The original version of this page can be found at : http://forum.bullguard.com/forum/8/Virus-disable-safemode_66132.html
| Posted By : Sherine - 9-23-2008 8:27 | Hello everybody,
I'm having a virus on my computer that disabled my safe mode ... when I tried to go into safe mode with f8 it restarted the computer and go into regular mode.. It disabled task manager,registry editor and hidden files. and when i put my flashdrive into my computer it found an autorun file and a hidden file appear for seconds and when i delete it kept coming back with a new name each time .. can anyone help me please....thanx in advancePost Edited (Sherine) : 23-09-2008 08:59:36 GMT |
| Posted By : Touch - 9-23-2008 10:38 | Hello 
After You have run the scan tools -
Reboot normally
Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic
Please copy and paste your log. DO NOT add it as an attachment
Kindly do not annotate or format the log with color or font changes.
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
| Posted By : Sherine - 9-23-2008 12:40 | Here is Hijackthis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:55 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\PrevxCSI\prevxcsi.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\PrevxCSI\prevxcsi.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Sherine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Sherine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Sherine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\AutoCAD 2009\acad.exe
D:\DOCUME~1\Sherine\LOCALS~1\Temp\AdskCleanup.0001
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\DOCUME~1\Sherine\LOCALS~1\Temp\AdskCleanup.0001
D:\Documents and Settings\Sherine\My Documents\Downloads\AntiVirus\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/Documents%20and%20Settings/Sherine/My%20Documents/Home%20page/Homepage.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Sherine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [UnHackMe Monitor] D:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EF00868-BBC0-4E7B-94E2-87B611DE4068}: NameServer = 163.121.128.134,212.103.160.18
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CSIScanner - Prevx - D:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6041 bytes |
| Posted By : Sherine - 9-24-2008 7:34 | SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/24/2008 at 08:32 AM
Application Version : 4.21.1004
Core Rules Database Version : 3578
Trace Rules Database Version: 1566
Scan type : Quick Scan
Total Scan Time : 00:52:48
Memory items scanned : 307
Memory threats detected : 0
Registry items scanned : 301
Registry threats detected : 0
File items scanned : 40155
File threats detected : 10
Trojan.Dropper/Gen-WinX
C:\DOCUMENTS AND SETTINGS\SHERINE.SHERINE.000\LOCAL SETTINGS\TEMP\ORUE.EXE
C:\DOCUMENTS AND SETTINGS\SHERINE.SHERINE.000\LOCAL SETTINGS\TEMP\WINAKNK.EXE
Trojan.MailDrop/Gen
C:\DOCUMENTS AND SETTINGS\SHERINE.SHERINE.000\LOCAL SETTINGS\TEMP\WINAFBEYI.EXE
C:\DOCUMENTS AND SETTINGS\SHERINE.SHERINE.000\LOCAL SETTINGS\TEMP\WINECENJS.EXE
C:\WINDOWS\SYSTEM32\A49CA.EXE
C:\WINDOWS\SYSTEM32\B40D.EXE
D:\DOCUMENTS AND SETTINGS\SHERINE\LOCAL SETTINGS\TEMP\WINPYWHOL.EXE
Adware.Tracking Cookie
G:\Documents and Settings\sherine\Cookies\sherine@fastclick.txt
G:\Documents and Settings\sherine\Cookies\sherine@tacoda.txt
G:\Documents and Settings\sherine\Cookies\sherine@tribalfusion.txt
-------------------------------------------------------------------------------------------
ComboFix 08-09-20.05 - Sherine 2008-09-23 13:25:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.230 [GMT 3:00]
Running from: D:\Documents and Settings\Sherine\My Documents\Downloads\AntiVirus\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\OPTIONS\CABS\_desktop.ini
D:\WINDOWS\system32\wmdrtc32.dl_
D:\WINDOWS\system32\wmdrtc32.dll
N:\autorun.inf
N:\fihu.pif
N:\ygym.pif
.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.
2008-09-23 13:24 . 2008-09-23 13:24 <DIR> d-------- D:\HJT
2008-09-23 12:03 . 2008-09-23 13:27 5,477 --a------ D:\WINDOWS\system32\drivers\qgrknn.sys
2008-09-23 10:05 . 2008-09-23 12:01 5,477 --a------ D:\WINDOWS\system32\drivers\QGRKNN.SYS.del
2008-09-23 09:04 . 2008-09-23 09:04 <DIR> d-------- D:\Program Files\PrevxCSI
2008-09-23 09:04 . 2008-09-23 13:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-23 09:04 . 2008-09-23 09:04 17,408 --a------ D:\WINDOWS\system32\drivers\pxark.sys
2008-09-23 08:54 . 2008-09-23 08:54 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-09-23 08:54 . 2008-09-23 08:54 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 08:54 . 2008-09-23 08:54 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\SUPERAntiSpyware.com
2008-09-23 08:54 . 2008-09-23 08:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-23 08:46 . 2008-09-23 08:55 <DIR> d-------- D:\Program Files\CCleaner
2008-09-23 08:09 . 2008-09-23 08:09 204,800 --a------ D:\zip.exe
2008-09-23 08:09 . 2008-09-23 08:09 19,286 --a------ D:\cleanup.exe
2008-09-23 08:09 . 2008-09-23 08:09 574 --a------ D:\cleanup.bat
2008-09-23 07:54 . 2008-09-23 08:27 <DIR> d-------- D:\WINDOWS\system32\CatRoot_bak
2008-09-22 21:04 . 2008-09-23 08:15 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-09-22 12:06 . 2008-09-22 12:06 <DIR> d-------- D:\WINDOWS\Sun
2008-09-22 12:05 . 2008-09-22 12:05 410,976 --a------ D:\WINDOWS\system32\deploytk.dll
2008-09-22 09:52 . 2008-09-23 12:01 <DIR> d-------- D:\RootkitNO
2008-09-22 09:40 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-22 09:33 . 2008-09-22 09:33 30,946 --a------ D:\WINDOWS\system32\drivers\Partizan.sys
2008-09-22 09:33 . 2008-09-22 09:33 25,088 --a------ D:\WINDOWS\system32\Partizan.exe
2008-09-22 09:33 . 2008-09-22 09:33 (2) -rahs-ot- D:\WINDOWS\winstart.bat
2008-09-22 09:32 . 2008-09-22 09:37 <DIR> d-------- D:\Program Files\UnHackMe
2008-09-22 09:32 . 2005-04-03 14:02 8,944 --a------ D:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2008-09-22 09:03 . 2008-09-22 09:03 <DIR> d-------- D:\Program Files\Common Files\iS3
2008-09-22 09:03 . 2008-09-22 09:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-22 09:03 . 2008-09-22 09:22 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-22 08:49 . 2008-09-22 08:49 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Uniblue
2008-09-22 07:50 . 2008-09-23 13:27 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Azureus
2008-09-22 07:50 . 2008-09-22 07:50 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Azureus
2008-09-22 06:32 . 2008-09-22 06:32 <DIR> d-------- D:\Program Files\Skype
2008-09-22 06:32 . 2008-09-22 06:32 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-09-22 06:32 . 2008-09-23 13:04 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Skype
2008-09-22 06:32 . 2008-09-22 06:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2008-09-22 06:30 . 2008-09-22 06:31 <DIR> d-------- D:\Program Files\Common Files\Autodesk Shared
2008-09-22 06:30 . 2008-09-22 06:31 <DIR> d-------- D:\Program Files\AutoCAD 2009
2008-09-22 06:30 . 2008-09-22 07:46 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Autodesk
2008-09-22 06:30 . 2008-09-22 07:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Autodesk
2008-09-22 06:06 . 2007-07-19 18:14 3,727,720 --a------ D:\WINDOWS\system32\d3dx9_35.dll
2008-09-22 06:03 . 2008-09-22 06:03 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
2008-09-22 06:02 . 2008-09-22 06:02 <DIR> d-------- D:\Program Files\Reference Assemblies
2008-09-22 06:02 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
2008-09-22 05:41 . 2008-09-22 05:41 <DIR> d-------- D:\Program Files\Sun
2008-09-22 05:40 . 2008-09-22 12:05 <DIR> d-------- D:\Program Files\Java
2008-09-22 05:40 . 2008-09-22 12:05 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-09-22 05:38 . 2008-09-22 05:38 <DIR> d-------- D:\Program Files\Common Files\Java
2008-09-21 18:14 . 2008-09-21 18:14 <DIR> d-------- D:\Program Files\Microsoft Works
2008-09-21 18:14 . 2006-10-26 19:56 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll
2008-09-21 18:13 . 2008-09-22 06:05 <DIR> d-------- D:\Program Files\MSBuild
2008-09-21 18:11 . 2008-09-21 18:13 <DIR> d-------- D:\WINDOWS\SHELLNEW
2008-09-21 18:11 . 2008-09-21 18:14 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-21 18:10 . 2008-09-21 18:10 <DIR> dr-h----- D:\MSOCache
2008-09-21 16:46 . 2008-09-21 16:46 <DIR> d-------- D:\WINDOWS\system32\Lang
2008-09-21 16:46 . 2008-09-21 16:46 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav
2008-09-21 16:46 . 2008-09-21 16:46 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav
2008-09-21 16:41 . 2008-09-21 16:46 <DIR> d-------- D:\WINDOWS\nview
2008-09-21 16:41 . 2007-01-24 04:39 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-09-21 16:41 . 2008-09-23 13:29 81,191 --a------ D:\WINDOWS\system32\nvapps.xml
2008-09-21 16:41 . 2007-01-24 04:39 16,960 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-09-21 16:40 . 2006-08-16 17:55 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 12:39 344,064 ----a-w D:\WINDOWS\HideWin.exe
2008-09-21 12:39 15,600 ----a-w D:\WINDOWS\gdrv.sys
2008-09-21 12:39 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-09-21 12:39 --------- d-----w D:\Program Files\Realtek
2008-09-21 12:39 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-09-21 12:39 --------- d-----w D:\Documents and Settings\Sherine\Application Data\InstallShield
2008-09-21 12:29 --------- d-----w D:\Program Files\Yahoo!
2008-09-21 12:29 --------- d-----w D:\Program Files\Intel
2008-09-21 12:26 --------- d-----w D:\Program Files\PowerISO
2008-09-21 12:05 --------- d-----w D:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="D:\Documents and Settings\Sherine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-21 206832]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
"UnHackMe Monitor"="D:\Program Files\UnHackMe\hackmon.exe" [2007-09-17 257024]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1601536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2006-01-31 282624]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-01-24 7630848]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-01-24 86016]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 100648]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 D:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-01-24 D:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"K:\\Sources\\COMPRESS PROGRAM\\winrar\\winrar 3.51\\wrar351.exe"=
"D:\\WINDOWS\\system32\\CTFMON.EXE"= D:\\WINDOWS\\system32\\ctfmon.exe
"K:\\Sources\\java realtime\\jre-1_5_0_04-windows-i586-p.exe"=
"D:\\WINDOWS\\RTHDCPL.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"D:\\WINDOWS\\ALCMTR.EXE"=
"D:\\WINDOWS\\system32\\nwiz.exe"=
"D:\\Documents and Settings\\Sherine\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"D:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"D:\\Program Files\\AutoCAD 2009\\acad.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"F:\\program files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\PrevxCSI\\prevxcsi.exe"=
R0 pxark;pxark;D:\WINDOWS\system32\drivers\pxark.sys [2008-09-23 17408]
R2 CSIScanner;CSIScanner;D:\Program Files\PrevxCSI\prevxcsi.exe [2008-09-23 618040]
R2 JavaQuickStarterService;Java Quick Starter;D:\Program Files\Java\jre6\bin\jqs.exe [2008-09-22 147456]
R2 NdisFileServices32;NdisFileServices32;D:\WINDOWS\system32\drivers\qgrknn.sys [2008-09-23 5477]
R3 abp470n5;abp470n5;D:\WINDOWS\system32\drivers\momlon.sys [ ]
S0 Partizan;Partizan;D:\WINDOWS\system32\drivers\Partizan.sys [2008-09-22 30946]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - D:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-SunJavaUpdateSched - D:\Program Files\Java\jre6\bin\jusched.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = file:///D:/Documents%20and%20Settings/Sherine/My%20Documents/Home%20page/Homepage.htm
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
O8 -: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{6EF00868-BBC0-4E7B-94E2-87B611DE4068}: NameServer = 163.121.128.134,212.103.160.18
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 13:29:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
D:\WINDOWS\system32\wmdrtc32.dll 40960 bytes executable
D:\WINDOWS\system32\wmdrtc32.dl_ 26066 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-09-23 13:32:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 10:32:28
Pre-Run: 26,752,806,912 bytes free
Post-Run: 26,654,916,608 bytes free
203 --- E O F --- 2008-09-23 04:44:46 |
| Posted By : Touch - 9-24-2008 8:16 | Please download Malwarebytes' Anti-Malware:
Or here:
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh combofix log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
| Posted By : Sherine - 9-24-2008 10:56 | Malwarebytes' Anti-Malware 1.28
Database version: 1201
Windows 5.1.2600 Service Pack 2
9/24/2008 11:25:57 AM
mbam-log-2008-09-24 (11-25-57).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 84406
Time elapsed: 18 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
D:\WINDOWS\system32\drivers\mzjw.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\eyzxp.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
----------------------------------------------------------------------------------------------
ComboFix 08-09-22.06 - Sherine 2008-09-24 11:31:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.279 [GMT 3:00]
Running from: D:\Documents and Settings\Sherine\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\wmdrtc32.dl_
D:\WINDOWS\system32\wmdrtc32.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-24 11:24 . 2008-09-24 11:04 484,942 --a------ D:\HaxFix.exe
2008-09-24 11:05 . 2008-09-24 11:05 <DIR> d-------- D:\HaxFix
2008-09-24 10:33 . 2008-09-24 11:35 5,477 --a------ D:\WINDOWS\system32\drivers\qgrknn.sys
2008-09-24 10:19 . 2008-09-24 10:19 <DIR> d-------- D:\Program Files\FileASSASSIN
2008-09-24 09:45 . 2008-09-24 09:45 <DIR> d-------- D:\Program Files\SharkMate
2008-09-24 09:44 . 2008-09-24 09:46 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-09-24 09:44 . 2008-09-24 09:44 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Malwarebytes
2008-09-24 09:44 . 2008-09-24 09:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-24 09:44 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-24 09:44 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 09:00 . 2008-09-24 09:00 <DIR> d-------- D:\WINDOWS\system32\PAV
2008-09-24 09:00 . 2008-09-24 09:00 <DIR> d-------- D:\Program Files\Panda Security
2008-09-24 09:00 . 2003-03-18 19:14 499,712 --a------ D:\WINDOWS\system32\MSVCP71.DLL
2008-09-24 09:00 . 2003-02-21 03:42 348,160 --a------ D:\WINDOWS\system32\MSVCR71.DLL
2008-09-24 09:00 . 2007-06-06 11:43 83,640 --a------ D:\WINDOWS\system32\drivers\pavdrv51.sys
2008-09-24 09:00 . 2007-03-15 18:38 54,832 --a------ D:\WINDOWS\system32\pavcpl.cpl
2008-09-24 09:00 . 2007-02-15 20:02 50,736 --a------ D:\WINDOWS\system32\avldr.dll
2008-09-24 09:00 . 2008-09-24 09:00 248 --a------ D:\WINDOWS\system32\PavCPL.dat
2008-09-24 08:23 . 2008-09-24 09:28 134 --a------ D:\WINDOWS\rootkitno.ini
2008-09-23 18:47 . 2008-09-23 18:47 <DIR> d-------- D:\Program Files\MSXML 6.0
2008-09-23 13:24 . 2008-09-23 13:24 <DIR> d-------- D:\HJT
2008-09-23 09:04 . 2008-09-23 09:04 <DIR> d-------- D:\Program Files\PrevxCSI
2008-09-23 09:04 . 2008-09-24 09:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-09-23 09:04 . 2008-09-23 09:04 17,408 --a------ D:\WINDOWS\system32\drivers\pxark.sys
2008-09-23 08:54 . 2008-09-24 10:32 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-09-23 08:54 . 2008-09-23 08:54 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 08:54 . 2008-09-23 08:54 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\SUPERAntiSpyware.com
2008-09-23 08:54 . 2008-09-23 08:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-23 08:09 . 2008-09-24 08:37 135,168 --a------ D:\zip.exe
2008-09-23 08:09 . 2008-09-24 08:37 19,286 --a------ D:\cleanup.exe
2008-09-23 07:54 . 2008-09-23 08:27 <DIR> d-------- D:\WINDOWS\system32\CatRoot_bak
2008-09-22 21:04 . 2008-09-23 18:47 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-09-22 12:06 . 2008-09-22 12:06 <DIR> d-------- D:\WINDOWS\Sun
2008-09-22 12:05 . 2008-09-22 12:05 410,976 --a------ D:\WINDOWS\system32\deploytk.dll
2008-09-22 09:52 . 2008-09-24 09:28 <DIR> d-------- D:\RootkitNO
2008-09-22 09:40 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-22 09:33 . 2008-09-22 09:33 30,946 --a------ D:\WINDOWS\system32\drivers\Partizan.sys
2008-09-22 09:33 . 2008-09-24 09:28 28,672 --a------ D:\WINDOWS\system32\Partizan.exe
2008-09-22 09:33 . 2008-09-24 09:28 (2) -rahs-ot- D:\WINDOWS\winstart.bat
2008-09-22 09:32 . 2008-09-24 09:28 <DIR> d-------- D:\Program Files\UnHackMe
2008-09-22 09:32 . 2005-04-03 14:02 8,944 --a------ D:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2008-09-22 09:09 . 2008-06-13 16:10 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-09-22 09:09 . 2008-06-13 16:10 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-09-22 09:03 . 2008-09-22 09:03 <DIR> d-------- D:\Program Files\Common Files\iS3
2008-09-22 09:03 . 2008-09-22 09:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-22 09:03 . 2008-09-22 09:22 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-22 08:49 . 2008-09-22 08:49 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Uniblue
2008-09-22 07:50 . 2008-09-24 09:45 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Azureus
2008-09-22 07:50 . 2008-09-22 07:50 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Azureus
2008-09-22 06:32 . 2008-09-22 06:32 <DIR> d-------- D:\Program Files\Skype
2008-09-22 06:32 . 2008-09-22 06:32 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-09-22 06:32 . 2008-09-24 10:51 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Skype
2008-09-22 06:32 . 2008-09-22 06:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2008-09-22 06:30 . 2008-09-24 08:57 <DIR> d-------- D:\Program Files\Common Files\Autodesk Shared
2008-09-22 06:30 . 2008-09-24 08:57 <DIR> d-------- D:\Program Files\AutoCAD 2009
2008-09-22 06:30 . 2008-09-24 08:50 <DIR> d-------- D:\Documents and Settings\Sherine\Application Data\Autodesk
2008-09-22 06:30 . 2008-09-24 08:50 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Autodesk
2008-09-22 06:06 . 2007-07-19 18:14 3,727,720 --a------ D:\WINDOWS\system32\d3dx9_35.dll
2008-09-22 06:03 . 2008-09-22 06:03 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
2008-09-22 06:02 . 2008-09-22 06:02 <DIR> d-------- D:\Program Files\Reference Assemblies
2008-09-22 06:02 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
2008-09-22 05:41 . 2008-09-22 05:41 <DIR> d-------- D:\Program Files\Sun
2008-09-22 05:40 . 2008-09-22 12:05 <DIR> d-------- D:\Program Files\Java
2008-09-22 05:40 . 2008-09-22 12:05 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-09-22 05:38 . 2008-09-22 05:38 <DIR> d-------- D:\Program Files\Common Files\Java
2008-09-21 18:14 . 2008-09-21 18:14 <DIR> d-------- D:\Program Files\Microsoft Works
2008-09-21 18:14 . 2006-10-26 19:56 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll
2008-09-21 18:13 . 2008-09-22 06:05 <DIR> d-------- D:\Program Files\MSBuild
2008-09-21 18:11 . 2008-09-21 18:13 <DIR> d-------- D:\WINDOWS\SHELLNEW
2008-09-21 18:11 . 2008-09-21 18:14 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-21 18:10 . 2008-09-21 18:10 <DIR> dr-h----- D:\MSOCache
2008-09-21 16:46 . 2008-09-21 16:46 <DIR> d-------- D:\WINDOWS\system32\Lang
2008-09-21 16:46 . 2008-09-21 16:46 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav
2008-09-21 16:46 . 2008-09-21 16:46 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav
2008-09-21 16:41 . 2008-09-21 16:46 <DIR> d-------- D:\WINDOWS\nview
2008-09-21 16:41 . 2007-01-24 04:39 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-09-21 16:41 . 2008-09-24 11:34 81,191 --a------ D:\WINDOWS\system32\nvapps.xml
2008-09-21 16:41 . 2007-01-24 04:39 16,960 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-09-21 16:40 . 2006-08-16 17:55 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 06:59 68 ----a-w D:\Program Files\xzhsvd.txt
2008-09-24 06:00 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-09-24 05:57 --------- d-----w D:\Program Files\PowerISO
2008-09-21 12:39 344,064 ----a-w D:\WINDOWS\HideWin.exe
2008-09-21 12:39 15,600 ----a-w D:\WINDOWS\gdrv.sys
2008-09-21 12:39 --------- d-----w D:\Program Files\Realtek
2008-09-21 12:39 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-09-21 12:39 --------- d-----w D:\Documents and Settings\Sherine\Application Data\InstallShield
2008-09-21 12:29 --------- d-----w D:\Program Files\Yahoo!
2008-09-21 12:29 --------- d-----w D:\Program Files\Intel
2008-09-21 12:05 --------- d-----w D:\Program Files\microsoft frontpage
2008-07-18 19:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w D:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w D:\WINDOWS\system32\mscms.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-23_13.31.19.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-13 13:10:50 272,128 ------w D:\WINDOWS\Driver Cache\i386\bthport.sys
- 2000-08-31 05:00:00 89,504 ----a-w D:\WINDOWS\fdsv.exe
+ 2000-08-31 05:00:00 114,688 ----a-w D:\WINDOWS\fdsv.exe
- 2000-08-31 05:00:00 80,412 ----a-w D:\WINDOWS\grep.exe
+ 2000-08-31 05:00:00 109,056 ----a-w D:\WINDOWS\grep.exe
- 2008-09-23 05:54:37 34,304 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2008-09-23 05:54:37 62,976 ----a-r D:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
- 2000-08-31 05:00:00 98,816 ----a-w D:\WINDOWS\sed.exe
+ 2000-08-31 05:00:00 127,488 ----a-w D:\WINDOWS\sed.exe
- 2006-10-04 08:48:36 72,704 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\magnify.exe
- 2006-10-04 08:48:36 53,760 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\narrator.exe
- 2006-10-04 08:48:37 215,552 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\osk.exe
- 2006-10-04 08:48:37 50,176 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\utilman.exe
- 2006-10-04 10:40:05 72,704 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\magnify.exe
- 2006-10-04 10:40:06 53,760 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\narrator.exe
- 2006-10-04 10:40:06 215,552 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\osk.exe
- 2006-10-04 10:40:06 50,176 ----a-w D:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\utilman.exe
- 2008-07-14 11:09:18 62,976 ----a-w D:\WINDOWS\SoftwareDistribution\Download\42bdf2dd6f3cb2280ad31b41b6c04cff\sp2gdr\tzchange.exe
- 2008-07-14 11:03:00 62,976 ----a-w D:\WINDOWS\SoftwareDistribution\Download\42bdf2dd6f3cb2280ad31b41b6c04cff\sp2qfe\tzchange.exe
- 2008-07-11 12:42:28 62,976 ----a-w D:\WINDOWS\SoftwareDistribution\Download\42bdf2dd6f3cb2280ad31b41b6c04cff\sp3gdr\tzchange.exe
- 2008-07-11 12:51:51 62,976 ----a-w D:\WINDOWS\SoftwareDistribution\Download\42bdf2dd6f3cb2280ad31b41b6c04cff\sp3qfe\tzchange.exe
- 2008-06-23 09:49:29 18,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2gdr\iedw.exe
- 2008-06-23 09:53:58 18,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\7266a4d025877b3f91e09ddc873eafd6\sp2qfe\iedw.exe
- 2008-04-14 00:12:11 184,320 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\accwiz.exe
- 2008-04-14 00:12:12 16,439 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\admin.exe
- 2008-04-14 00:12:12 256,512 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agentsvr.exe
- 2008-04-14 00:12:12 98,304 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ahui.exe
- 2008-04-14 00:12:12 44,544 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\alg.exe
- 2008-04-13 16:10:01 24,576 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aspnet_regiis.exe
- 2008-04-13 16:10:01 32,768 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aspnet_state.exe
- 2008-04-13 16:10:01 32,768 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aspnet_wp.exe
- 2008-04-14 00:12:12 30,208 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asr_fmt.exe
- 2008-04-14 00:12:12 25,088 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\at.exe
- 2008-04-14 00:12:12 11,264 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atmadm.exe
- 2008-04-14 00:12:12 12,288 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\attrib.exe
- 2008-04-14 00:12:12 14,336 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\auditusr.exe
- 2008-04-14 00:12:12 16,439 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\author.exe
- 2008-04-14 00:12:12 588,800 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\autochk.exe
- 2008-04-14 00:12:12 602,624 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\autoconv.exe
- 2008-04-14 00:12:13 580,608 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\autofmt.exe
- 2008-04-14 00:12:13 11,264 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\autolfn.exe
- 2008-04-14 00:12:13 71,680 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\blastcln.exe
- 2008-04-14 00:12:13 142,848 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\bootcfg.exe
- 2008-04-14 00:12:13 19,968 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cacls.exe
- 2007-06-27 12:53:18 94,208 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\caspol.exe
- 2008-04-14 00:12:14 188,480 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cfgwiz.exe
- 2008-04-14 00:12:14 56,832 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cipher.exe
- 2008-04-14 00:12:14 5,632 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cisvc.exe
- 2008-04-14 00:12:14 64,000 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cleanmgr.exe
- 2008-04-14 00:12:14 20,480 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cliconfg.exe
- 2008-04-14 00:12:14 102,912 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\clipbrd.exe
- 2008-04-14 00:12:14 33,280 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\clipsrv.exe
- 2008-04-14 00:12:14 389,120 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cmd.exe
- 2008-04-14 00:12:14 25,600 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cmdl32.exe
- 2008-04-14 00:12:15 39,936 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cmmon32.exe
- 2008-04-14 00:12:15 63,488 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cmstp.exe
- 2008-04-14 00:12:15 9,728 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comrepl.exe
- 2008-04-14 00:12:15 6,144 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comrereg.exe
- 2008-04-14 00:12:15 1,032,192 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\conf.exe
- 2008-04-14 00:12:15 27,648 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\conime.exe
- 2008-04-13 16:10:13 49,152 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\csc.exe
- 2008-04-14 00:12:15 139,264 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cscript.exe
- 2008-04-14 00:12:15 6,144 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\csrss.exe
- 2008-04-14 00:12:16 15,360 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
- 2008-04-14 00:12:16 42,496 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\davcdata.exe
- 2008-04-14 00:12:16 6,144 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dcomcnfg.exe
- 2008-04-14 00:12:16 30,208 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ddeshare.exe
- 2008-04-14 00:12:16 25,088 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\defrag.exe
- 2008-04-14 00:12:16 82,944 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dfrgfat.exe
- 2008-04-14 00:12:16 105,472 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dfrgntfs.exe
- 2008-04-14 00:12:17 539,136 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dialer.exe
- 2008-04-14 00:12:17 87,040 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\diantz.exe
- 2008-04-14 00:12:17 163,840 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\diskpart.exe
- 2008-04-14 00:12:17 294,912 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dlimport.exe
- 2008-04-14 00:12:17 5,120 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dllhost.exe
- 2008-04-14 00:12:17 224,768 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dmadmin.exe
- 2008-04-14 00:12:17 15,872 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dmremote.exe
- 2008-04-14 00:12:17 29,696 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dplaysvr.exe
- 2008-04-14 00:12:17 17,920 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dpnsvr.exe
- 2008-04-14 00:12:18 83,456 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dpvsetup.exe
- 2008-04-14 00:12:18 62,976 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\drvqry.exe
- 2008-04-14 00:12:18 10,752 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dumprep.exe
- 2008-04-14 00:12:18 17,920 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dvdupgrd.exe
- 2008-04-14 00:12:18 180,224 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dwwin.exe
- 2008-04-14 00:12:18 1,298,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dxdiag.exe
- 2008-04-14 00:12:19 193,024 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eudcedit.exe
- 2008-04-14 00:12:19 50,688 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\evcreate.exe
- 2008-04-14 00:12:19 24,064 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\evntcmd.exe
- 2008-04-14 00:12:19 92,160 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\evntwin.exe
- 2008-04-14 00:12:19 82,944 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\evtrig.exe
- 2008-04-14 00:12:19 1,033,728 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
- 2008-04-14 00:12:19 24,064 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\extrac32.exe
- 2008-04-14 00:12:20 20,992 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\faxpatch.exe
- 2008-04-14 00:12:20 27,136 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\findstr.exe
- 2008-04-14 00:12:20 23,040 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fltmc.exe
- 2008-04-14 00:12:20 20,992 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fontview.exe
- 2008-04-14 00:12:20 7,680 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\forcedos.exe
- 2008-04-14 00:12:20 15,120 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fp98sadm.exe
- 2008-04-14 00:12:20 109,840 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fp98swin.exe
- 2008-04-14 00:12:20 24,632 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fpadmcgi.exe
- 2008-04-14 00:12:20 188,494 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fpcount.exe
- 2008-04-14 00:12:20 20,538 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fpremadm.exe
- 2008-04-14 00:12:20 28,728 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fpsrvadm.exe
- 2008-04-14 00:12:20 193,024 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fsquirt.exe
- 2008-04-14 00:12:20 42,496 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ftp.exe
- 2008-04-14 00:12:21 142,848 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fxsclnt.exe
- 2008-04-14 00:12:21 229,376 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\fxscover.exe
- 2008-04-14 00:12:21 59,904 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\getmac.exe
- 2008-04-14 00:12:21 120,832 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\gprslt.exe
- 2008-04-14 00:12:21 39,424 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\grpconv.exe
- 2008-04-14 00:12:21 15,872 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\help.exe
- 2008-04-14 00:12:21 769,024 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\helpctr.exe
- 2008-04-14 00:12:21 744,448 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\helpsvc.exe
- 2008-04-14 00:12:21 10,752 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\hh.exe
- 2008-04-14 00:12:21 18,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\hscupd.exe
- 2008-04-14 00:12:22 214,528 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\icwconn1.exe
- 2008-04-14 00:12:22 86,016 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\icwconn2.exe
- 2008-04-14 00:12:22 24,576 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\icwrmind.exe
- 2008-04-14 00:12:22 34,304 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ie4uinit.exe
- 2008-04-14 00:12:22 18,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\iedw.exe
- 2008-04-14 00:12:22 93,184 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\iexplore.exe
- 2008-04-14 00:12:22 114,688 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\iexpress.exe
- 2008-04-14 00:12:22 30,720 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\iisrstas.exe
- 2008-04-13 16:10:32 184,320 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ilasm.exe
- 2008-04-14 00:12:22 150,528 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imapi.exe
- 2008-04-14 00:12:22 15,360 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\inetin51.exe
- 2008-04-14 00:12:22 20,480 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\inetwiz.exe
- 2007-06-27 12:54:28 24,576 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\installutil.exe
- 2008-04-14 00:12:12 32,768 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip\asr_pfu.exe
- 2008-04-13 18:43:32 9,728 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip\comsdupd.exe
- 2008-04-14 00:12:34 18,944 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip\secedit.exe
- 2008-04-13 18:43:31 12,800 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip\spiisupd.exe
- 2008-04-14 00:12:22 55,808 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ipconfig.exe
- 2008-04-14 00:12:23 53,248 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ipv6.exe
- 2008-04-14 00:12:23 23,552 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ipxroute.exe
- 2008-04-14 00:12:23 151,552 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\irftp.exe
- 2007-06-27 12:54:35 40,960 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\jsc.exe
- 2004-08-04 12:00:00 480,256 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\cintsetp.exe
- 2004-08-04 12:00:00 57,399 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\cplexe.exe
- 2004-08-04 12:00:00 307,257 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\imjpdct.exe
- 2004-08-04 12:00:00 155,705 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\imjpdsvr.exe
- 2004-08-04 12:00:00 196,665 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\imjpinst.exe
- 2004-08-04 12:00:00 208,952 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\imjpmig.exe
- 2004-08-04 12:00:00 233,527 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\imjprw.exe
- 2004-08-04 12:00:00 262,200 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\imjputy.exe
- 2004-08-04 12:00:00 59,392 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\imscinst.exe
- 2008-04-13 16:43:36 70,144 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\pintlphr.exe
- 2004-08-04 12:00:00 44,032 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\tintlphr.exe
- 2004-08-04 12:00:00 455,168 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lang\tintsetp.exe
- 2008-04-14 00:12:23 677,888 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lhmstsc.exe
- 2008-04-14 00:12:24 75,264 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\locator.exe
- 2008-04-14 00:12:24 103,936 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\logagent.exe
- 2008-04-14 00:12:24 59,392 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\logman.exe
- 2008-04-14 00:12:43 220,672 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\logon.scr
- 2008-04-14 00:12:24 514,560 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\logonui.exe
- 2008-04-14 00:12:24 13,312 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
- 2008-04-14 00:12:24 72,704 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\magnify.exe
- 2008-04-14 00:12:25 57,344 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\makecab.exe
- 2008-04-14 00:12:25 103,936 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\migload.exe
- 2008-04-14 00:12:25 786,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\migrate.exe
- 2008-04-14 00:12:25 7,680 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\migregdb.exe
- 2008-04-14 00:12:25 245,248 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\migwiz.exe
- 2008-04-14 00:12:25 241,152 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\migwiza.exe
- 2008-04-14 00:12:25 33,792 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mmcperf.exe
- 2008-04-14 00:12:25 32,768 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mnmsrvc.exe
- 2008-04-14 00:12:26 143,360 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mobsync.exe
- 2008-04-14 00:12:26 16,384 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mofcomp.exe
- 2008-04-14 00:12:27 3,558,912 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\moviemk.exe
- 2008-04-14 00:12:27 123,392 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mplay32.exe
- 2008-04-14 00:12:27 4,639 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mplayer2.exe
- 2008-04-14 00:12:27 19,968 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mqbkup.exe
- 2008-04-14 00:12:27 4,608 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mqsvc.exe
- 2008-04-14 00:12:27 117,248 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mqtgsvc.exe
- 2008-04-14 00:12:27 169,984 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msconfig.exe
- 2008-04-14 00:12:27 29,184 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mshta.exe
- 2008-04-14 00:12:28 78,848 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msiexec.exe
- 2008-04-14 00:12:28 60,416 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msimn.exe
- 2008-04-14 00:12:28 40,960 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msiregmv.exe
- 2008-04-14 00:12:28 1,695,232 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msmsgs.exe
- 2007-04-02 18:42:37 1,327,320 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msnsusii.exe
- 2008-04-14 00:12:28 29,184 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msoobe.exe
- 2008-04-14 00:12:28 343,040 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mspaint.exe
- 2008-04-14 00:12:29 12,288 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mstinit.exe
- 2008-04-14 00:12:29 119,808 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mtstocom.exe
- 2008-04-14 00:12:29 90,624 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\muisetup.exe
- 2008-04-14 00:12:29 176,640 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\napstat.exe
- 2008-04-14 00:12:29 53,760 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\narrator.exe
- 2008-04-14 00:12:29 42,496 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\net.exe
- 2008-04-14 00:12:29 124,928 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\net1.exe
- 2008-04-14 00:12:29 111,104 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netdde.exe
- 2008-04-14 00:16:51 329,728 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netsetup.exe
- 2008-04-14 00:12:29 86,016 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netsh.exe
- 2008-04-14 00:12:29 36,864 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netstat.exe
- 2008-04-13 16:11:06 147,456 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ngen.exe
- 2008-04-14 00:12:29 69,120 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\notepad.exe
- 2008-04-14 00:12:29 15,360 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\nppagent.exe
- 2008-04-14 00:12:29 76,800 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\nslookup.exe
- 2008-04-14 00:12:30 1,200,640 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntbackup.exe
- 2008-04-13 19:24:37 2,145,280 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlmp.exe
- 2008-04-13 18:31:21 2,065,792 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
- 2008-04-13 18:31:21 2,023,936 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrpamp.exe
- 2008-04-13 19:27:53 2,188,928 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
- 2008-04-14 00:12:30 420,864 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntvdm.exe
- 2008-04-14 00:12:30 32,768 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\odbcad32.exe
- 2008-04-14 00:12:30 69,632 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\odbcconf.exe
- 2008-04-14 00:12:30 60,416 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\oemig50.exe
- 2008-04-14 00:12:31 51,200 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\oobebaln.exe
- 2008-04-14 00:12:31 67,584 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\opnfiles.exe
- 2008-04-13 18:32:32 166,912 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\oschoice.exe
- 2008-04-14 00:12:31 215,552 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\osk.exe
- 2008-04-13 18:31:43 230,400 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\osloader.exe
- 2008-04-14 00:12:31 58,368 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\packager.exe
- 2008-04-14 00:12:31 15,872 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\perfmon.exe
- 2008-04-14 00:12:31 281,088 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\pinball.exe
- 2008-04-14 00:12:31 17,920 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ping.exe
- 2008-04-14 00:12:31 49,152 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powercfg.exe
- 2008-04-14 00:12:31 109,568 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\progman.exe
- 2008-04-14 00:12:32 50,176 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\proquota.exe
- 2008-04-14 00:12:32 9,216 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\proxycfg.exe
- 2008-04-14 00:12:32 19,968 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qprocess.exe
- 2008-04-14 00:12:32 56,832 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rasphone.exe
- 2008-04-14 00:12:32 35,840 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rcimlby.exe
- 2008-04-14 00:12:32 21,504 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rcp.exe
- 2008-04-14 00:12:32 62,976 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rdpclip.exe
- 2008-04-14 00:12:32 13,824 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rdsaddin.exe
- 2008-04-14 00:12:32 67,072 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rdshost.exe
- 2008-04-14 00:12:32 50,176 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\reg.exe
- 2007-06-27 12:57:33 28,672 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regasm.exe
- 2008-04-14 00:12:32 146,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regedit.exe
- 2008-04-14 00:12:32 11,776 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvr32.exe
- 2008-04-14 00:12:33 13,824 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rexec.exe
- 2008-04-14 00:12:33 14,848 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rsh.exe
- 2008-04-14 00:12:33 107,520 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rsnotify.exe
- 2008-04-14 00:12:33 380,416 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rstrui.exe
- 2008-04-14 00:12:33 77,312 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rtcshare.exe
- 2008-04-14 00:12:33 33,280 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rundll32.exe
- 2008-04-14 00:12:33 14,336 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\runonce.exe
- 2008-04-14 00:12:33 13,312 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\savedump.exe
- 2008-04-14 00:12:33 95,744 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scardsvr.exe
- 2008-04-14 00:12:34 36,352 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scrcons.exe
- 2008-04-14 00:12:43 9,216 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scrnsave.scr
- 2008-04-14 00:12:34 121,856 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sctasks.exe
- 2008-04-14 00:12:34 77,312 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sdbinst.exe
- 2008-04-14 00:12:34 108,544 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
- 2008-04-14 00:12:34 141,312 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sessmgr.exe
- 2008-04-14 00:12:34 31,232 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sethc.exe
- 2008-04-14 00:12:34 23,040 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\setup.exe
- 2008-04-14 00:12:35 774,144 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\setup_wm.exe
- 2008-04-14 00:12:34 73,216 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\setup50.exe
- 2008-04-14 00:12:35 32,768 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\setupn.exe
- 2008-04-14 00:12:35 45,056 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shmgrate.exe
- 2008-04-14 00:12:35 77,824 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shrpubw.exe
- 2008-04-14 00:12:35 16,437 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shtml.exe
- 2008-04-14 00:12:35 19,456 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shutdown.exe
- 2008-04-14 00:12:35 70,144 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sigverif.exe
- 2008-04-14 00:12:35 26,112 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\skeys.exe
- 2008-04-14 00:12:35 32,866 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\slrundll.exe
- 2008-04-14 00:12:35 73,796 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\slserv.exe
- 2008-04-14 00:12:35 8,192 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\smbinst.exe
- 2008-04-14 00:12:35 236,544 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\smi2smir.exe
- 2008-04-14 00:12:35 89,600 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\smlogsvc.exe
- 2008-04-14 00:12:36 50,688 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\smss.exe
- 2008-04-14 00:12:36 131,584 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sndrec32.exe
- 2008-04-14 00:12:36 33,280 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\snmp.exe
- 2008-04-14 00:12:36 8,704 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\snmptrap.exe
- 2008-04-14 00:12:36 24,576 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sort.exe
- 2008-04-14 00:12:36 7,680 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spdwnwxp.exe
- 2008-04-14 00:12:36 538,624 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spider.exe
- 2008-04-14 02:42:38 11,264 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spnpinst.exe
- 2008-04-14 00:12:36 57,856 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
- 2008-04-14 00:12:36 20,992 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spupdwxp.exe
- 2008-04-14 00:12:43 704,512 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ss3dfo.scr
- 2008-04-14 00:12:43 19,968 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssbezier.scr
- 2008-04-14 00:12:43 393,216 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssflwbox.scr
- 2008-04-14 00:12:44 20,992 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssmarque.scr
- 2008-04-14 00:12:44 47,104 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssmypics.scr
- 2008-04-14 00:12:44 18,944 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssmyst.scr
- 2008-04-14 00:12:44 610,304 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sspipes.scr
- 2008-04-14 00:12:44 14,336 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssstars.scr
- 2008-04-14 00:12:44 679,936 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sstext3d.scr
- 2008-04-14 00:12:36 14,848 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\stimon.exe
- 2008-04-14 00:12:36 16,449 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\stub_fpsrvadm.exe
- 2008-04-14 00:12:36 65,601 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\stub_fpsrvwin.exe
- 2008-04-14 00:12:36 14,336 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
- 2008-04-14 00:12:36 71,680 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sysinfo.exe
- 2008-04-14 00:12:37 106,496 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sysocmgr.exe
- 2008-04-14 00:12:37 76,288 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\taskkill.exe
- 2008-04-14 00:12:37 77,824 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tasklist.exe
- 2008-04-14 00:12:37 135,680 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\taskmgr.exe
- 2008-04-14 00:12:37 32,827 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcptest.exe
- 2008-04-14 00:12:37 75,776 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\telnet.exe
- 2008-04-14 00:12:37 61,440 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tlntadmn.exe
- 2008-04-14 00:12:37 78,336 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tlntsess.exe
- 2008-04-14 00:12:38 73,216 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tlntsvr.exe
- 2008-04-14 00:12:38 347,136 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tourstrt.exe
- 2008-04-14 00:12:38 82,944 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tp4mon.exe
- 2008-04-14 00:12:38 259,584 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tracerpt.exe
- 2008-04-14 00:12:38 12,288 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tracert.exe
- 2008-04-14 00:12:38 60,416 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tzchange.exe
- 2008-04-14 00:12:38 208,896 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\unregmp2.exe
- 2008-04-14 02:42:22 8,192 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\update\fixccs.exe
- 2008-04-14 02:42:32 6,656 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\update\nv4prep.exe
- 2008-04-14 02:42:38 11,264 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\update\spnpinst.exe
- 2008-04-14 00:12:38 150,528 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\uploadm.exe
- 2008-04-14 00:12:38 16,896 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnpcont.exe
- 2008-04-14 00:12:38 18,432 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ups.exe
- 2008-04-14 00:12:38 26,112 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
- 2008-04-14 00:12:38 50,176 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\utilman.exe
- 2007-06-27 12:59:58 716,800 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\vbc.exe
- 2008-04-14 00:12:38 28,672 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\verclsid.exe
- 2008-04-14 00:12:38 289,792 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\vssvc.exe
- 2008-04-14 00:12:38 46,080 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wab.exe
- 2008-04-14 00:12:39 30,208 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wabmig.exe
- 2008-04-14 00:12:39 116,224 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wbemtest.exe
- 2008-04-14 00:12:39 65,024 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wextract.exe
- 2008-04-14 00:12:39 433,664 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wiaacmgr.exe
- 2008-04-14 00:12:39 283,648 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winhlp32.exe
- 2008-04-14 00:12:40 5,632 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winver.exe
- 2008-04-14 00:12:40 196,608 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmiadap.exe
- 2008-04-14 00:12:40 126,464 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmiapsrv.exe
- 2008-04-14 00:12:40 358,912 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmic.exe
- 2008-04-14 00:12:40 218,112 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmiprvse.exe
- 2008-04-14 00:12:40 73,728 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wmplayer.exe
- 2008-04-14 00:12:40 214,528 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wordpad.exe
- 2008-04-14 00:12:40 32,256 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wpabaln.exe
- 2008-04-14 00:12:41 11,264 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wpnpinst.exe
- 2008-04-14 00:12:41 13,824 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe
- 2008-04-14 00:12:41 155,648 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscript.exe
- 2008-04-14 00:12:41 111,104 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wuauclt.exe
- 2008-04-14 00:12:41 165,888 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wuauclt1.exe
- 2008-04-14 00:12:41 30,720 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xcopy.exe
- 2008-04-13 18:53:32 558,080 ----a-w D:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xpnetdg.exe
- 2000-08-31 05:00:00 136,704 ----a-w D:\WINDOWS\SWSC.exe
+ 2000-08-31 05:00:00 165,376 ----a-w D:\WINDOWS\SWSC.exe
- 2000-08-31 05:00:00 212,480 ----a-w D:\WINDOWS\swxcacls.exe
+ 2000-08-31 05:00:00 241,152 ----a-w D:\WINDOWS\swxcacls.exe
- 2004-08-04 12:00:00 1,016,832 ----a-w D:\WINDOWS\system32\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w D:\WINDOWS\system32\browseui.dll
- 2004-08-04 12:00:00 150,528 ----a-w D:\WINDOWS\system32\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ----a-w D:\WINDOWS\system32\cdfview.dll
- 2004-08-04 12:00:00 1,053,696 ----a-w D:\WINDOWS\system32\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ----a-w D:\WINDOWS\system32\danim.dll
- 2004-08-04 12:00:00 1,016,832 -c--a-w D:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 -c--a-w D:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 150,528 -c--a-w D:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-06-23 15:38:29 151,040 -c--a-w D:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-04 12:00:00 1,053,696 -c--a-w D:\WINDOWS\system32\dllcache\danim.dll
+ 2008-06-23 15:38:30 1,054,208 -c--a-w D:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 12:00:00 561,179 -c--a-w D:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w D:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-04 12:00:00 357,888 -c--a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 -c--a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 -c--a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 -c--a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00:00 243,200 -c--a-w D:\WINDOWS\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 -c--a-w D:\WINDOWS\system32\dllcache\es.dll
- 2004-08-04 12:00:00 55,808 -c--a-w D:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 15:38:30 55,808 -c--a-w D:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 18,432 -c--a-w D:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-06-23 09:49:29 47,104 -c--a-w D:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 249,344 -c--a-w D:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-06-23 15:38:31 251,392 -c--a-w D:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 678,400 -c--a-w D:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w D:\WINDOWS\system32\dllcache\inetcomm.dll
- 2004-08-04 12:00:00 96,256 -c--a-w D:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-06-23 15:38:31 96,256 -c--a-w D:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-04 12:00:00 450,560 -c--a-w D:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w D:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-04 12:00:00 15,872 -c--a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 -c--a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 72,704 -c--a-w D:\WINDOWS\system32\dllcache\magnify.exe
+ 2006-10-04 08:48:36 101,376 -c--a-w D:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-04 12:00:00 331,776 -c--a-w D:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w D:\WINDOWS\system32\dllcache\msadce.dll
- 2004-08-04 12:00:00 73,728 -c--a-w D:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 -c--a-w D:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-04 12:00:00 512,029 -c--a-w D:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w D:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 12:00:00 319,517 -c--a-w D:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w D:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-04 12:00:00 3,003,392 -c--a-w D:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 -c--a-w D:\WINDOWS\system32\dllcache\mshtml.dll
- 2004-08-04 12:00:00 448,512 -c--a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 -c--a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 1,507,356 -c--a-w D:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w D:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-04 12:00:00 358,976 -c--a-w D:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w D:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 12:00:00 151,583 -c--a-w D:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w D:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 12:00:00 53,279 -c--a-w D:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w D:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 12:00:00 241,693 -c--a-w D:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w D:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 12:00:00 213,023 -c--a-w D:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w D:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 12:00:00 348,189 -c--a-w D:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w D:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-04 12:00:00 146,432 -c--a-w D:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 15:38:33 146,432 -c--a-w D:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 12:00:00 421,919 -c--a-w D:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w D:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 12:00:00 315,423 -c--a-w D:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w D:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 12:00:00 552,989 -c--a-w D:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w D:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 12:00:00 258,077 -c--a-w D:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w D:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-08-04 12:00:00 530,432 -c--a-w D:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 15:38:33 532,480 -c--a-w D:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 831,519 -c--a-w D:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w D:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 12:00:00 614,429 -c--a-w D:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w D:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 12:00:00 348,189 -c--a-w D:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w D:\WINDOWS\system32\dllcache\msxbde40.dll
- 2004-08-04 12:00:00 53,760 -c--a-w D:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:36 82,432 -c--a-w D:\WINDOWS\system32\dllcache\narrator.exe
- 2004-08-04 12:00:00 215,552 -c--a-w D:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-04 08:48:37 244,224 -c--a-w D:\WINDOWS\system32\dllcache\osk.exe
- 2004-08-04 12:00:00 39,424 -c--a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 -c--a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 1,287,680 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 12:00:00 1,483,264 -c--a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 -c--a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00:00 473,600 -c--a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 -c--a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00:00 35,840 -c--a-w D:\WINDOWS\system32\dllcache\umandlg.dll
+ 2006-10-04 13:33:38 35,840 -c--a-w D:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-08-04 12:00:00 601,088 -c--a-w D:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 15:38:34 615,936 -c--a-w D:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 50,176 -c--a-w D:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-04 08:48:37 78,848 -c--a-w D:\WINDOWS\system32\dllcache\utilman.exe
- 2004-08-04 12:00:00 417,792 -c--a-w D:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w D:\WINDOWS\system32\dllcache\vbscript.dll
- 2004-08-04 12:00:00 656,384 -c--a-w D:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 15:38:34 659,456 -c--a-w D:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 12:00:00 357,888 ----a-w D:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 ----a-w D:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 ----a-w D:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 ----a-w D:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 12:00:00 55,808 ----a-w D:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 15:38:30 55,808 ----a-w D:\WINDOWS\system32\extmgr.dll
- 2004-08-04 12:00:00 249,344 ----a-w D:\WINDOWS\system32\iepeers.dll
+ 2008-06-23 15:38:31 251,392 ----a-w D:\WINDOWS\system32\iepeers.dll
- 2004-08-04 12:00:00 678,400 ----a-w D:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
- 2004-08-04 12:00:00 96,256 ----a-w D:\WINDOWS\system32\inseng.dll
+ 2008-06-23 15:38:31 96,256 ----a-w D:\WINDOWS\system32\inseng.dll
- 2004-08-04 12:00:00 450,560 ----a-w D:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w D:\WINDOWS\system32\jscript.dll
- 2004-08-04 12:00:00 15,872 ----a-w D:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 ----a-w D:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 12:00:00 72,704 ----a-w D:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 101,376 ----a-w D:\WINDOWS\system32\magnify.exe
- 2004-08-04 12:00:00 512,029 ----a-w D:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w D:\WINDOWS\system32\msexch40.dll
- 2004-08-04 12:00:00 319,517 ----a-w D:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w D:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 12:00:00 3,003,392 ----a-w D:\WINDOWS\system32\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 ----a-w D:\WINDOWS\system32\mshtml.dll
- 2004-08-04 12:00:00 448,512 ----a-w D:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 ----a-w D:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 1,507,356 ----a-w D:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w D:\WINDOWS\system32\msjet40.dll
- 2004-08-04 12:00:00 358,976 ----a-w D:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w D:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 12:00:00 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll
- 2004-08-04 12:00:00 53,279 ----a-w D:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w D:\WINDOWS\system32\msjter40.dll
- 2004-08-04 12:00:00 241,693 ----a-w D:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w D:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 12:00:00 213,023 ----a-w D:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w D:\WINDOWS\system32\msltus40.dll
- 2004-08-04 12:00:00 348,189 ----a-w D:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w D:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 12:00:00 146,432 ----a-w D:\WINDOWS\system32\msrating.dll
+ 2008-06-23 15:38:33 146,432 ----a-w D:\WINDOWS\system32\msrating.dll
- 2004-08-04 12:00:00 421,919 ----a-w D:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w D:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 12:00:00 315,423 ----a-w D:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w D:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 12:00:00 552,989 ----a-w D:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w D:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 12:00:00 258,077 ----a-w D:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w D:\WINDOWS\system32\mstext40.dll
- 2004-08-04 12:00:00 530,432 ----a-w D:\WINDOWS\system32\mstime.dll
+ 2008-06-23 15:38:33 532,480 ----a-w D:\WINDOWS\system32\mstime.dll
- 2004-08-04 12:00:00 831,519 ----a-w D:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w D:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 12:00:00 614,429 ----a-w D:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w D:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 12:00:00 348,189 ----a-w D:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w D:\WINDOWS\system32\msxbde40.dll
- 2006-09-01 09:08:02 1,334,032 ----a-w D:\WINDOWS\system32\msxml6.dll
+ 2007-05-15 12:43:10 1,320,800 ----a-w D:\WINDOWS\system32\msxml6.dll
- 2004-08-04 12:00:00 53,760 ----a-w D:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 82,432 ----a-w D:\WINDOWS\system32\narrator.exe
- 2004-08-04 12:00:00 215,552 ----a-w D:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 244,224 ----a-w D:\WINDOWS\system32\osk.exe
- 2008-09-22 03:06:07 66,512 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2008-09-24 06:03:08 66,512 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2008-09-22 03:06:07 427,728 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2008-09-24 06:03:08 427,728 ----a-w D:\WINDOWS\system32\perfh009.dat
- 2004-08-04 12:00:00 39,424 ----a-w D:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 ----a-w D:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
- 2004-08-04 12:00:00 1,483,264 ----a-w D:\WINDOWS\system32\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ----a-w D:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 12:00:00 473,600 ----a-w D:\WINDOWS\system32\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ----a-w D:\WINDOWS\system32\shlwapi.dll
- 2007-11-30 12:39:22 17,272 ------w D:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w D:\WINDOWS\system32\spmsg.dll
+ 2008-07-14 11:09:18 91,648 ------w D:\WINDOWS\system32\tzchange.exe
- 2004-08-04 12:00:00 35,840 ----a-w D:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w D:\WINDOWS\system32\umandlg.dll
- 2004-08-04 12:00:00 601,088 ----a-w D:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 15:38:34 615,936 ----a-w D:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 50,176 ----a-w D:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 78,848 ----a-w D:\WINDOWS\system32\utilman.exe
- 2004-08-04 12:00:00 417,792 ----a-w D:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w D:\WINDOWS\system32\vbscript.dll
- 2004-08-04 12:00:00 656,384 ----a-w D:\WINDOWS\system32\wininet.dll
+ 2008-06-23 15:38:34 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
+ 2008-07-03 09:14:02 351,744 ------w D:\WINDOWS\system32\xpsp3res.dll
+ 2008-09-24 08:34:27 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat
+ 2008-09-24 08:34:37 16,384 ----atw D:\WINDOWS\Temp\Perflib_Perfdata_730.dat
- 2000-08-31 05:00:00 49,152 ----a-w D:\WINDOWS\VFind.exe
+ 2000-08-31 05:00:00 77,824 ----a-w D:\WINDOWS\VFind.exe
+ 2008-04-15 17:54:19 1,724,416 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
- 2000-08-31 05:00:00 68,096 ----a-w D:\WINDOWS\zip.exe
+ 2000-08-31 05:00:00 96,768 ----a-w D:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="D:\Documents and Settings\Sherine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-21 206832]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
"UnHackMe Monitor"="D:\Program Files\UnHackMe\hackmon.exe" [2007-09-17 228352]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-24 1601536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2008-09-24 282624]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-01-24 7630848]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-01-24 86016]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 100648]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 D:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-01-24 D:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 D:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"K:\\Sources\\COMPRESS PROGRAM\\winrar\\winrar 3.51\\wrar351.exe"=
"D:\\WINDOWS\\system32\\CTFMON.EXE"= D:\\WINDOWS\\system32\\ctfmon.exe
"K:\\Sources\\java realtime\\jre-1_5_0_04-windows-i586-p.exe"=
"D:\\WINDOWS\\RTHDCPL.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"D:\\WINDOWS\\ALCMTR.EXE"=
"D:\\WINDOWS\\system32\\nwiz.exe"=
"D:\\Documents and Settings\\Sherine\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"D:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"D:\\Program Files\\AutoCAD 2009\\acad.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"F:\\program files\\Azureus\\Azureus.exe"=
"D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"D:\\Program Files\\PrevxCSI\\prevxcsi.exe"=
"F:\\program files\\eMule\\emule.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pxark;pxark;D:\WINDOWS\system32\drivers\pxark.sys [2008-09-23 17408]
R2 CSIScanner;CSIScanner;D:\Program Files\PrevxCSI\prevxcsi.exe [2008-09-23 618040]
R2 JavaQuickStarterService;Java Quick Starter;D:\Program Files\Java\jre6\bin\jqs.exe [2008-09-22 147456]
R3 abp470n5;abp470n5;D:\WINDOWS\system32\drivers\momlon.sys [ ]
R4 NdisFileServices32;NdisFileServices32;D:\WINDOWS\system32\drivers\qgrknn.sys [2008-09-24 5477]
S3 Partizan;Partizan;D:\WINDOWS\system32\drivers\Partizan.sys [2008-09-22 30946]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bba62bee-3f74-11dd-ac56-d1f00acb7730}]
\shElL\AuTOPlay\cOmmaND - N:\cyeac.cmd
\shElL\AutoRun\command - N:\cyeac.cmd
\shElL\eXPlore\CommAnD - N:\cyeac.cmd
\shElL\opEn\comMAND - N:\cyeac.cmd
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = file:///D:/Documents%20and%20Settings/Sherine/My%20Documents/Home%20page/Homepage.htm
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
O8 -: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{6EF00868-BBC0-4E7B-94E2-87B611DE4068}: NameServer = 163.121.128.134,212.103.160.18
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 11:34:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
D:\WINDOWS\system32\wmdrtc32.dll 40960 bytes executable
D:\WINDOWS\system32\wmdrtc32.dl_ 26066 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\DOCUME~1\Sherine\LOCALS~1\temp\erlb.exe
.
**************************************************************************
.
Completion time: 2008-09-24 11:37:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 08:37:46
ComboFix2.txt 2008-09-23 10:32:30
Pre-Run: 26,863,521,792 bytes free
Post-Run: 26,936,070,144 bytes free
775 --- E O F --- 2008-09-23 15:47:26
-------------------------------------------------------------------------
I guess I have a virus every antivirus or antispyware find the two files named:
wmdrtc32.dll , wmdrtc32.dl_ ... Am i wright???Is it a virus. cause I googled the two files but i couldnt open the search result something was preventing the sites from open...and everytime after they have been deleted they came back again...Thanx for ur time very much. |
| Posted By : Touch - 9-24-2008 1:29 | | Looks like it.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
|
Killall::
Snapshot::
File::
D:\WINDOWS\system32\drivers\qgrknn.sys
D:\Program Files\xzhsvd.txt
D:\WINDOWS\system32\wmdrtc32.dll
D:\WINDOWS\system32\wmdrtc32.dl_
D:\DOCUME~1\Sherine\LOCALS~1\temp\erlb.exe
Driver::
abp470n5
|
Save this as:
CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Rightclick on hijackthis and rename it to hjt exe
Then post fresh combofix log, along with new hijackthis log.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
| Posted By : Sherine - 9-27-2008 7:41 | Hello,
i tried to did what u advice me but now hijack this and Combofix didnt work at all.
I doublclick the icons and nothing happened. is there a way that i can force them to work?? thanks |
| Posted By : Touch - 9-27-2008 8:12 | We´ll try Avenger - >
Please download The Avenger by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop
Start Avenger
Quote->
-------------------------------------
Files to delete:
D:\WINDOWS\system32\drivers\qgrknn.sys
D:\Program Files\xzhsvd.txt
D:\WINDOWS\system32\wmdrtc32.dll
D:\WINDOWS\system32\wmdrtc32.dl_
D:\DOCUME~1\Sherine\LOCALS~1\temp\erlb.exe
Drivers to unload:
abp470n5
------------------------------------------------------
Copy/Paste all the text in the above quote box into the main window
Click Execute
The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
This log file will be located at C:\avenger.txt
Post C:\avenger.txt in next reply
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
| Posted By : Sherine - 9-27-2008 11:16 | Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "D:\WINDOWS\system32\drivers\qgrknn.sys" deleted successfully.
Error: file "D:\Program Files\xzhsvd.txt" not found!
Deletion of file "D:\Program Files\xzhsvd.txt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "D:\WINDOWS\system32\wmdrtc32.dll" deleted successfully.
File "D:\WINDOWS\system32\wmdrtc32.dl_" deleted successfully.
Error: file "D:\DOCUME~1\Sherine\LOCALS~1\temp\erlb.exe" not found!
Deletion of file "D:\DOCUME~1\Sherine\LOCALS~1\temp\erlb.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "abp470n5" deleted successfully.
Completed script processing.
*******************
Finished! Terminate. |
| Posted By : Touch - 9-27-2008 11:23 | Looks like you get rid of them. How are things running now ?
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
| Posted By : Sherine - 9-27-2008 11:23 | | and although the avenger .txt says that the files deleted successfully but they're still there and lots of things are disable in my windows .... i'm getting mad with that virus.. |
| Posted By : Touch - 9-27-2008 1:38 | |
Ok. I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world.
Avast! makes an excellent free antivirus client.
Install, update it, then run a complete systemscan.
Reboot.
Post new combofix log, along with a hiajckthis log
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
| Posted By : Sherine - 9-28-2008 8:19 | | Hi ..First of all I want to thank u Touch for all Your time u spent to help me... I think it is a very stubborn Virus..the Avast didn't work either I couldn't install it .. I thing i'll gonna format my HD to kill it forever ... what do u think?? I Have dual systems on my HD and i found the virus even in the other operating system that i dont use when i tried to look for the file with the explorer search i found it in the system 32 folder on the other operating system...seems that it looks for all the operating systems in the hard drives and locate the file wmdrtc32.dll in the sys. folder of everyone... so i think Format the drive is the only way as i tried lots of things for days ...i have only one problem that the virus is in my flash drive and it cannot be formatted so how can i remove it from my flash in order not to come back again to my computer...Many thanx |
| Posted By : Touch - 9-28-2008 12:37 | Download this removal tool to your desktop:
http://www.techsupportforum.com/sectools/s...Disinfector.exe
If you have any flashdrives being used previously,
since this is a flashdrive infection, insert your flashdrive as well, because above tool will disinfect it as well.
Then doubleclick the Flash_Disinfector.exe to run the tool.
Your desktop and icons will disappear afterwards. This is normal.
When the tool has finished, reboot your computer.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
See if it help ?
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
| Posted By : Sherine - 9-28-2008 3:47 | Hello again Touch,
Here is a Jpg of the files that the virus creates on my flash drive... These files cannot be deleted or replaced.It changed their names everyday ... I did download and install flashdisinfector and after the screen become blank i opened my flash to look .. and guess what ?? they are still there  aaaahhhhh. What a nightmare???.. Thanx for ur advice anyway ..Post Edited (Sherine) : 28-09-2008 14:48:32 GMT |
| Posted By : Touch - 9-28-2008 4:31 | Seems to be some nasty stuff you´ve got there 
Lets run an F-Secure online scan.
- Click HERE
- Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
- Allow the Active X control to be installed on your computer, then click the Accept button
- Click Full System Scan and allow the components to download and the scan to complete.
- If malware is found, check Submit samples to F-Secure then select Automatic cleaning
- When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
- Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
- When the cleaning option is presented, Uncheck Submit samples to F-Secure
- Click Automatic cleaning
- When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
- Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Note: This scan will only work with Internet Explorer. You must be logged on a administrator rights to run this scan. The scan may take a few hours.
NB. Insert your flashdrive before scan <!-- / message --><!-- sig -->
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
|
|
|