No no, i have reinstalled XP only. The PC with win7 is just as the it is. Here are the log files from win7 PC. Suggest me a solution. Please.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.04.08
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
ONI :: ONI-PC [administrator]
Protection: Enabled
4/29/2012 3:25:32 AM
mbam-log-2012-04-29 (03-25-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193459
Time elapsed: 3 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
Files Detected: 4
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\ONI\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
(end)
=========================================
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2012-04-29 03:46:09
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 WDC_WD5000AAKX-001CA0 rev.15.01H15
Running: p8qbc93w.exe; Driver: C:\Users\ONI\AppData\Local\Temp\uwldapow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C54579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text autochk.exe 00291204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 0029120C 1 Byte [00]
.text autochk.exe 00291210 1 Byte [00]
.text autochk.exe 00291214 2 Bytes [00, 00] {ADD [EAX], AL}
.text autochk.exe 00291218 2 Bytes [00, 00] {ADD [EAX], AL}
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2864] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75535D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000250@6ca780b5eed4 0xDE 0x6E 0xD3 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000250@6ca780b5eed4 0xDE 0x6E 0xD3 0x9A ...
---- EOF - GMER 1.0.15 ----
==============================================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by ONI at 3:47:56 on 2012-04-29
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1847.854 [GMT 6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\QUBEE WCM\GPCommonService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FuzLez\WheelsOfVolume\WheelsOfVolume.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Avro Keyboard\Avro Keyboard.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\QUBEE WCM\QUBEE WCM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\QUBEE WCM\wimax\WmMMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109980&babsrc=HP_ss&mntrId=fe94e8780000000000001c6f65a8d2fa
uURLSearchHooks: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - c:\program files\kmpmediatoolbar\kmpmediatoolbarX.dll
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - c:\program files\kmpmediatoolbar\kmpmediatoolbarX.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: KMP Media Toolbar: {daf5b34c-1aa3-4c33-ae24-766a370635d2} - c:\program files\kmpmediatoolbar\kmpmediatoolbarX.dll
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Avro Keyboard] c:\program files\avro keyboard\Avro Keyboard.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [QUBEE WCM] c:\program files\qubee wcm\QUBEE WCM.exe minimized
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [FuzLez WheelsOfVolume] "c:\program files\fuzlez\wheelsofvolume\WheelsOfVolume.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{C1272F84-7878-4E0E-B014-8480D14E953C} : DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{D4978370-C7A5-407E-8BCC-7A60E5AFCF72} : NameServer = 208.67.222.222 8.8.8.8
TCP: Interfaces\{E494FFD5-1ADE-4870-B75A-DF3D0E32C156} : DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{F67C6066-44B8-4B4B-A35A-1A38D1D1A6D6} : DhcpNameServer = 192.168.123.1 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\oni\appdata\roaming\mozilla\firefox\profiles\f9oyv1cj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsldef0defa;MpKsldef0defa;c:\programdata\microsoft\microsoft antimalware\definition updates\{d7d3feab-e424-47a9-b701-58a5dc434539}\MpKsldef0defa.sys [2012-4-29 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-2-25 21992]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2012-4-21 1412488]
R2 GPCommonService;GPCommonService;c:\program files\qubee wcm\GPCommonService.exe [2012-4-28 90112]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-12-24 84720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-29 654408]
R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\drivers\mtkwmptv.sys [2012-4-28 15360]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-1-15 577752]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\du meter\DUMetr32.sys [2012-4-21 18576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-28 22344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-1-14 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\drivers\mt7118vu.sys [2012-3-17 131072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
.
=============== File Associations ===============
.
.txt=STDUViewerFile.TXT
.
=============== Created Last 30 ================
.
2012-04-28 21:24:49 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d7d3feab-e424-47a9-b701-58a5dc434539}\MpKsldef0defa.sys
2012-04-28 21:23:46 711240 ----a-w- c:\windows\isRS-000.tmp
2012-04-28 16:51:23 -------- d-----w- c:\users\oni\appdata\roaming\Malwarebytes
2012-04-28 16:51:18 -------- d-----w- c:\programdata\Malwarebytes
2012-04-28 16:51:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-28 16:51:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-28 08:36:39 15360 ----a-w- c:\windows\system32\drivers\mtkwmptv.sys
2012-04-28 08:36:34 -------- d-----w- c:\program files\QUBEE WCM
2012-04-27 15:22:24 -------- d-----w- c:\program files\CCleaner
2012-04-26 19:28:16 -------- d-----w- c:\users\oni\appdata\local\Opera
2012-04-26 19:25:02 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d7d3feab-e424-47a9-b701-58a5dc434539}\mpengine.dll
2012-04-26 08:55:55 -------- d-----w- c:\users\oni\appdata\roaming\Rovio
2012-04-25 18:51:00 -------- d-----w- c:\windows\OPTIONS
2012-04-24 16:15:50 -------- d-----w- c:\program files\LSoft Technologies
2012-04-21 15:40:49 -------- d-----w- c:\programdata\Hagel Technologies
2012-04-21 15:40:46 -------- d-----w- c:\program files\DU Meter
2012-04-11 13:12:50 -------- d-----w- c:\program files\Conduit
2012-04-11 13:12:48 -------- d-----w- c:\users\oni\appdata\local\Conduit
2012-04-11 13:09:15 -------- d-----w- c:\program files\Yontoo
2012-04-11 13:09:13 -------- d-----w- c:\programdata\Tarma Installer
2012-04-10 09:08:14 -------- d-----w- c:\program files\ExpressFiles
2012-04-08 15:39:05 53248 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2012-04-08 15:39:05 126976 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2012-04-08 15:39:04 114688 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2012-04-07 08:19:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-07 08:19:42 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-03-07 03:38:20 138056 ----a-w- c:\users\oni\appdata\roaming\PnkBstrK.sys
2012-03-07 03:38:02 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-18 05:17:54 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-18 05:17:54 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-07 15:15:07 1108 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-09-02 07:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 3:48:09.43 ===============
==========================================================================================