|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
04-21-2009, 09:05 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: New Delhi (India)
Posts: 3
OS: Windows Xp Service Pack 3
 |
C:\a.bat contains a sample of VBS:Malware Gen
One day I put up a pen drive (USB Flash Disk), that I had lent a friend, in my computer. Everything seemed to be okay except for this file called New Folder.exe. It had an icon exactly like a normal folder icon in windows vista. (I am using windows xp but i have installed a vista shell pack) so I thought it was a legit folder and the exe was just a part of the name. But, when I double clicked it, I got dozens of virus/malware alerts. I was using Symantec End-Point Protection (the version I bought in dec. 2008) but it was not able to remove the threat. So I switched to Avast Anti-virus because of it's capablity to scan before booting windows (well, that's what I think the Boot-Time Scan feature means!!). Though Avast removed most of the threats there were some which it cuold not delete but it only showed a message "Acess is denied" or something like that. Now that's what I don't understand that when it is working at "boot-time" why is access not granted!!! Anyways when I did a reboot, the alert "C:/a.bat contains a sample of VBS:Malware Gen" started showing up. I again did a boot-time scan but no progress. Also I made another observation that my disk space gets fileed up automatically!! I have a 80 GB hard disk, the last I remember it had aroung 66 GB free. But, yesterday, a taskbar icon notified me that I am low on disk space. When I cross checked I had only 127 MB remaining!!! I am dead sure that I did not install any program or tool that could do this..
I have almost made up my mind to format my Hard - Disk but looking for some help here... Avast is the only security tool that I am using at present. PLease do tell me if need something else. Posting the logs in the next post... Hoping for a response soon..... |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-21-2009, 09:06 AM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2009
Location: New Delhi (India)
Posts: 3
OS: Windows Xp Service Pack 3
|
Re: C:\a.bat contains a sample of VBS:Malware Gen
here is the DDS.txt file...
DDS (Ver_09-03-16.01) - NTFSx86 Run by Raman at 20:30:45.89 on Tue 04/21/2009 Internet Explorer: 8.0.6001.18241 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1181 [GMT 5.5:30] AV: avast! antivirus 4.8.1335 [VPS 090420-0] *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iResearchPanel\browser_plugin.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\DNA\btdna.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe C:\WINDOWS\system32\mstwain.exe C:\Program Files\IPMsg\ipmsg.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\DOCUME~1\Raman\LOCALS~1\Temp\{4D94EF3C-63CE-4A95-B575-187FA0E24130}\clock.exe C:\DOCUME~1\Raman\LOCALS~1\Temp\{6C95FE57-A4D6-4CD3-9133-54540B87DCFA}\launcher.exe C:\DOCUME~1\Raman\LOCALS~1\Temp\{79A6922F-FEAD-4D7B-9C62-3EA428232800}\dock.exe C:\Program Files\Opera\opera.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\wsaecmt.exe C:\Documents and Settings\Raman\My Documents\Setup Programs\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=Q106&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\youtube downloader\MoyeaCth.dll BHO: iResearchPanelBHO.BHO: {c1b58917-66f7-42a6-b068-1a166e45fb37} - c:\program files\iresearchpanel\BHO.dll BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [VoipBuster] "c:\program files\voipbuster.com\voipbuster\VoipBuster.exe" -nosplash -minimized mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GetcountedLive] c:\program files\getcounted live\Hviewer.exe mRun: [el] "c:\windows\system32\regsvr32.exe" /u /s "c:\windows\system32\el32.dll" mRun: [DRam prosessor] mstwain.exe mRun: [NTN.dll] c:\windows\media\scvhost.dll.vbe mRun: [IPPrivacy] mRun: [wsaecmt] c:\windows\wsaecmt.exe mRunServices: [DRam prosessor] mstwain.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\raman\startm~1\programs\startup\ipmsgf~1.lnk - c:\program files\ipmsg\ipmsg.exe StartupFolder: c:\docume~1\raman\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\docume~1\raman\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\raman\startm~1\programs\startup\sevenc~1.lnk - c:\documents and settings\raman\my documents\setup programs\shell modifiers\vienna\seven gadgets\clock.exe StartupFolder: c:\docume~1\raman\startm~1\programs\startup\sevend~1.lnk - c:\documents and settings\raman\my documents\setup programs\shell modifiers\vienna\seven gadgets\dock.exe StartupFolder: c:\docume~1\raman\startm~1\programs\startup\sevenl~1.lnk - c:\documents and settings\raman\my documents\setup programs\shell modifiers\vienna\seven gadgets\launcher.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E57F3E1C-58CE-4B73-BCD0-BA34553E8731} - c:\program files\iresearchpanel\IEToolbarAction.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute 2008\vrie.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL LSP: c:\windows\system32\PCProxy.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233506959562 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab TCP: {9D406909-5586-4071-A88F-F42DC722B33F} = 202.56.215.55,202.56.215.54 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: LMIinit - LMIinit.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-19 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-19 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-19 138680] R2 iResearchPanel;iResearchPanel;c:\program files\iresearchpanel\browser_plugin.exe [2009-1-14 49152] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-6 46112] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-19 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-19 352920] R3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [2007-10-12 55808] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?] S3 PCProxy;PCProxy;c:\windows\system32\PCProxy.exe [2009-4-20 1364062] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2009-04-21 20:03 65,536 a------- c:\windows\wsaecmt.exe 2009-04-21 20:03 <DIR> --d----- c:\program files\CamFrog 2009-04-20 13:37 18 a------- C:\PQDVD.elog 2009-04-20 13:03 8,704 a------- c:\windows\system32\SpOrder.dll 2009-04-20 13:03 1,364,062 a------- c:\windows\system32\PCProxy.exe 2009-04-20 13:03 606,297 a------- c:\windows\system32\PCProxy.dll 2009-04-20 13:03 413,696 a------- c:\windows\system32\RegisterLSP.exe 2009-04-20 13:03 800 a------- c:\windows\system32\PCProxy.ini 2009-04-20 13:03 <DIR> --d----- c:\program files\IP Privacy 2009-04-16 20:11 <DIR> --d----- c:\program files\FLVPlayer 2009-04-16 13:31 54,156 a---h--- c:\windows\QTFont.qfn 2009-04-16 13:31 1,409 a------- c:\windows\QTFont.for 2009-04-15 20:30 284,160 -------- c:\windows\system32\dllcache\pdh.dll 2009-04-15 20:30 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 20:30 473,600 -------- c:\windows\system32\dllcache\fastprox.dll 2009-04-15 20:30 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 20:30 401,408 -------- c:\windows\system32\dllcache\rpcss.dll 2009-04-15 20:30 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 20:30 110,592 -------- c:\windows\system32\dllcache\services.exe 2009-04-15 20:30 714,752 -------- c:\windows\system32\dllcache\ntdll.dll 2009-04-15 20:30 617,472 -------- c:\windows\system32\dllcache\advapi32.dll 2009-04-15 18:26 <DIR> --d----- c:\program files\TrendyFlash Site Builder Trial 2009-04-14 11:41 299,008 a------- c:\windows\uninst.exe 2009-04-12 21:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Arovax 2009-04-12 21:42 <DIR> --d----- c:\program files\SmartHide 2009-04-09 21:03 <DIR> --d----- c:\docume~1\raman\applic~1\PQFLVDownloader 2009-04-09 21:03 <DIR> --d----- c:\program files\PQDVD 2009-04-09 19:53 20 a---h--- c:\windows\akebook.ini 2009-04-09 19:53 4 a---h--- c:\windows\a3kebook.ini 2009-04-09 19:53 59 a------- c:\windows\ANS2000.INI 2009-04-09 19:48 <DIR> --d----- c:\docume~1\raman\applic~1\EbkReader 2009-04-08 01:03 53,248 a------- c:\windows\system32\iXPIDatabase.ocx 2009-04-08 00:15 167 a------- c:\documents and settings\raman\udownload.dat 2009-04-07 12:36 25 a------- c:\windows\OverlayXP.ini 2009-04-07 12:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\webcamXP5 2009-04-07 12:35 <DIR> --d----- c:\program files\wLite 2009-04-03 20:26 <DIR> --d----- c:\program files\VoipBuster.com 2009-04-03 09:56 <DIR> --d----- C:\Need For Speed II SE 2009-04-03 09:04 <DIR> --d----- c:\program files\Super Internet TV 2009-03-31 22:41 152,904 a------- c:\windows\system32\vghd.scr 2009-03-31 22:41 <DIR> --d----- c:\program files\vghd 2009-03-31 22:41 <DIR> --d----- c:\docume~1\raman\applic~1\vghd 2009-03-28 09:55 78,942 a------- c:\windows\Icon_1.ico 2009-03-28 09:51 135,680 a------- c:\windows\taskmgr.exe 2009-03-28 09:30 1,031,680 a------- c:\windows\system32\ramos.exe 2009-03-26 09:45 0 a------- c:\windows\lk00000000.tmp 2009-03-26 09:41 197,120 a------- c:\windows\system32\mqapi.exe 2009-03-25 18:29 0 a------- c:\windows\LiveBilliards.INI 2009-03-23 19:01 <DIR> --d----- c:\program files\3D Live Pool 2009-03-23 09:46 <DIR> --d----- c:\windows\Governor of Poker 2009-03-23 09:46 <DIR> --d----- c:\program files\Governor of Poker ==================== Find3M ==================== 2009-04-01 17:29 3,123 a--shr-- c:\windows\media\scvhost.dll.vbe 2009-03-28 10:00 218,624 a------- c:\windows\system32\uxtheme.dll 2009-03-22 17:37 86,760 a---h--- c:\windows\system32\mlfcache.dat 2009-03-21 19:36 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-18 19:14 304,182 a------- C:\StiImg.dat 2009-03-14 18:47 737,280 a------- c:\windows\iun6002.exe 2009-03-08 15:27 81,920 a------- c:\docume~1\raman\applic~1\ezpinst.exe 2009-03-08 15:27 47,360 a------- c:\windows\system32\drivers\pcouffin.sys 2009-03-08 15:27 47,360 a------- c:\docume~1\raman\applic~1\pcouffin.sys 2009-03-06 19:52 284,160 a------- c:\windows\system32\pdh.dll 2009-02-24 18:42 116,736 a------- c:\windows\system32\drivers\mcdbus.sys 2009-02-21 19:57 0 ac--h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-02-21 19:57 0 ac--h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-16 18:38 139,264 a------- c:\windows\system32\hpzjrd01.dll 2009-02-09 17:40 729,088 a------- c:\windows\system32\lsasrv.dll 2009-02-09 17:40 714,752 a------- c:\windows\system32\ntdll.dll 2009-02-09 17:40 617,472 a------- c:\windows\system32\advapi32.dll 2009-02-09 17:40 401,408 a------- c:\windows\system32\rpcss.dll 2009-02-09 16:43 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-09 16:43 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-02-07 19:02 2,066,048 a------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-06 16:41 110,592 a------- c:\windows\system32\services.exe 2009-02-06 16:38 2,189,056 a------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 16:36 2,145,280 a------- c:\windows\system32\ntoskrnl.exe 2009-02-06 16:36 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 16:09 35,328 a------- c:\windows\system32\sc.exe 2009-02-06 16:09 35,328 a------- c:\windows\system32\dllcache\sc.exe 2009-02-06 16:02 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe 2009-02-06 16:02 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-04 01:29 56,832 a------- c:\windows\system32\secur32.dll 2009-02-04 01:29 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2009-02-03 16:18 92,663 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-02-03 16:18 45,056 ac------ c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe 2009-02-03 16:18 44,032 ac------ c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe 2009-02-03 16:18 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll 2009-02-03 16:18 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll 2009-02-03 16:18 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll 2009-02-03 16:18 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll 2009-02-03 16:18 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll 2009-02-03 16:18 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll 2009-02-01 12:00 118,842 a----r-- c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe 2009-02-01 12:00 14,237 a------- c:\windows\system32\CHODDI.SYS 2009-02-01 11:42 80,393 ac------ c:\windows\HPHins08.dat 2009-02-01 11:40 72,881 ac------ c:\windows\hpiins01.dat 2009-02-01 11:39 112,863 ac------ c:\windows\hpoins07.dat 2009-02-01 11:37 88,391 ac------ c:\windows\hpoins06.dat 2008-04-14 05:42 282,624 ---shr-- c:\windows\system32\mstwain.exe ============= FINISH: 20:31:07.89 =============== |
|
|
|
|
| Thread Tools | |
|
|
