20:19 . 2002-08-29 12:00 14848 c:\windows\system32\dllcache\register.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 33792 c:\windows\system32\dllcache\regini.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 50176 c:\windows\system32\dllcache\reg.exe
+ 2004-11-03 20:11 . 2004-08-04 07:56 67072 c:\windows\system32\dllcache\rdshost.exe
+ 2004-11-03 20:10 . 2004-08-04 07:56 13824 c:\windows\system32\dllcache\rdsaddin.exe
+ 2004-11-03 20:10 . 2004-08-04 08:01 87176 c:\windows\system32\dllcache\rdpwsx.dll
+ 2004-11-03 20:10 . 2004-08-04 07:56 19968 c:\windows\system32\dllcache\rdpsnd.dll
+ 2002-08-29 12:00 . 2004-08-04 08:01 92168 c:\windows\system32\dllcache\rdpdd.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 21504 c:\windows\system32\dllcache\rcp.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 35840 c:\windows\system32\dllcache\rcimlby.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 34432 c:\windows\system32\dllcache\rawwan.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 12800 c:\windows\system32\dllcache\rasser.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 16896 c:\windows\system32\dllcache\rassapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 23552 c:\windows\system32\dllcache\rasrad.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16512 c:\windows\system32\dllcache\raspti.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 56832 c:\windows\system32\dllcache\rasphone.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 22528 c:\windows\system32\dllcache\rasmxs.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11264 c:\windows\system32\dllcache\rasdial.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\dllcache\rasctrs.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 11776 c:\windows\system32\dllcache\rasautou.exe
+ 2004-11-03 20:11 . 2002-08-29 12:00 22016 c:\windows\system32\dllcache\qwinsta.exe
+ 2004-11-03 20:18 . 2002-08-29 12:00 16384 c:\windows\system32\dllcache\quser.exe
+ 2004-11-03 20:11 . 2004-08-04 07:56 20480 c:\windows\system32\dllcache\qprocess.exe
+ 2004-11-16 03:29 . 2004-08-04 07:56 18944 c:\windows\system32\dllcache\qmgrprxy.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 16896 c:\windows\system32\dllcache\qappsrv.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 17792 c:\windows\system32\dllcache\ptilink.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 10752 c:\windows\system32\dllcache\pschdprf.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 50176 c:\windows\system32\dllcache\proquota.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 16384 c:\windows\system32\dllcache\prflbmsg.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 49152 c:\windows\system32\dllcache\powercfg.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 48640 c:\windows\system32\dllcache\pnrpnsp.dll
+ 2006-05-10 05:23 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-11-03 20:18 . 2002-08-29 12:00 11264 c:\windows\system32\dllcache\pmxmcro.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 46592 c:\windows\system32\dllcache\pmspl.dll
+ 2004-11-03 20:18 . 2002-08-29 12:00 67584 c:\windows\system32\dllcache\pmigrate.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 30720 c:\windows\system32\dllcache\plustab.dll
+ 2004-11-03 20:18 . 2002-08-29 12:00 70144 c:\windows\system32\dllcache\pintlphr.exe
+ 2004-11-03 20:18 . 2002-08-29 12:00 53760 c:\windows\system32\dllcache\pintlcsd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 33280 c:\windows\system32\dllcache\ping6.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 17920 c:\windows\system32\dllcache\ping.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 35328 c:\windows\system32\dllcache\pifmgr.dll
+ 2002-08-29 12:00 . 2004-08-04 06:04 24064 c:\windows\system32\dllcache\pidgen.dll
+ 2002-08-29 03:41 . 2004-08-04 07:56 35328 c:\windows\system32\dllcache\pid.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 12288 c:\windows\system32\dllcache\perfts.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 34816 c:\windows\system32\dllcache\perfproc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\dllcache\perfnet.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15872 c:\windows\system32\dllcache\perfmon.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 39936 c:\windows\system32\dllcache\perfctrs.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 15360 c:\windows\system32\dllcache\pentnt.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 62976 c:\windows\system32\dllcache\pautoenr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 21504 c:\windows\system32\dllcache\pathping.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 18688 c:\windows\system32\dllcache\partmgr.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 10240 c:\windows\system32\dllcache\panmap.dll
+ 2004-11-03 20:18 . 2002-08-29 12:00 15360 c:\windows\system32\dllcache\padrs804.dll
+ 2004-11-03 20:18 . 2002-08-29 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
+ 2004-11-03 20:18 . 2002-08-29 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2004-11-03 20:18 . 2002-08-29 12:00 15872 c:\windows\system32\dllcache\padrs404.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 58368 c:\windows\system32\dllcache\packager.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 88064 c:\windows\system32\dllcache\p2pnetsh.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 86016 c:\windows\system32\dllcache\p2pgasvc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 40448 c:\windows\system32\dllcache\osuninst.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 51200 c:\windows\system32\dllcache\oobebaln.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 69120 c:\windows\system32\dllcache\olethk32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 22016 c:\windows\system32\dllcache\olesvr32.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 24064 c:\windows\system32\dllcache\olesvr.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 65536 c:\windows\system32\dllcache\oledb32r.dll
+ 2005-01-14 05:33 . 2005-07-26 04:39 37888 c:\windows\system32\dllcache\olecnv32.dll
+ 2005-01-14 05:33 . 2005-07-26 04:39 74752 c:\windows\system32\dllcache\olecli32.dll
+ 2004-11-03 15:02 . 2002-08-29 12:00 82944 c:\windows\system32\dllcache\olecli.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 16896 c:\windows\system32\dllcache\oleaccrc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 39744 c:\windows\system32\dllcache\ole2.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 35328 c:\windows\system32\dllcache\oemiglib.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 60416 c:\windows\system32\dllcache\oemig50.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 20511 c:\windows\system32\dllcache\odtext32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20510 c:\windows\system32\dllcache\odpdx32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20510 c:\windows\system32\dllcache\odfox32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20510 c:\windows\system32\dllcache\odexl32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 20511 c:\windows\system32\dllcache\oddbse32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 12288 c:\windows\system32\dllcache\odbcp32r.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 53279 c:\windows\system32\dllcache\odbcji32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\dllcache\odbccu32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 65536 c:\windows\system32\dllcache\odbccr32.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 69632 c:\windows\system32\dllcache\odbcconf.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 32768 c:\windows\system32\dllcache\odbcad32.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 16384 c:\windows\system32\dllcache\odbc32gt.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 26224 c:\windows\system32\dllcache\odbc16gt.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 17408 c:\windows\system32\dllcache\ocmsn.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 60928 c:\windows\system32\dllcache\ocmanage.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15872 c:\windows\system32\dllcache\ocgen.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 55936 c:\windows\system32\dllcache\nwlnkspx.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 63232 c:\windows\system32\dllcache\nwlnknb.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 32512 c:\windows\system32\dllcache\nwlnkfwd.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 12416 c:\windows\system32\dllcache\nwlnkflt.sys
+ 2004-06-17 17:58 . 2004-06-17 17:58 13312 c:\windows\system32\dllcache\ntvdmd.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 36864 c:\windows\system32\dllcache\ntsdexts.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 31744 c:\windows\system32\dllcache\ntsd.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 91136 c:\windows\system32\dllcache\ntprint.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 62976 c:\windows\system32\dllcache\ntoc.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 36864 c:\windows\system32\dllcache\ntmsevt.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 40960 c:\windows\system32\dllcache\ntmsapi.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 14336 c:\windows\system32\dllcache\ntlanui2.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 57856 c:\windows\system32\dllcache\ntlanui.dll
+ 2004-05-17 22:43 . 2004-05-17 22:43 34560 c:\windows\system32\dllcache\ntio804.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 35424 c:\windows\system32\dllcache\ntio412.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 35648 c:\windows\system32\dllcache\ntio411.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 34560 c:\windows\system32\dllcache\ntio404.sys
+ 2004-05-17 22:43 . 2004-05-17 22:43 33840 c:\windows\system32\dllcache\ntio.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 29146 c:\windows\system32\dllcache\ntdos804.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 29274 c:\windows\system32\dllcache\ntdos412.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 29370 c:\windows\system32\dllcache\ntdos411.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 29146 c:\windows\system32\dllcache\ntdos404.sys
+ 2002-08-29 12:00 . 2002-08-29 12:00 27866 c:\windows\system32\dllcache\ntdos.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 76800 c:\windows\system32\dllcache\nslookup.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 54784 c:\windows\system32\dllcache\npptools.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 15360 c:\windows\system32\dllcache\nppagent.exe
+ 2004-11-03 20:13 . 2002-08-29 12:00 35328 c:\windows\system32\dllcache\notiflag.exe
+ 2004-11-03 15:02 . 2004-08-04 07:56 69120 c:\windows\system32\dllcache\notepad.exe
+ 2004-11-03 20:13 . 2004-08-04 07:56 28672 c:\windows\system32\dllcache\nmmkcert.dll
+ 2004-11-03 20:13 . 2002-08-29 12:00 12288 c:\windows\system32\dllcache\nmevtmsg.dll
+ 2004-12-19 20:28 . 2004-08-04 07:56 77824 c:\windows\system32\dllcache\nmcom.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 81920 c:\windows\system32\dllcache\nmchat.dll
+ 2004-11-03 20:13 . 2004-08-04 07:56 28672 c:\windows\system32\dllcache\nmasnt.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 36864 c:\windows\system32\dllcache\netstat.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 86016 c:\windows\system32\dllcache\netsh.exe
+ 2002-08-29 12:00 . 2004-08-04 07:56 77312 c:\windows\system32\dllcache\netoc.dll
+ 2002-08-29 12:00 . 2004-08-04 07:56 42496 c:\windows\system32\dllcache\net.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 38016 c:\windows\system32\dllcache\ndproxy.sys
+ 2002-08-29 12:00 . 2004-08-04 07:56 57344 c:\windows\system32\dllcache\ndisnpp.dll
+ 2004-06-17 00:24 . 2004-08-04 07:56 18944 c:\windows\system32\dllcache\nddenb32.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 20480 c:\windows\system32\dllcache\nbtstat.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 35840 c:\windows\system32\dllcache\narrhook.dll
+ 2002-08-29 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
+ 2002-08-29 12:00 . 2002-08-29 12:00 90112 c:\windows\system32\dllcache\mycomput.dll
+ 2004-12-19 20:30 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 25088 c:\windows\system32\dllcache\mtxlegih.dll
+ 2004-11-03 20:11 . 2002-08-29 12:00 20480 c:\windows\system32\dllcache\mtxdm.dll
+ 2005-03-20 18:01 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 26624 c:\windows\system32\dllcache\msxmlr.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 44032 c:\windows\system32\dllcache\msxml3r.dll
+ 2002-08-29 12:00 . 2002-08-29 12:00 37916 c:\windows\system32\dllcache\msxml2r.dll
+ 2004-11-03 20:12 . 2004-08-04 07:56 24576 c:\windows\system32\dllcache\msxactps.dll


I have to go to bed atm and theres a lot more to post so heres to hoping I can just attach it? Either way I'll be back tomorrow.

 

[exmatt]

Hey Bobbye can I attach that log? It will take me many more post otherwise it appears.

 

[Bobbye]

Every once in a while, Combofix generates this lengthy output. Unfortunately, there are additional entries below this that I need to see. Open the Combofix lok and go down to the end of the this section beginning ((((((((((((((((((((((((((((( SnapShot@2010-11-11_22.24.11 )))))))))))))))))))))))))))))))))))))))))

Copy the log from the end of those entries to the end of the log and paste it in the reply. I've got script written to remove the BitTorrent entries but I need to make sure no bad entries remain in Combofix.

 

[exmatt]

Thanks. It was indeed lengthy!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2008-01-21 66840]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-06 2923192]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-11-21 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-08-23 11:24 196608 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2001-08-23 11:24 311296 -c--a-w- c:\windows\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 20:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 14:11 57344 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"58474:TCP"= 58474:TCPando Media Booster
"58474:UDP"= 58474:UDPando Media Booster

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 3:18 PM 169192]
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2002-08-29 07:56]

2010-12-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-12 14:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Becky\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\k8y9lwa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox (default): {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 21:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1312)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-16 21:16:00
ComboFix-quarantined-files.txt 2010-12-17 02:15
ComboFix2.txt 2010-12-15 20:01
ComboFix3.txt 2010-11-11 22:27

Pre-Run: 25,127,878,656 bytes free
Post-Run: 25,127,362,560 bytes free

- - End Of File - - 4C363014870751C1EA02E60913C134AA

 

[Bobbye]

Are you still having the BSODs and popups? If so, I need to to tell me what you are trying to do when you get the BSOD and if there is any text with it.

Also, describe the popups.

 

[exmatt]

I'm heading around to other sites and such but no pop ups have occured in a long time. They stopped much towards the beggining. From what I know the pop ups were just random and often porn although I only saw a few (and no porn ones) and then they stopped while we were cleaning. (They thankfully weren't the Zedo ones that my personal laptop unfortentally has at the moment.) The BSODs also have stopped. I've surfed around and messed with things, and even just let it sit and it hasn't shut off anymore by itself or had a memory dump so we appear good there as well.

By the way her fan runs all the time which I think was contributing to the shut downs and although it isn't getting as hot as it use to I still don't like it running that much. I installed Everest at some point before we started but I have no clue how to use it or if it is suppose to work by itself...?

Edit: Also I was going to get rid of Symantec Antivirus when we are done since she doesn't use it anymore however it has things in Quarantine (about 21 things) so I don't know if it would be safe to do that...?

 

[exmatt]

Just wondering are we almost done?

 

[Bobbye]

You already know that when a laptop gets hot, the fan runs more. And if it reaches a system set heat point, it will shut down. The more that's running, the more chance for heat buildup. There is a long list of processes that do not need to start on boot, then run in the background. Some examples are:
All Adobe Processes
All Java processes
BitTorrent
Kodak Easyshare
QuickTime Media player
All HP Printing and share to web processes
and more

If you run a new HijackThis scan, I'll have you check everything that doesn't need to run. Then that can be uesed as a guide to take those processes off of Startup. I can also tell you which of the Services I see can be set to Manual Startup.

This is what I advise when changing the antivirus program:
If you are near the end of the subscription or if you want to make the change anyway:

1. Download the Norton Removal Tool HERE and save to the desktop.
2. Antivirus Software Download and save to desktop. (only one):Both of the following programs are free and known to be good:
   [o]Avira Free
   [o]Avast Home
3. Firewall Download and save to desktop. (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
4. Boot into Safe Mode
   [o] Restart your computer and start pressing the F8 key on your keyboard.
   [o] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
5. Delete the Norton Quarantine folder.
6. Run the Norton Removal Tool
7. Run the antivirus setup.
8. Run the firewall setup
9. Reboot and go back online>>>> Update each of the programs.

Run full system scan with new AV. Check firewall programs settings.

The Symantec/Norton product uses a lot of resources. My preference is a combination of stand-alone products. There are many good free programs and there are also paid stand alones like Nod32 AV. And I think all of the 'suites' cost $$.

 

[exmatt]

I can run a new hijackthis scan but u said u had a script to run to get rid of bittorrent?

 

[Bobbye]

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

KillAll::
File::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=-

DDS::
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . No log needed.
====================
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin