|
Registered User
Join Date: Apr 2006
Location: Duanesburg, ny
Posts: 21
OS: Vista Ultimate 64 bit
|
Redirect Virus
Hello,
I've seen a lot of these lately, hopefully they aren't becoming annoying for you guys.
Symptoms:
Search results from search engines (I've tried google and yahoo) are redirected to random pages. Sometimes through a site called moogle. Also, not sure if this is related, whenever I would try to run antivirus scans (mcafee, malwarebyte's) the computer would reset. However when I renamed the executables and ran them they didn't cause trigger a reset.
Thanks a lot.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Philip at 20:41:09.89 on Sun 06/28/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1594 [GMT -4:00]
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\LTSvc\LTSVC.exe
C:\Windows\LTSvc\LTSvcMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\LTSVC\LTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Philip\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.gmail.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OpenLastClosedTab.LastClosedTab: {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [XeroxRegistation] "c:\users\philip\appdata\local\temp\xerox\ereg\EReg.exe" /Startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: dyndns.biz\liberteks
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-15 28544]
R2 CALoadService;CALoadService;c:\program files\amd\codeanalyst\bin\CALoadService.exe [2008-10-30 65536]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-12-13 18944]
R2 LTService;Liberteks;c:\windows\ltsvc\ltsvc.exe -sltservice --> c:\windows\ltsvc\LTSVC.exe -sLTService [?]
R2 LTSvcMon;Liberteks CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2009-6-10 86017]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-1-22 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-11 24652]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-29 54960]
R3 CAPROF;CAPROF;c:\program files\amd\codeanalyst\bin\caprof.sys [2008-10-30 47160]
S2 gupdate1c9f0e262a2b55a;Google Update Service (gupdate1c9f0e262a2b55a);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2005-1-6 18048]
=============== Created Last 30 ================
2009-06-27 01:22 16,621 a------- c:\windows\system32\973z4hacktoo5ba.ocx
2009-06-26 21:50 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-26 21:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-26 21:50 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-24 09:58 <DIR> --d----- c:\users\philip\appdata\roaming\mplayer
2009-06-23 21:28 <DIR> --d----- c:\programdata\AOL Downloads
2009-06-23 08:33 17,637 a------- c:\windows\system32\24a55ddzare19699.cpl
2009-06-22 13:57 <DIR> --d----- c:\users\philip\appdata\roaming\Malwarebytes
2009-06-22 13:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-22 13:43 232,249,642 a------- c:\windows\MEMORY.DMP
2009-06-22 12:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 12:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-22 12:51 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-22 12:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 12:51 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-22 11:13 318,976 a------- c:\windows\system32\CF25607.exe
2009-06-22 11:02 <DIR> --d----- c:\program files\CCleaner
2009-06-21 16:19 691 a------- c:\users\philip\appdata\roaming\GetValue.vbs
2009-06-21 16:19 35 a------- c:\users\philip\appdata\roaming\SetValue.bat
2009-06-21 16:19 6,676 a------- c:\windows\system32\tmp.reg
2009-06-20 14:05 12,031 a------- c:\windows\system32\254469p56za.exe
2009-06-20 06:00 16,432 a------- c:\windows\19395zpambot5a9.dll
2009-06-19 15:40 10,632 a------- c:\windows\73fdsp5rsz979.cpl
2009-06-19 00:47 17,929 a------- c:\windows\system32\19a05ac9door28z5.exe
2009-06-18 21:54 13,393 a------- c:\windows\system32\2628zvir9s153.bin
2009-06-17 23:36 14,300 a------- c:\windows\system32\51c95teal23z69.bin
2009-06-17 16:59 14,500 a------- c:\windows\1196notza9v5rus273.exe
2009-06-17 12:29 <DIR> --d----- c:\users\philip\appdata\roaming\Xerox
2009-06-17 10:37 12,792 a------- c:\windows\system32\9z993spy1995.exe
2009-06-16 15:01 <DIR> --d----- c:\users\philip\appdata\roaming\GrabPro
2009-06-16 13:52 15,555 a------- c:\windows\system32\9955downloader2z05.ocx
2009-06-15 14:08 <DIR> --d----- c:\program files\LogMeIn Rescue Calling Card
2009-06-15 11:37 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-15 11:37 <DIR> --d----- c:\program files\Panda Security
2009-06-15 08:51 13,804 a------- c:\windows\system32\77z7tro59df.dll
2009-06-14 16:53 12,947 a------- c:\windows\1692zorm1b5.bin
2009-06-14 01:54 18,272 a------- c:\windows\5d4bdowzlo9der1151.exe
2009-06-13 22:39 13,125 a------- c:\windows\system32\21557hzckt9ol5a4.dll
2009-06-13 13:42 5,748 a------- c:\windows\system32\3f90adzware2185.ocx
2009-06-12 17:03 <DIR> --d----- c:\program files\MagicISO
2009-06-12 14:07 <DIR> --d----- C:\MAGICDVDCOPY_TEMP
2009-06-12 14:06 87,608 a------- c:\users\philip\appdata\roaming\inst.exe
2009-06-12 14:06 47,360 a------- c:\users\philip\appdata\roaming\pcouffin.sys
2009-06-12 13:51 <DIR> --d----- c:\program files\M4aMp3
2009-06-11 21:08 6,311 a------- c:\windows\system32\531089ozm19.exe
2009-06-11 12:21 144 a------- c:\windows\w32dasm8.ini
2009-06-11 12:20 <DIR> --d----- c:\program files\win32dasm
2009-06-11 12:08 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-11 12:08 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-11 12:08 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-11 12:08 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-11 12:08 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-11 07:43 18,373 a------- c:\windows\system32\835thzef91655.ocx
2009-06-10 12:25 <DIR> --d----- c:\windows\LTSVC
2009-06-10 11:12 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-10 04:59 3,747 a------- c:\windows\system32\206z9vir5s409.ocx
2009-06-10 04:11 6,425 a------- c:\windows\system32\26z45spambot992.bin
2009-06-09 13:05 1,806 a------- c:\windows\TSearch.INI
2009-06-09 11:16 <DIR> --d----- c:\users\philip\appdata\roaming\LabTech Software
2009-06-08 21:39 5,085 a------- c:\windows\system32\715z9ownloade52153.exe
2009-06-08 20:29 2,738 a------- c:\windows\system32\23923hack5ozl51b.dll
2009-06-07 18:46 <DIR> --d----- c:\program files\tsearch
2009-06-05 12:50 <DIR> --d----- C:\accsdk_win32_1_6_8
2009-06-04 17:19 190 a------- c:\windows\ODBCINST.INI
2009-06-04 17:15 <DIR> --d----- c:\program files\LabTech Client
2009-06-02 19:05 12,787 a------- c:\windows\2936h5cktzol719.dll
2009-06-02 09:56 <DIR> --d----- c:\program files\iPod
2009-06-02 09:56 <DIR> --d----- c:\program files\iTunes
2009-06-01 17:10 6,892 a------- c:\windows\97065roje5z.bin
2009-06-01 07:52 <DIR> --d----- c:\users\philip\appdata\roaming\Sibelius Software
2009-06-01 07:52 <DIR> --d----- c:\program files\Musicnotes
2009-06-01 02:57 13,135 a------- c:\windows\753downloadzr13659.dll
==================== Find3M ====================
2009-06-19 00:47 17,687 a------- c:\windows\system32\57605teal449z.exe
2009-06-17 12:27 51,200 a------- c:\windows\inf\infpub.dat
2009-06-17 12:27 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-17 12:27 86,016 a------- c:\windows\inf\infstor.dat
2009-06-10 11:15 27,430 a------- c:\users\philip\appdata\roaming\nvModes.dat
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-26 19:21 4,521 a------- c:\windows\system32\9525addwzre845.exe
2009-05-25 20:07 12,658 a------- c:\windows\system32\3a84addwar539z5.exe
2009-05-24 01:04 12,027 a------- c:\windows\system32\281435p9z5.exe
2009-05-23 19:08 2,814 a------- c:\windows\system32\515z8spambot1ec9.exe
2009-05-21 02:58 7,022 a------- c:\windows\system32\5e94steal262z5.dll
2009-05-18 21:47 12,104 a------- c:\windows\2c5baczdoor592.dll
2009-05-12 07:56 4,590 a------- c:\windows\bzbs5arse9057.bin
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 12:22 14,497 a------- c:\windows\11338hazktool79c5.bin
2009-05-08 08:11 14,627 a------- c:\windows\3c8zspyw5re296.bin
2009-05-08 06:09 13,841 a------- c:\windows\system32\2745zviru974c.exe
2009-05-08 00:37 9,917 a------- c:\windows\3ed9ste5l1594z.dll
2009-05-07 12:52 11,533 a------- c:\windows\system32\299999roj35fz.dll
2009-05-05 17:20 12,641 a------- c:\windows\system32\7fvzr935.exe
2009-05-03 09:08 17,095 a------- c:\windows\system32\510bth5ea916z2.dll
2009-05-01 19:59 3,778 a------- c:\windows\2175z9r1357.dll
2009-04-26 17:48 7,981 a------- c:\windows\system32\71z5t9ief2991.exe
2009-04-26 11:53 8,959 a------- c:\windows\5fcczi91768.dll
2009-04-25 00:00 9,742 a------- c:\windows\system32\4z8dvir9595.bin
2009-04-24 00:42 12,663 a------- c:\windows\system32\59z59parse265.exe
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-21 03:28 13,234 a------- c:\windows\system32\9ad5thief214z.exe
2009-04-14 03:38 17,201 a------- c:\windows\system32\25d5th9eat35z2.dll
2009-04-09 21:40 3,155 a------- c:\windows\97z215pambotd8.dll
2009-04-09 02:15 17,438 a------- c:\windows\system32\32555wozm289.bin
2009-04-06 16:23 14,281 a------- c:\windows\29361spamzot365.dll
2009-04-02 21:57 17,091 a------- c:\windows\4a08d9wnload5r32z0.bin
2009-04-02 02:24 3,063 a------- c:\windows\258baddwar51z94.dll
2008-11-28 21:10 2,147 a------- c:\program files\INSTALL.LOG
2008-11-14 14:52 290,490 a------- c:\windows\inf\perflib\041d\perfi.dat
2008-11-14 14:52 290,490 a------- c:\windows\inf\perflib\041d\perfh.dat
2008-11-14 14:52 35,978 a------- c:\windows\inf\perflib\041d\perfd.dat
2008-11-14 14:52 35,978 a------- c:\windows\inf\perflib\041d\perfc.dat
2008-07-11 22:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-10-25 10:02 11,197 a------- c:\program files\UNWISE.INI
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE
============= FINISH: 20:42:13.45 ===============
|