Hi,
I'd really appreciate your help. I've had a virus on my computer for a while that hijacks my Firefox browser.
It comes from the process XP-04c704a7.exe which is executed at startup or whenever I connect my flash drive or external hard drive. It also turns the folders on these external drives to .exe files. I cannot delete the file, but I can close it and it won't re-start until I do either of the above. I've got Spybot which finds and removes it - but it then just returns on startup.
I'd massively appreciate any help.
Thanks
Not sure if this helps, but these are the redirects the virus initiates:
hxxp://ww1.866-86.cn/a/a1.htm
hxxp://ww1.866-86.cn/a/a2.htm
hxxp://ww1.866-86.cn/a/a4.htm
hxxp://ww2.866-86.cn/a/a2.htm
hxxp://ww2.866-86.cn/a/a3.htm
hxxp://ww2.866-86.cn/a/a4.htm
hxxp://ww2.866-86.cn/a3.htm
hxxp://ww2.866-86.cn/a4.htm
hxxp://ww3.866-86.cn/a/a4.htm
hxxp://ww3.866-86.cn/a1.htm
hxxp://ww3.866-86.cn/a3.htm
hxxp://ww4.866-86.cn/a/a1.htm
hxxp://ww4.866-86.cn/a/a4.htm
hxxp://ww4.866-86.cn/a2.htm
hxxp://ww5.866-86.cn/a/a1.htm
hxxp://ww5.866-86.cn/a/a3.htm
hxxp://ww5.866-86.cn/a/a4.htm
hxxp://ww6.866-86.cn/a2.htm
hxxp://ww6.866-86.cn/a3.htm
hxxp://ww6.866-86.cn/a4.htm
hxxp://ww7.866-86.cn/a/a1.htm
hxxp://ww7.866-86.cn/a/a2.htm
hxxp://ww7.866-86.cn/a1.htm
hxxp://ww8.866-86.cn/a/a2.htm
hxxp://ww8.866-86.cn/a/a4.htm
hxxp://ww8.866-86.cn/a2.htm
hxxp://ww9.866-86.cn/a/a3.htm
hxxp://ww9.866-86.cn/a1.htm
hxxp://ww9.866-86.cn/a2.htm
hxxp://ww9.866-86.cn/a4.htm
DDS (Ver_09-05-14.01) - NTFSx86
Run by NICKATTACK at 17:14:06.48 on Wed 06/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.415 [GMT 12:00]
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\XP-04C704A7.EXE
C:\Documents and Settings\NICKATTACK\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.cn/
uSearch Page = hxxp://search.bearshare.com/search/index.html?src=ssb
uSearch Bar = hxxp://search.bearshare.com/search/index.html?src=ssb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
mSearchAssistant = hxxp://search.bearshare.com/search/index.html?src=ssb
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\\ibmmessages.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [oxbvpen] c:\windows\system32\gwthtis.exe
mRun: [udjudwq] c:\windows\system32\sybqnub.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi"
dRunOnce: [supportdir] cmd /c "rmdir /q /s "c:\windows\temp\{7726CF62-7B45-4E6D-9266-615346816BCA}""
StartupFolder: c:\docume~1\nickat~1\startm~1\programs\startup\75cd~1.lnk - c:\windows\system32\XP-04C704A7.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: DisableRegedit = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\thinkpad\pkgmgr\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162072394383
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: N/A: {a93a4625-6216-499c-b360-bbd0a7c0d479} - c:\program files\common files\microsoft shared\msinfo\QQGS1.dll
SEH: N/A: {c5e87a05-f463-4841-b19e-dd3ec3862368} - c:\program files\internet explorer\IEXPLORE32.Sys
SEH: N/A: {ee12d60d-ad9a-4095-b839-3be6862679fd} - c:\program files\internet explorer\IEXPLORE32.Dat
SEH: N/A: {a45b2c37-01d0-4d3e-be5e-cc119b17be9e} - c:\program files\internet explorer\IEXPLORE32.win
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: N/A: {d544c22d-1f70-4b1e-873d-d8dabeb26695} - c:\program files\common files\microsoft shared\msinfo\atmQQ2.dll
LSA: Notification Packages = scecli csspwntfy
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\nickat~1\applic~1\mozilla\firefox\profiles\f1sqrupv.default\
FF - prefs.js: browser.startup.homepage -
www.blackle.co.nz
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
============= SERVICES / DRIVERS ===============
R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2006-8-21 6912]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-9-21 58568]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-9-21 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-9-21 6016]
R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2006-10-6 305288]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\savrtpel.sys [2006-10-6 37000]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2006-9-21 15360]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2006-10-6 255648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2006-10-6 235168]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-4-29 11776]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2006-8-21 12544]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2006-9-23 158664]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-16 46142]
R2 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-9-21 4433]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-8-21 3968]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061004.009\NAVENG.Sys [2006-10-6 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061004.009\NavEx15.Sys [2006-10-6 831880]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-25 66784]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2006-10-6 87712]
S3 koreavs;koreavs;c:\windows\system32\drivers\koreavs.sys [2007-6-14 25088]
S3 koreusb;koreusb;c:\windows\system32\drivers\koreusb.sys [2007-6-14 82944]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2008-5-29 30946]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2006-10-6 194272]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2006-7-15 14336]
S3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2007-7-10 55840]
=============== Created Last 30 ================
2009-06-17 17:13 1,514,733 ---shr-- c:\windows\system32\XP-04C704A7.EXE
2009-06-16 15:43 <DIR> --d----- c:\docume~1\nickat~1\applic~1\Autodesk
2009-06-15 07:19 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-06-14 22:32 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-06-14 22:30 <DIR> --d----- c:\program files\common files\Autodesk Shared
2009-06-14 22:14 <DIR> --d----- c:\program files\Autodesk
2009-06-14 22:13 509,448 a------- c:\windows\system32\XAudio2_2.dll
2009-06-14 22:13 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2009-06-14 22:13 238,088 a------- c:\windows\system32\xactengine3_2.dll
2009-06-14 22:13 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2009-06-14 22:13 467,984 a------- c:\windows\system32\d3dx10_39.dll
2009-06-14 22:13 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2009-06-14 22:13 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2009-06-14 22:13 443,752 a------- c:\windows\system32\d3dx10_34.dll
2009-06-14 22:13 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2009-06-14 22:13 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-14 22:13 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-06-14 22:13 <DIR> --d----- c:\windows\Logs
2009-06-14 22:11 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-14 22:10 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-14 22:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-14 22:10 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-14 22:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-14 22:10 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-14 22:10 <DIR> --d----- C:\9d3084bc6b5eda843311eef063d0
2009-06-14 22:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-14 22:10 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-14 22:09 <DIR> --d----- c:\windows\SxsCaPendDel
2009-06-14 22:05 <DIR> --d----- c:\program files\MSXML 6.0
2009-06-14 21:41 <DIR> --d----- C:\Autodesk
2009-05-24 00:13 <DIR> --d----- c:\program files\common files\Macromedia Shared
2009-05-23 23:05 <DIR> --d----- c:\program files\Macromedia
==================== Find3M ====================
2009-06-17 17:13 2,404 a--sh--- c:\windows\system32\ul.dll
2009-05-08 03:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-08 03:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 16:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 16:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 16:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 16:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 16:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 16:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 16:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 16:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 16:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 16:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 16:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 21:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 21:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 17:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 17:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 21:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-17 21:58 1,846,656 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-16 03:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2009-04-16 03:11 584,192 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-22 02:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2008-05-29 23:36 2 a--shrot c:\windows\winstart.bat
2007-05-23 16:23 46,526 ---sh--- c:\windows\system32\meex.com
2007-05-23 16:23 46,526 a--sh--- c:\windows\system32\sybqnub.exe.ren
2009-03-04 17:50 0 ---sh--- c:\windows\system32\wemtareg.exe
2009-03-05 09:38 20,992 ---sh--- c:\windows\system32\wemtoreg.exe
2009-02-21 12:31 20,992 ---sh--- c:\windows\system32\wimtareg.exe
2009-02-20 08:13 20,992 ---sh--- c:\windows\system32\wimzareg.exe
2008-10-15 12:07 15,360 ---sh--- c:\windows\system32\winmcreg.exe
2008-10-26 06:01 15,360 ---sh--- c:\windows\system32\winncreg.exe
2008-11-13 15:49 15,872 ---sh--- c:\windows\system32\winqcreg.exe
2008-11-21 12:57 16,384 ---sh--- c:\windows\system32\winrcreg.exe
2008-11-26 08:08 16,384 ---sh--- c:\windows\system32\winscreg.exe
2008-12-04 19:58 16,896 ---sh--- c:\windows\system32\winucreg.exe
2008-12-10 08:39 16,896 ---sh--- c:\windows\system32\winxcreg.exe
2008-12-16 15:26 16,896 ---sh--- c:\windows\system32\winzcreg.exe
2009-03-11 09:27 20,992 ---sh--- c:\windows\system32\wtitoreg.exe
2009-03-09 10:06 20,992 ---sh--- c:\windows\system32\wtmtoreg.exe
============= FINISH: 17:15:02.49 ===============