Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Computer being ravaged by unknown virus
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 04-13-2009, 03:35 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 6
OS: XP


Computer being ravaged by unknown virus
Hello all,

I’m so sorry to bother you, I know how amazingly helpful and busy you are. I’m afraid my computer has been well and truly ravaged by a nefarious virus/malware and I would appreciate if anyone can offer me some advice to help me fix it. I apologise for not providing a Hijack This report, as you can see below my computer is refusing to let me access the file.

My config: Windows XP
Firefox 3.0
NVIDIA 7800 GTX
512MB RAM
(Can't navigate into system to see more )


Over the last week, every time I boot my PC 90% of the time once the desktop icons laod the computer will seize up and refuse to load. Often I can move the mouse, but the rest of the system is simply frozen and I’m forced to manually crash the computer. On many attempts to reboot the PC the power light will flick on for a second and abruptly shut off over and over again. Usually unplugging from the wall for a few mins will allow it to boot up ‘normally’ after that.

The other 10% of the time when it manages to boot the desktop, within 5 minutes the system freezes and crashes every time. I suspect it’s a virus/malware related because one major difference has been the changes to my internet browsing.

I currently use Firefox (latest version) and whenever I do a search the scroll bars on the bottom and right oddly stretch really wide and distort briefly, unlike I’ve ever seen before. Every time I attempt to search for virus removal etc and click the search result links, the browser is forcibly redirected (in a new window) to a range of fake virus removal sites. Whenever I search for any other normal sites the re-direction does not occur.

Also, I tried to download a number of free software packages including Super anti spyware, Spybot S&D. I can often navigate to the pages directly by cutting and pasting into the address bar, but once I start the download of the program, the virus cancels the download and promptly crashes the PC and won’t let me download any anti-virus software. All other unrelated downloads remain unaffected. The virus seems to know whenever I’m trying to get any help. I should note that the existing antivirus software I have installed can’t be opened either, they simply won’t load when I click them.

I have tried to follow the range of advice offered on this site to get the numerous reports etc, but the computer will not stay usable long enough for me to do the tests. Whenever I do anything virus related it crashes. I have also tried to system restore in safe mode to over a month ago but the program refuses to proceed once I select the revert date, it just becomes unresponsive.

This is driving me absolutely mental. I’m currently on my partner’s computer which sits right next to mine. Is there anything I can do? Any advice would be so fantastic. SOS!

-- I should also add that all of the aforementioned symptoms have all manifested in the last few days. I have never had any system booting, browsing, downloading issues previously.

== UPDATE: Computer will load 100% of the time now to desktop but freeze as soon as icons appear. Cursor remains functional, but loading hourglass stays when I try to highlight any icons/toolbar. Absolutely no way to navigate PC at all now . Any attempt to force Crl+Alt+Del before icons appear yields no response and prompts immediate freeze.
Astara123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-13-2009, 07:39 PM   #2 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 6
OS: XP


Re: Computer being ravaged by unknown virus
Please can nobody point me in the right direction? I work from home and desperately need my PC to at least boot properly without freezing so I can start to repair it.

Any advice would be so much appreciated.
Astara123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-13-2009, 09:44 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,893
OS: WinXP and Vista


Re: Computer being ravaged by unknown virus
Hello Astara123,

I'm sorry, but we can't work blindly here. Is Windows operational in Safe Mode? If so, follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help.

Download the 2 scanners to a flash drive and transfer them to the afflicted computer.

Run the tools as directed, and post the requested logs in your next reply.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-14-2009, 06:08 AM   #4 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 6
OS: XP


Re: Computer being ravaged by unknown virus
Hello Ried,

Thank you so much for taking the time to help me - I do appreciate how awesome and busy you and your group of volunteers are. I want to make sure I get my poor PC back in top gear asap and keep it there Thank you Thank you Thank you

Okay I managed to get the files you reccomended into Safe Mode and have provided the results as instructed. Please note: The Gmer.exe file would not load until I changed the files name a number of times. Hope this info helps.

DDS Report:

DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by Administrator at 18:57:04.87 on Tue 04/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.352 [GMT 10:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.fulldotfind.com/pubac/ac.php?aid=11&sid=v3009
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
mRun: [BDAgent] "c:\program files\softwin\bitdefender10\bdagent.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mediak~1.lnk - c:\program files\viewmate keyboard kc207\MagicKey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viewma~2.lnk - c:\program files\viewmate desktop cc2201\MagicKey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viewma~1.lnk - c:\program files\viewmate desktop cc2201\MulMouse.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\tim martin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {6508AF78-32C5-48A2-BC29-6D43B06BFCCA} = 208.67.220.220,208.67.222.222
TCP: {878AE3BA-5202-4C49-8BBB-A8B9CBF9C970} = 208.67.220.220,208.67.222.222
TCP: {AE8C4056-C5EE-42D5-ACD0-61C6457AA694} = 208.67.220.220,208.67.222.222
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ww4eqcma.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-10-7 26112]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [2005-10-8 18220]
S1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2005-10-8 11776]
S1 MUsbFltr;WayTechMUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2005-10-8 6528]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-10-7 1287296]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-4 33752]
S3 new_drv;!!!!;\??\c:\windows\new_drv.sys --> c:\windows\new_drv.sys [?]

=============== Created Last 30 ================

2009-04-11 20:28 <DIR> --d----- c:\program files\ViewMate Keyboard KC207
2009-04-11 09:48 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-11 09:48 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-04-14 18:49 81,984 a------- c:\windows\system32\bdod.bin
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 21:13 1,846,784 a------- c:\windows\system32\win32k.sys
2001-11-23 11:08 712,704 a----r-- c:\windows\inf\other\AUDIO3D.DLL
2008-10-10 19:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101020081011\index.dat

============= FINISH: 18:58:40.81 ===============
Attached Files
File Type: zip Attach.zip (3.9 KB, 3 views)
Astara123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-14-2009, 03:19 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,893
OS: WinXP and Vista


Re: Computer being ravaged by unknown virus
Good work, Astara123.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.


***************************************************

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.


***************************************************

Download ComboFix.exe from here

**Note: It is important that it is saved directly to your desktop**

================================


With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






===========================

Transfer the tools to the afflicted computer. Safe Mode if necessary.

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.



  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-15-2009, 05:05 AM   #6 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 6
OS: XP


Re: Computer being ravaged by unknown virus
Hi Ried,

Okay I have now completed the ComboFix component.
Just to let you know:
  • Combofix would not operate until I changed the name, much like the gmer.exe file.
  • The Combofix requested BitDefender be removed before proceeding. Thankfully I was able to get into normal mode long enough to remove the program before it siezed up again.

ComboFix Report:

Initial text box requested I make a note of these files prior to full scan:

C:\WINDOWS\system32\drivers\UACuwfdbexh.sys
C:\WINDOWS\system32\UACpylkrjet.dll
C:\WINDOWS\system32\UACnkeppbqd.dat
C:\WINDOWS\system32\UACibapunqi.dll
C:\WINDOWS\system32\UAChiquoecl.dll
C:\WINDOWS\system32\UACiasrpdsn.dll
C:\WINDOWS\system32\UACbyngysoy.dll
C:\WINDOWS\system32\UACpynawxir.log
C:\WINDOWS\system32\UACtibmntul.log
C:\WINDOWS\system32\UACtepakyfq.log

Scan Report:

ComboFix 09-04-15.08 - Tim Martin 15/04/2009 20:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.323 [GMT 10:00]
Running from: c:\documents and settings\Administrator\Desktop\Comboooofix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10012671.exe
c:\windows\10034906.exe
c:\windows\10057156.exe
c:\windows\10079390.exe
c:\windows\10101609.exe
c:\windows\1012078.exe
c:\windows\10123843.exe
c:\windows\10146031.exe
c:\windows\10168250.exe
c:\windows\10190484.exe
c:\windows\10212703.exe
c:\windows\10235000.exe
c:\windows\10257218.exe
c:\windows\10279421.exe
c:\windows\10304625.exe
c:\windows\10326828.exe
c:\windows\1034312.exe
c:\windows\10349046.exe
c:\windows\10374156.exe
c:\windows\10396421.exe
c:\windows\10418781.exe
c:\windows\10441187.exe
c:\windows\10463437.exe
c:\windows\10485687.exe
c:\windows\10507890.exe
c:\windows\10530125.exe
c:\windows\10552312.exe
c:\windows\1056562.exe
c:\windows\10574625.exe
c:\windows\10596812.exe
c:\windows\10619031.exe
c:\windows\10641281.exe
c:\windows\10663531.exe
c:\windows\10685750.exe
c:\windows\10707968.exe
c:\windows\10730171.exe
c:\windows\10752406.exe
c:\windows\10774640.exe
c:\windows\1078796.exe
c:\windows\10796843.exe
c:\windows\10819078.exe
c:\windows\10841312.exe
c:\windows\10863562.exe
c:\windows\10885796.exe
c:\windows\10908000.exe
c:\windows\10930218.exe
c:\windows\10952406.exe
c:\windows\10974640.exe
c:\windows\10997046.exe
c:\windows\1101046.exe
c:\windows\11022265.exe
c:\windows\11044484.exe
c:\windows\11066687.exe
c:\windows\11089000.exe
c:\windows\11111265.exe
c:\windows\11133546.exe
c:\windows\11155781.exe
c:\windows\11178031.exe
c:\windows\11200250.exe
c:\windows\11222453.exe
c:\windows\1123296.exe
c:\windows\11244656.exe
c:\windows\11266859.exe
c:\windows\11289109.exe
c:\windows\11311312.exe
c:\windows\11333531.exe
c:\windows\11355734.exe
c:\windows\11378109.exe
c:\windows\11400484.exe
c:\windows\11422843.exe
c:\windows\11445109.exe
c:\windows\1145515.exe
c:\windows\11467343.exe
c:\windows\11489593.exe
c:\windows\11511828.exe
c:\windows\11534078.exe
c:\windows\11556296.exe
c:\windows\11578500.exe
c:\windows\11600703.exe
c:\windows\11622906.exe
c:\windows\11645093.exe
c:\windows\11667750.exe
c:\windows\11689984.exe
c:\windows\1170593.exe
c:\windows\11712218.exe
c:\windows\11734437.exe
c:\windows\11756625.exe
c:\windows\11778890.exe
c:\windows\11801093.exe
c:\windows\11823343.exe
c:\windows\11845546.exe
c:\windows\11867734.exe
c:\windows\11890000.exe
c:\windows\11912281.exe
c:\windows\1192828.exe
c:\windows\11934515.exe
c:\windows\11956828.exe
c:\windows\11979078.exe
c:\windows\12001296.exe
c:\windows\12023656.exe
c:\windows\12045906.exe
c:\windows\12068156.exe
c:\windows\12090390.exe
c:\windows\12115593.exe
c:\windows\12137890.exe
c:\windows\1215093.exe
c:\windows\12160140.exe
c:\windows\12182765.exe
c:\windows\12205031.exe
c:\windows\12227203.exe
c:\windows\12249406.exe
c:\windows\122578.exe
c:\windows\12271656.exe
c:\windows\12293859.exe
c:\windows\12316078.exe
c:\windows\12338281.exe
c:\windows\12360625.exe
c:\windows\1237359.exe
c:\windows\12382843.exe
c:\windows\12405078.exe
c:\windows\12427296.exe
c:\windows\12449484.exe
c:\windows\12471671.exe
c:\windows\12493875.exe
c:\windows\12516093.exe
c:\windows\12538453.exe
c:\windows\12560671.exe
c:\windows\12582921.exe
c:\windows\1259562.exe
c:\windows\12605125.exe
c:\windows\12627328.exe
c:\windows\12649546.exe
c:\windows\12671781.exe
c:\windows\12693968.exe
c:\windows\12716187.exe
c:\windows\12738406.exe
c:\windows\12760812.exe
c:\windows\12783187.exe
c:\windows\12805406.exe
c:\windows\1281781.exe
c:\windows\128203.exe
c:\windows\12827640.exe
c:\windows\12849921.exe
c:\windows\12872140.exe
c:\windows\12894390.exe
c:\windows\12916609.exe
c:\windows\12938843.exe
c:\windows\12961062.exe
c:\windows\12983328.exe
c:\windows\13005500.exe
c:\windows\13027718.exe
c:\windows\1304093.exe
c:\windows\13049968.exe
c:\windows\13072265.exe
c:\windows\13094453.exe
c:\windows\13116656.exe
c:\windows\13138843.exe
c:\windows\13161046.exe
c:\windows\13183296.exe
c:\windows\13205500.exe
c:\windows\13227781.exe
c:\windows\13249953.exe
c:\windows\1326328.exe
c:\windows\13272218.exe
c:\windows\13294437.exe
c:\windows\13316703.exe
c:\windows\13338984.exe
c:\windows\13361500.exe
c:\windows\13383718.exe
c:\windows\13405968.exe
c:\windows\13428281.exe
c:\windows\13450546.exe
c:\windows\13472781.exe
c:\windows\1348593.exe
c:\windows\13495015.exe
c:\windows\13517234.exe
c:\windows\13539437.exe
c:\windows\13561750.exe
c:\windows\13583984.exe
c:\windows\13606218.exe
c:\windows\13628406.exe
c:\windows\13650625.exe
c:\windows\13672843.exe
c:\windows\13695062.exe
c:\windows\1370812.exe
c:\windows\13717328.exe
c:\windows\13739531.exe
c:\windows\13761734.exe
c:\windows\13783921.exe
c:\windows\13806109.exe
c:\windows\13828296.exe
c:\windows\13850625.exe
c:\windows\13872890.exe
c:\windows\13895078.exe
c:\windows\13917312.exe
c:\windows\1393031.exe
c:\windows\13939781.exe
c:\windows\13962000.exe
c:\windows\13984234.exe
c:\windows\14006546.exe
c:\windows\14028750.exe
c:\windows\14051000.exe
c:\windows\14073203.exe
c:\windows\14095437.exe
c:\windows\14117687.exe
c:\windows\14139921.exe
c:\windows\1415218.exe
c:\windows\14162125.exe
c:\windows\14184343.exe
c:\windows\14206562.exe
c:\windows\14228890.exe
c:\windows\14251125.exe
c:\windows\14273328.exe
c:\windows\14295578.exe
c:\windows\14317843.exe
c:\windows\14340062.exe
c:\windows\14362359.exe
c:\windows\1437453.exe
c:\windows\14384578.exe
c:\windows\14406781.exe
c:\windows\14429046.exe
c:\windows\14451250.exe
c:\windows\14473500.exe
c:\windows\14495843.exe
c:\windows\14518406.exe
c:\windows\14540640.exe
c:\windows\14562937.exe
c:\windows\14585171.exe
c:\windows\145953.exe
c:\windows\1459718.exe
c:\windows\14607437.exe
c:\windows\14629640.exe
c:\windows\146484.exe
c:\windows\14651843.exe
c:\windows\14674093.exe
c:\windows\14696328.exe
c:\windows\14718546.exe
c:\windows\14740781.exe
c:\windows\14762984.exe
c:\windows\14788203.exe
c:\windows\14810421.exe
c:\windows\1481937.exe
c:\windows\14832640.exe
c:\windows\14854843.exe
c:\windows\14877062.exe
c:\windows\14899234.exe
c:\windows\14921453.exe
c:\windows\14943671.exe
c:\windows\14965953.exe
c:\windows\14988125.exe
c:\windows\15010578.exe
c:\windows\15032875.exe
c:\windows\1504140.exe
c:\windows\15055109.exe
c:\windows\15077312.exe
c:\windows\15099515.exe
c:\windows\15121781.exe
c:\windows\15144031.exe
c:\windows\15166281.exe
c:\windows\15188500.exe
c:\windows\15210703.exe
c:\windows\15232921.exe
c:\windows\15255109.exe
c:\windows\1526640.exe
c:\windows\15277343.exe
c:\windows\15299546.exe
c:\windows\15321750.exe
c:\windows\15343937.exe
c:\windows\15366140.exe
c:\windows\15388343.exe
c:\windows\15410578.exe
c:\windows\15432828.exe
c:\windows\15455062.exe
c:\windows\15477281.exe
c:\windows\15499500.exe
c:\windows\1551937.exe
c:\windows\15521734.exe
c:\windows\15543953.exe
c:\windows\15566187.exe
c:\windows\15588406.exe
c:\windows\15610906.exe
c:\windows\15633140.exe
c:\windows\15655375.exe
c:\windows\15677593.exe
c:\windows\15699796.exe
c:\windows\15722015.exe
c:\windows\1574171.exe
c:\windows\15744234.exe
c:\windows\15766453.exe
c:\windows\15788671.exe
c:\windows\15810875.exe
c:\windows\15833062.exe
c:\windows\15855281.exe
c:\windows\15877546.exe
c:\windows\15899828.exe
c:\windows\15922031.exe
c:\windows\15944234.exe
c:\windows\1596421.exe
c:\windows\15966406.exe
c:\windows\15988640.exe
c:\windows\16010937.exe
c:\windows\16033187.exe
c:\windows\16055484.exe
c:\windows\16077718.exe
c:\windows\16099937.exe
c:\windows\16122156.exe
c:\windows\16144328.exe
c:\windows\16166578.exe
c:\windows\1618687.exe
c:\windows\16188812.exe
c:\windows\16211328.exe
c:\windows\16233515.exe
c:\windows\16255718.exe
c:\windows\16277984.exe
c:\windows\16300281.exe
c:\windows\16322484.exe
c:\windows\16344671.exe
c:\windows\16366859.exe
c:\windows\16389093.exe
c:\windows\1640921.exe
c:\windows\16414296.exe
c:\windows\16436500.exe
c:\windows\16458875.exe
c:\windows\16481078.exe
c:\windows\16503296.exe
c:\windows\16525531.exe
c:\windows\16547765.exe
c:\windows\16570046.exe
c:\windows\16592234.exe
c:\windows\16614453.exe
c:\windows\1663093.exe
c:\windows\16636671.exe
c:\windows\16658921.exe
c:\windows\16681156.exe
c:\windows\16703343.exe
c:\windows\16725640.exe
c:\windows\16747859.exe
c:\windows\16770078.exe
c:\windows\16792859.exe
c:\windows\16815187.exe
c:\windows\168203.exe
c:\windows\16840406.exe
c:\windows\1685265.exe
c:\windows\16862625.exe
c:\windows\16884859.exe
c:\windows\16907140.exe
c:\windows\16929375.exe
c:\windows\16951687.exe
c:\windows\16973875.exe
c:\windows\16996093.exe
c:\windows\17018453.exe
c:\windows\17040890.exe
c:\windows\17063593.exe
c:\windows\1707484.exe
c:\windows\17085953.exe
c:\windows\17108156.exe
c:\windows\17130359.exe
c:\windows\17152578.exe
c:\windows\17174812.exe
c:\windows\17197031.exe
c:\windows\17219218.exe
c:\windows\17241421.exe
c:\windows\17263640.exe
c:\windows\17285843.exe
c:\windows\1729703.exe
c:\windows\17308078.exe
c:\windows\17330281.exe
c:\windows\17352500.exe
c:\windows\17374718.exe
c:\windows\17396906.exe
c:\windows\17422171.exe
c:\windows\17444421.exe
c:\windows\17466640.exe
c:\windows\17488937.exe
c:\windows\17511250.exe
c:\windows\1751937.exe
c:\windows\17533453.exe
c:\windows\17555718.exe
c:\windows\17577953.exe
c:\windows\17600140.exe
c:\windows\17622328.exe
c:\windows\17644546.exe
c:\windows\17666750.exe
c:\windows\17688968.exe
c:\windows\17711171.exe
c:\windows\17733390.exe
c:\windows\1774171.exe
c:\windows\17755625.exe
c:\windows\17777875.exe
c:\windows\17800093.exe
c:\windows\17822296.exe
c:\windows\17844515.exe
c:\windows\17866750.exe
c:\windows\178843.exe
c:\windows\17888984.exe
c:\windows\17911187.exe
c:\windows\17933390.exe
c:\windows\17956015.exe
c:\windows\17978234.exe
c:\windows\1799453.exe
c:\windows\18000562.exe
c:\windows\18022828.exe
c:\windows\18045062.exe
c:\windows\18067281.exe
c:\windows\18089562.exe
c:\windows\18111906.exe
c:\windows\18134250.exe
c:\windows\18156515.exe
c:\windows\18178734.exe
c:\windows\18200953.exe
c:\windows\18223171.exe
c:\windows\18245359.exe
c:\windows\1824671.exe
c:\windows\18267609.exe
c:\windows\18289828.exe
c:\windows\18312093.exe
c:\windows\18334296.exe
c:\windows\18356531.exe
c:\windows\18378796.exe
c:\windows\18401015.exe
c:\windows\18423234.exe
c:\windows\18445453.exe
c:\windows\18467718.exe
c:\windows\1846890.exe
c:\windows\18489953.exe
c:\windows\18512171.exe
c:\windows\18534375.exe
c:\windows\18556609.exe
c:\windows\18578828.exe
c:\windows\18601062.exe
c:\windows\18623296.exe
c:\windows\18645531.exe
c:\windows\18667750.exe
c:\windows\18690000.exe
c:\windows\1869125.exe
c:\windows\18712203.exe
c:\windows\18734406.exe
c:\windows\18756640.exe
c:\windows\18779343.exe
c:\windows\18801609.exe
c:\windows\18823828.exe
c:\windows\18846078.exe
c:\windows\18868375.exe
c:\windows\18890656.exe
c:\windows\18912875.exe
c:\windows\1891328.exe
c:\windows\18935078.exe
c:\windows\18957390.exe
c:\windows\18979656.exe
c:\windows\19001875.exe
c:\windows\19024078.exe
c:\windows\19046328.exe
c:\windows\190468.exe
c:\windows\19068578.exe
c:\windows\19090843.exe
c:\windows\19113125.exe
c:\windows\1913531.exe
c:\windows\19135343.exe
c:\windows\19157562.exe
c:\windows\19179812.exe
c:\windows\19202062.exe
c:\windows\19224265.exe
c:\windows\19246484.exe
c:\windows\19268765.exe
c:\windows\19290984.exe
c:\windows\19313187.exe
c:\windows\19335406.exe
c:\windows\1935750.exe
c:\windows\19358046.exe
c:\windows\19383218.exe
c:\windows\19405453.exe
c:\windows\19427687.exe
c:\windows\19449968.exe
c:\windows\19472187.exe
c:\windows\19494421.exe
c:\windows\19516671.exe
c:\windows\195203.exe
c:\windows\19538937.exe
c:\windows\19561187.exe
c:\windows\1957937.exe
c:\windows\19583453.exe
c:\windows\19605812.exe
c:\windows\19628218.exe
c:\windows\19653484.exe
c:\windows\19675718.exe
c:\windows\19697953.exe
c:\windows\19720265.exe
c:\windows\19742531.exe
c:\windows\19764781.exe
c:\windows\19787375.exe
c:\windows\1980156.exe
c:\windows\19809625.exe
c:\windows\19831859.exe
c:\windows\19854218.exe
c:\windows\19876687.exe
c:\windows\19902140.exe
c:\windows\19924515.exe
c:\windows\19946750.exe
c:\windows\19968984.exe
c:\windows\19991250.exe
c:\windows\20013515.exe
c:\windows\2002406.exe
c:\windows\20035765.exe
c:\windows\20058031.exe
c:\windows\20080328.exe
c:\windows\20102593.exe
c:\windows\20124812.exe
c:\windows\20147062.exe
c:\windows\20169312.exe
c:\windows\20191546.exe
c:\windows\20213781.exe
c:\windows\20236015.exe
c:\windows\2024609.exe
c:\windows\20258265.exe
c:\windows\20280875.exe
c:\windows\20303125.exe
c:\windows\20325375.exe
c:\windows\20347625.exe
c:\windows\20369875.exe
c:\windows\20392109.exe
c:\windows\20414343.exe
c:\windows\20436593.exe
c:\windows\20458828.exe
c:\windows\2046828.exe
c:\windows\20481078.exe
c:\windows\20503359.exe
c:\windows\20525593.exe
c:\windows\20547828.exe
c:\windows\20570093.exe
c:\windows\20592343.exe
c:\windows\20614625.exe
c:\windows\20636859.exe
c:\windows\20659125.exe
c:\windows\20681359.exe
c:\windows\2069031.exe
c:\windows\20703609.exe
c:\windows\20725859.exe
c:\windows\20748109.exe
c:\windows\20770328.exe
c:\windows\20792578.exe
c:\windows\20814828.exe
c:\windows\20837109.exe
c:\windows\20859562.exe
c:\windows\208625.exe
c:\windows\20881875.exe
c:\windows\20904125.exe
c:\windows\2091562.exe
c:\windows\20926406.exe
c:\windows\20948656.exe
c:\windows\20970921.exe
c:\windows\20993156.exe
c:\windows\21015562.exe
c:\windows\21037921.exe
c:\windows\21060187.exe
c:\windows\21082531.exe
c:\windows\21104812.exe
c:\windows\21127046.exe
c:\windows\2113781.exe
c:\windows\21149296.exe
c:\windows\21171562.exe
c:\windows\21193828.exe
c:\windows\21216062.exe
c:\windows\21238375.exe
c:\windows\212546.exe
c:\windows\21260625.exe
c:\windows\21282875.exe
c:\windows\21305140.exe
c:\windows\21327421.exe
c:\windows\21349703.exe
c:\windows\2136046.exe
c:\windows\21371953.exe
c:\windows\21394234.exe
c:\windows\21416515.exe
c:\windows\21439125.exe
c:\windows\21461343.exe
c:\windows\21483625.exe
c:\windows\21505890.exe
c:\windows\21528187.exe
c:\windows\21550453.exe
c:\windows\21572718.exe
c:\windows\2158265.exe
c:\windows\21594953.exe
c:\windows\21617234.exe
c:\windows\21639484.exe
c:\windows\21661703.exe
c:\windows\21683937.exe
c:\windows\21709187.exe
c:\windows\21731453.exe
c:\windows\21753703.exe
c:\windows\21775968.exe
c:\windows\21798218.exe
c:\windows\2180906.exe
c:\windows\21820484.exe
c:\windows\21842718.exe
c:\windows\21864968.exe
c:\windows\21887234.exe
c:\windows\21909484.exe
c:\windows\21931953.exe
c:\windows\21954343.exe
c:\windows\21976625.exe
c:\windows\21998906.exe
c:\windows\22021171.exe
c:\windows\2203140.exe
c:\windows\22043437.exe
c:\windows\22065687.exe
c:\windows\22090968.exe
c:\windows\22113281.exe
c:\windows\22135531.exe
c:\windows\22157765.exe
c:\windows\22180062.exe
c:\windows\22202281.exe
c:\windows\22224546.exe
c:\windows\22246796.exe
c:\windows\2225421.exe
c:\windows\22269046.exe
c:\windows\22291312.exe
c:\windows\22313562.exe
c:\windows\22335796.exe
c:\windows\22361375.exe
c:\windows\22383671.exe
c:\windows\22408937.exe
c:\windows\22431234.exe
c:\windows\22453468.exe
c:\windows\22475734.exe
c:\windows\2247718.exe
c:\windows\22498000.exe
c:\windows\22520250.exe
c:\windows\22542515.exe
c:\windows\22564765.exe
c:\windows\22587031.exe
c:\windows\22609296.exe
c:\windows\22631546.exe
c:\windows\22653812.exe
c:\windows\22676062.exe
c:\windows\22698328.exe
c:\windows\2269953.exe
c:\windows\22720578.exe
c:\windows\22742828.exe
c:\windows\22765093.exe
c:\windows\22787359.exe
c:\windows\22809609.exe
c:\windows\22831859.exe
c:\windows\22854093.exe
c:\windows\22876671.exe
c:\windows\22898921.exe
c:\windows\22921171.exe
c:\windows\2292171.exe
c:\windows\22946437.exe
c:\windows\22968687.exe
c:\windows\22990937.exe
c:\windows\23013187.exe
c:\windows\23035421.exe
c:\windows\23057687.exe
c:\windows\23079937.exe
c:\windows\231000.exe
c:\windows\23102187.exe
c:\windows\23124437.exe
c:\windows\23146687.exe
c:\windows\23168937.exe
c:\windows\2317515.exe
c:\windows\23191203.exe
c:\windows\23213468.exe
c:\windows\23235687.exe
c:\windows\23257953.exe
c:\windows\23280218.exe
c:\windows\23302484.exe
c:\windows\23324734.exe
c:\windows\23346953.exe
c:\windows\23369390.exe
c:\windows\23391828.exe
c:\windows\2339718.exe
c:\windows\23414125.exe
c:\windows\23436359.exe
c:\windows\23458609.exe
c:\windows\23480843.exe
c:\windows\234843.exe
c:\windows\23503140.exe
c:\windows\23525390.exe
c:\windows\23547656.exe
c:\windows\23569906.exe
c:\windows\23592296.exe
c:\windows\23614531.exe
c:\windows\2361968.exe
c:\windows\23636796.exe
c:\windows\23659062.exe
c:\windows\23681312.exe
c:\windows\23703578.exe
c:\windows\23725828.exe
c:\windows\23748093.exe
c:\windows\23770359.exe
c:\windows\23792625.exe
c:\windows\23814875.exe
c:\windows\23837109.exe
c:\windows\2384218.exe
c:\windows\23859390.exe
c:\windows\23881656.exe
c:\windows\23903875.exe
c:\windows\23926125.exe
c:\windows\23948484.exe
c:\windows\23970984.exe
c:\windows\23993250.exe
c:\windows\24015515.exe
c:\windows\24037796.exe
c:\windows\24060062.exe
c:\windows\2406421.exe
c:\windows\24082390.exe
c:\windows\24104656.exe
c:\windows\24126906.exe
c:\windows\24149156.exe
c:\windows\24171453.exe
c:\windows\24193703.exe
c:\windows\24215968.exe
c:\windows\24238218.exe
c:\windows\24260468.exe
c:\windows\24282718.exe
c:\windows\2428656.exe
c:\windows\24304953.exe
c:\windows\24327218.exe
c:\windows\24349484.exe
c:\windows\24371765.exe
c:\windows\24393984.exe
c:\windows\24416234.exe
c:\windows\24438484.exe
c:\windows\24460734.exe
c:\windows\24483000.exe
c:\windows\24505265.exe
c:\windows\2450875.exe
c:\windows\24527515.exe
c:\windows\24550140.exe
c:\windows\24572406.exe
c:\windows\24594671.exe
c:\windows\24619937.exe
c:\windows\24642187.exe
c:\windows\24664453.exe
c:\windows\24686687.exe
c:\windows\24708921.exe
c:\windows\2473093.exe
c:\windows\24731203.exe
c:\windows\24753453.exe
c:\windows\24775703.exe
c:\windows\24797953.exe
c:\windows\24820203.exe
c:\windows\24845453.exe
c:\windows\24867734.exe
c:\windows\24889968.exe
c:\windows\24912234.exe
c:\windows\24934484.exe
c:\windows\2495328.exe
c:\windows\24959609.exe
c:\windows\24981859.exe
c:\windows\25004125.exe
c:\windows\25026375.exe
c:\windows\25048625.exe
c:\windows\25070875.exe
c:\windows\25093109.exe
c:\windows\25115359.exe
c:\windows\25137593.exe
c:\windows\25159843.exe
c:\windows\2517546.exe
c:\windows\25182140.exe
c:\windows\25204390.exe
c:\windows\25226656.exe
c:\windows\25248937.exe
c:\windows\25271250.exe
c:\windows\25293468.exe
c:\windows\25315718.exe
c:\windows\253328.exe
c:\windows\25338140.exe
c:\windows\25360421.exe
c:\windows\25382687.exe
c:\windows\2539781.exe
c:\windows\25407968.exe
c:\windows\25430265.exe
c:\windows\25452531.exe
c:\windows\25474781.exe
c:\windows\25497093.exe
c:\windows\25519343.exe
c:\windows\25541593.exe
c:\windows\25563859.exe
c:\windows\25586125.exe
c:\windows\25608421.exe
c:\windows\25630671.exe
c:\windows\2565031.exe
c:\windows\25652937.exe
c:\windows\25675187.exe
c:\windows\25697453.exe
c:\windows\256984.exe
c:\windows\25719703.exe
c:\windows\25741953.exe
c:\windows\25764218.exe
c:\windows\25786468.exe
c:\windows\25808718.exe
c:\windows\25830984.exe
c:\windows\25853234.exe
c:\windows\25875531.exe
c:\windows\25897812.exe
c:\windows\2590265.exe
c:\windows\25920078.exe
c:\windows\25942375.exe
c:\windows\25964687.exe
c:\windows\25987312.exe
c:\windows\26012593.exe
c:\windows\26034859.exe
c:\windows\26057125.exe
c:\windows\26079390.exe
c:\windows\26101656.exe
c:\windows\26123906.exe
c:\windows\2612500.exe
c:\windows\26146203.exe
c:\windows\26168468.exe
c:\windows\26190703.exe
c:\windows\26212921.exe
c:\windows\26235171.exe
c:\windows\26257437.exe
c:\windows\26279718.exe
c:\windows\26301984.exe
c:\windows\26324250.exe
c:\windows\26346500.exe
c:\windows\2634796.exe
c:\windows\26368765.exe
c:\windows\26390984.exe
c:\windows\26413218.exe
c:\windows\26435515.exe
c:\windows\26457765.exe
c:\windows\26480203.exe
c:\windows\26505484.exe
c:\windows\26527750.exe
c:\windows\26550000.exe
c:\windows\2657015.exe
c:\windows\26572234.exe
c:\windows\26594531.exe
c:\windows\26616843.exe
c:\windows\26639078.exe
c:\windows\26661359.exe
c:\windows\26683625.exe
c:\windows\26705890.exe
c:\windows\26728156.exe
c:\windows\26750437.exe
c:\windows\26772703.exe
c:\windows\26794968.exe
c:\windows\26817250.exe
c:\windows\2682234.exe
c:\windows\26839500.exe
c:\windows\26861750.exe
c:\windows\26884015.exe
c:\windows\26906375.exe
c:\windows\26928640.exe
c:\windows\26950875.exe
c:\windows\26973156.exe
c:\windows\26995718.exe
c:\windows\27017984.exe
c:\windows\27040281.exe
c:\windows\27062546.exe
c:\windows\2707468.exe
c:\windows\27088062.exe
c:\windows\27110343.exe
c:\windows\27132625.exe
c:\windows\27154890.exe
c:\windows\27177156.exe
c:\windows\27199406.exe
c:\windows\27221671.exe
c:\windows\27243921.exe
c:\windows\27266281.exe
c:\windows\27288531.exe
c:\windows\2729734.exe
c:\windows\27310750.exe
c:\windows\27333093.exe
c:\windows\27355453.exe
c:\windows\27377796.exe
c:\windows\27400062.exe
c:\windows\27422281.exe
c:\windows\27444640.exe
c:\windows\27467000.exe
c:\windows\27492296.exe
c:\windows\27514515.exe
c:\windows\2751921.exe
c:\windows\27536843.exe
c:\windows\27562156.exe
c:\windows\27584656.exe
c:\windows\27607000.exe
c:\windows\27629281.exe
c:\windows\27654562.exe
c:\windows\27676890.exe
c:\windows\27699203.exe
c:\windows\27721500.exe
c:\windows\2774140.exe
c:\windows\27743796.exe
c:\windows\27766078.exe
c:\windows\27788375.exe
c:\windows\27810984.exe
c:\windows\27833375.exe
c:\windows\27855687.exe
c:\windows\27878000.exe
c:\windows\27900375.exe
c:\windows\27922640.exe
c:\windows\279390.exe
c:\windows\27945046.exe
c:\windows\2796328.exe
c:\windows\27970328.exe
c:\windows\27992640.exe
c:\windows\28015015.exe
c:\windows\28037312.exe
c:\windows\28059781.exe
c:\windows\28082093.exe
c:\windows\28104468.exe
c:\windows\28126781.exe
c:\windows\28149078.exe
c:\windows\28171375.exe
c:\windows\2818562.exe
c:\windows\28193703.exe
c:\windows\28216031.exe
c:\windows\28238359.exe
c:\windows\28260703.exe
c:\windows\28282984.exe
c:\windows\28305343.exe
c:\windows\28327640.exe
c:\windows\28350015.exe
c:\windows\28372578.exe
c:\windows\28395062.exe
c:\windows\2840828.exe
c:\windows\28417421.exe
c:\windows\28439765.exe
c:\windows\28465187.exe
c:\windows\284828.exe
c:\windows\28487531.exe
c:\windows\28509875.exe
c:\windows\28532218.exe
c:\windows\28554546.exe
c:\windows\28576937.exe
c:\windows\28599265.exe
c:\windows\28621578.exe
c:\windows\2863093.exe
c:\windows\28646953.exe
c:\windows\28669359.exe
c:\windows\28691734.exe
c:\windows\28714109.exe
c:\windows\28736468.exe
c:\windows\28758812.exe
c:\windows\28781312.exe
c:\windows\28803718.exe
c:\windows\28826093.exe
c:\windows\28848390.exe
c:\windows\2885406.exe
c:\windows\28870796.exe
c:\windows\28893125.exe
c:\windows\28915468.exe
c:\windows\28940781.exe
c:\windows\28963171.exe
c:\windows\28985609.exe
c:\windows\29007984.exe
c:\windows\29030390.exe
c:\windows\29055718.exe
c:\windows\2907593.exe
c:\windows\29078093.exe
c:\windows\29100468.exe
c:\windows\29122828.exe
c:\windows\29145140.exe
c:\windows\29167484.exe
c:\windows\29189781.exe
c:\windows\29212156.exe
c:\windows\29234562.exe
c:\windows\29257234.exe
c:\windows\29279656.exe
c:\windows\2929859.exe
c:\windows\29302078.exe
c:\windows\29324437.exe
c:\windows\29349843.exe
c:\windows\29372218.exe
c:\windows\29394531.exe
c:\windows\29416906.exe
c:\windows\29439312.exe
c:\windows\29461718.exe
c:\windows\29484078.exe
c:\windows\29506421.exe
c:\windows\2952093.exe
c:\windows\29528796.exe
c:\windows\29551218.exe
c:\windows\29573750.exe
c:\windows\29596437.exe
c:\windows\29619078.exe
c:\windows\29644828.exe
c:\windows\29667640.exe
c:\windows\29690406.exe
c:\windows\29713328.exe
c:\windows\29735687.exe
c:\windows\2974312.exe
c:\windows\29758078.exe
c:\windows\29780750.exe
c:\windows\29803093.exe
c:\windows\29825421.exe
c:\windows\29847921.exe
c:\windows\29870484.exe
c:\windows\29892859.exe
c:\windows\29915218.exe
c:\windows\29937609.exe
c:\windows\29962984.exe
c:\windows\29985390.exe
c:\windows\2999531.exe
c:\windows\30007750.exe
c:\windows\30030125.exe
c:\windows\30052531.exe
c:\windows\30074953.exe
c:\windows\30097343.exe
c:\windows\30119781.exe
c:\windows\30142171.exe
c:\windows\301453.exe
c:\windows\30164562.exe
c:\windows\30186968.exe
c:\windows\30209375.exe
c:\windows\3022140.exe
c:\windows\30231750.exe
c:\windows\30254125.exe
c:\windows\30276484.exe
c:\windows\30298843.exe
c:\windows\30321515.exe
c:\windows\30343921.exe
c:\windows\30366312.exe
c:\windows\30388718.exe
c:\windows\30411109.exe
c:\windows\30433515.exe
c:\windows\3044375.exe
c:\windows\30455906.exe
c:\windows\30478296.exe
c:\windows\30503640.exe
c:\windows\30526046.exe
c:\windows\30548437.exe
c:\windows\30570812.exe
c:\windows\30593218.exe
c:\windows\30615625.exe
c:\windows\30638046.exe
c:\windows\30660453.exe
c:\windows\3066609.exe
c:\windows\30685890.exe
c:\windows\30708281.exe
c:\windows\30730703.exe
c:\windows\30753109.exe
c:\windows\30775531.exe
c:\windows\30798140.exe
c:\windows\30820578.exe
c:\windows\30842984.exe
c:\windows\30865406.exe
c:\windows\30887812.exe
c:\windows\3088828.exe
c:\windows\30910234.exe
c:\windows\30932656.exe
c:\windows\30955046.exe
c:\windows\30977437.exe
c:\windows\30999812.exe
c:\windows\31022203.exe
c:\windows\31044609.exe
c:\windows\310453.exe
c:\windows\31067015.exe
c:\windows\31089421.exe
c:\windows\3111046.exe
c:\windows\31111781.exe
c:\windows\31134187.exe
c:\windows\31156578.exe
c:\windows\31178937.exe
c:\windows\31201359.exe
c:\windows\31223781.exe
c:\windows\31246187.exe
c:\windows\31268562.exe
c:\windows\31293953.exe
c:\windows\31316375.exe
c:\windows\3133281.exe
c:\windows\31338687.exe
c:\windows\31361031.exe
c:\windows\31383390.exe
c:\windows\31406046.exe
c:\windows\31428421.exe
c:\windows\31450828.exe
c:\windows\31473234.exe
c:\windows\31495640.exe
c:\windows\31517953.exe
c:\windows\31540328.exe
c:\windows\3155500.exe
c:\windows\31562718.exe
c:\windows\31585109.exe
c:\windows\31607453.exe
c:\windows\31629781.exe
c:\windows\31652187.exe
c:\windows\31674562.exe
c:\windows\31696984.exe
c:\windows\31719375.exe
c:\windows\31741781.exe
c:\windows\31764203.exe
c:\windows\3177703.exe
c:\windows\31786625.exe
c:\windows\31809000.exe
c:\windows\31831437.exe
c:\windows\31853843.exe
c:\windows\31876250.exe
c:\windows\31901671.exe
c:\windows\31924078.exe
c:\windows\31946515.exe
c:\windows\31968906.exe
c:\windows\31991312.exe
c:\windows\3199921.exe
c:\windows\32013812.exe
c:\windows\32039234.exe
c:\windows\32061578.exe
c:\windows\32084000.exe
c:\windows\32106406.exe
c:\windows\32128828.exe
c:\windows\32151218.exe
c:\windows\32173656.exe
c:\windows\32196062.exe
c:\windows\32218453.exe
c:\windows\3222140.exe
c:\windows\32240875.exe
c:\windows\32263281.exe
c:\windows\32285671.exe
c:\windows\32308062.exe
c:\windows\32330468.exe
c:\windows\323546.exe
c:\windows\32355828.exe
c:\windows\32378218.exe
c:\windows\32400609.exe
c:\windows\32423250.exe
c:\windows\32445656.exe
c:\windows\3244828.exe
c:\windows\32471078.exe
c:\windows\32493421.exe
c:\windows\32515812.exe
c:\windows\32538218.exe
c:\windows\32560593.exe
c:\windows\32583000.exe
c:\windows\32605421.exe
c:\windows\32627781.exe
c:\windows\32653171.exe
c:\windows\3267046.exe
c:\windows\32675562.exe
c:\windows\32697984.exe
c:\windows\32720375.exe
c:\windows\32742750.exe
c:\windows\32765156.exe
c:\windows\32787546.exe
c:\windows\32810328.exe
c:\windows\32832765.exe
c:\windows\32855171.exe
c:\windows\32877578.exe
c:\windows\3289281.exe
c:\windows\32899984.exe
c:\windows\32922406.exe
c:\windows\32944812.exe
c:\windows\32967250.exe
c:\windows\32989640.exe
c:\windows\33012062.exe
c:\windows\33034421.exe
c:\windows\33056828.exe
c:\windows\33079234.exe
c:\windows\33101640.exe
c:\windows\3311531.exe
c:\windows\33124046.exe
c:\windows\33146453.exe
c:\windows\33168875.exe
c:\windows\33194281.exe
c:\windows\33216625.exe
c:\windows\33239015.exe
c:\windows\33261406.exe
c:\windows\33283828.exe
c:\windows\33306265.exe
c:\windows\33328687.exe
c:\windows\3333750.exe
c:\windows\33351343.exe
c:\windows\33373796.exe
c:\windows\33396171.exe
c:\windows\33418937.exe
c:\windows\33441296.exe
c:\windows\33463734.exe
c:\windows\33486140.exe
c:\windows\33508500.exe
c:\windows\33533906.exe
c:\windows\33556296.exe
c:\windows\3356031.exe
c:\windows\33578718.exe
c:\windows\335812.exe
c:\windows\33601125.exe
c:\windows\33623500.exe
c:\windows\33645906.exe
c:\windows\33668312.exe
c:\windows\33690734.exe
c:\windows\33713125.exe
c:\windows\33735453.exe
c:\windows\33757843.exe
c:\windows\33780250.exe
c:\windows\3378265.exe
c:\windows\33802671.exe
c:\windows\33825093.exe
c:\windows\33847500.exe
c:\windows\33869890.exe
c:\windows\33892296.exe
c:\windows\33914781.exe
c:\windows\33937187.exe
c:\windows\33959796.exe
c:\windows\33982218.exe
c:\windows\34004593.exe
c:\windows\3400468.exe
c:\windows\34027015.exe
c:\windows\34049421.exe
c:\windows\34071843.exe
c:\windows\34094296.exe
c:\windows\34116687.exe
c:\windows\34139078.exe
c:\windows\34161500.exe
c:\windows\34183890.exe
c:\windows\34206296.exe
c:\windows\3422687.exe
c:\windows\34228671.exe
c:\windows\34251078.exe
c:\windows\34273500.exe
c:\windows\34295937.exe
c:\windows\34318437.exe
c:\windows\34341296.exe
c:\windows\3444921.exe
c:\windows\345578.exe
c:\windows\3467171.exe
c:\windows\34823781.exe
c:\windows\34846468.exe
c:\windows\34869046.exe
c:\windows\3489375.exe
c:\windows\34894609.exe
c:\windows\3511593.exe
c:\windows\3533796.exe
c:\windows\3561859.exe
c:\windows\3584078.exe
c:\windows\3606312.exe
c:\windows\361734.exe
c:\windows\3628531.exe
c:\windows\3653828.exe
c:\windows\3676375.exe
c:\windows\367640.exe
c:\windows\3698593.exe
c:\windows\3720812.exe
c:\windows\3746046.exe
c:\windows\3768281.exe
c:\windows\3790515.exe
c:\windows\3812734.exe
c:\windows\3834953.exe
c:\windows\3857156.exe
c:\windows\387031.exe
c:\windows\3879390.exe
c:\windows\389656.exe
c:\windows\3901609.exe
c:\windows\3923906.exe
c:\windows\3946171.exe
c:\windows\3968390.exe
c:\windows\3990609.exe
c:\windows\4012812.exe
c:\windows\4035078.exe
c:\windows\4057312.exe
c:\windows\4079500.exe
c:\windows\409562.exe
c:\windows\4101687.exe
c:\windows\412296.exe
c:\windows\4123921.exe
c:\windows\4146187.exe
c:\windows\4168437.exe
c:\windows\4190687.exe
c:\windows\4212906.exe
c:\windows\4235140.exe
c:\windows\4257343.exe
c:\windows\4282593.exe
c:\windows\4304781.exe
c:\windows\431906.exe
c:\windows\4330109.exe
c:\windows\435109.exe
c:\windows\4352531.exe
c:\windows\4374750.exe
c:\windows\4396984.exe
c:\windows\4419468.exe
c:\windows\4441703.exe
c:\windows\4463921.exe
c:\windows\4486140.exe
c:\windows\4508328.exe
c:\windows\4530500.exe
c:\windows\454171.exe
c:\windows\4552734.exe
c:\windows\4574953.exe
c:\windows\458078.exe
c:\windows\4600125.exe
c:\windows\4622328.exe
c:\windows\4644500.exe
c:\windows\4666843.exe
c:\windows\4691937.exe
c:\windows\4714156.exe
c:\windows\4736375.exe
c:\windows\4758609.exe
c:\windows\4780828.exe
c:\windows\480250.exe
c:\windows\4803046.exe
c:\windows\482437.exe
c:\windows\4825281.exe
c:\windows\4847859.exe
c:\windows\4870078.exe
c:\windows\4892265.exe
c:\windows\4914453.exe
c:\windows\4936718.exe
c:\windows\4958921.exe
c:\windows\4981156.exe
c:\windows\5003375.exe
c:\windows\5025593.exe
c:\windows\502687.exe
c:\windows\504687.exe
c:\windows\5047828.exe
c:\windows\5070046.exe
c:\windows\5092250.exe
c:\windows\5114546.exe
c:\windows\5136765.exe
c:\windows\5158968.exe
c:\windows\5181187.exe
c:\windows\5203375.exe
c:\windows\5225578.exe
c:\windows\524734.exe
c:\windows\5247796.exe
c:\windows\526937.exe
c:\windows\5269984.exe
c:\windows\5292234.exe
c:\windows\5314437.exe
c:\windows\5336640.exe
c:\windows\5358796.exe
c:\windows\5381015.exe
c:\windows\5403218.exe
c:\windows\5425421.exe
c:\windows\5447640.exe
c:\windows\5472843.exe
c:\windows\549187.exe
c:\windows\5495062.exe
c:\windows\5517562.exe
c:\windows\5539796.exe
c:\windows\5562031.exe
c:\windows\5584218.exe
c:\windows\5606390.exe
c:\windows\5628578.exe
c:\windows\5650796.exe
c:\windows\5673187.exe
c:\windows\5695812.exe
c:\windows\571453.exe
c:\windows\5718031.exe
c:\windows\5740250.exe
c:\windows\5762484.exe
c:\windows\5784734.exe
c:\windows\5807062.exe
c:\windows\5832250.exe
c:\windows\5854515.exe
c:\windows\5876703.exe
c:\windows\5898953.exe
c:\windows\5921171.exe
c:\windows\593718.exe
c:\windows\5943421.exe
c:\windows\5965703.exe
c:\windows\5987937.exe
c:\windows\6010234.exe
c:\windows\6032500.exe
c:\windows\6054734.exe
c:\windows\6076968.exe
c:\windows\6099203.exe
c:\windows\6121437.exe
c:\windows\6143671.exe
c:\windows\616078.exe
c:\windows\6165937.exe
c:\windows\6188187.exe
c:\windows\6210406.exe
c:\windows\6232625.exe
c:\windows\6254859.exe
c:\windows\6277453.exe
c:\windows\6299718.exe
c:\windows\6324765.exe
c:\windows\6347125.exe
c:\windows\6369359.exe
c:\windows\6391578.exe
c:\windows\641328.exe
c:\windows\6413765.exe
c:\windows\6435968.exe
c:\windows\6458171.exe
c:\windows\6480406.exe
c:\windows\6502656.exe
c:\windows\6524921.exe
c:\windows\6547187.exe
c:\windows\6569421.exe
c:\windows\6591640.exe
c:\windows\6613921.exe
c:\windows\663562.exe
c:\windows\6636218.exe
c:\windows\6658640.exe
c:\windows\6681453.exe
c:\windows\6703671.exe
c:\windows\6725890.exe
c:\windows\6748406.exe
c:\windows\6770875.exe
c:\windows\6793140.exe
c:\windows\6815406.exe
c:\windows\6837687.exe
c:\windows\685828.exe
c:\windows\6859921.exe
c:\windows\6882187.exe
c:\windows\6904437.exe
c:\windows\6926765.exe
c:\windows\6949000.exe
c:\windows\6971203.exe
c:\windows\6993468.exe
c:\windows\7015703.exe
c:\windows\7037968.exe
c:\windows\7060171.exe
c:\windows\7082390.exe
c:\windows\7104625.exe
c:\windows\711062.exe
c:\windows\7126828.exe
c:\windows\7149078.exe
c:\windows\7171281.exe
c:\windows\7193500.exe
c:\windows\7215765.exe
c:\windows\7238031.exe
c:\windows\7260296.exe
c:\windows\7285515.exe
c:\windows\7307765.exe
c:\windows\7330000.exe
c:\windows\733328.exe
c:\windows\7352218.exe
c:\windows\7374437.exe
c:\windows\7396671.exe
c:\windows\7418890.exe
c:\windows\7441156.exe
c:\windows\7463406.exe
c:\windows\7485625.exe
c:\windows\7507843.exe
c:\windows\7530078.exe
c:\windows\7552312.exe
c:\windows\755578.exe
c:\windows\7583812.exe
c:\windows\7606250.exe
c:\windows\7628500.exe
c:\windows\7650765.exe
c:\windows\7672984.exe
c:\windows\7695250.exe
c:\windows\7717546.exe
c:\windows\7739765.exe
c:\windows\7762015.exe
c:\windows\777812.exe
c:\windows\7784265.exe
c:\windows\7806593.exe
c:\windows\7828796.exe
c:\windows\7851046.exe
c:\windows\7873312.exe
c:\windows\7895687.exe
c:\windows\7917921.exe
c:\windows\7940109.exe
c:\windows\7962343.exe
c:\windows\7984609.exe
c:\windows\8006843.exe
c:\windows\8029125.exe
c:\windows\8051468.exe
c:\windows\805375.exe
c:\windows\8073671.exe
c:\windows\8095890.exe
c:\windows\8118140.exe
c:\windows\8140343.exe
c:\windows\8162937.exe
c:\windows\8185171.exe
c:\windows\8207375.exe
c:\windows\8229609.exe
c:\windows\8251890.exe
c:\windows\8274187.exe
c:\windows\827609.exe
c:\windows\8296453.exe
c:\windows\8318687.exe
c:\windows\8340937.exe
c:\windows\8363140.exe
c:\windows\8385359.exe
c:\windows\8407562.exe
c:\windows\8429781.exe
c:\windows\8451984.exe
c:\windows\8474234.exe
c:\windows\8496453.exe
c:\windows\8518718.exe
c:\windows\852828.exe
c:\windows\8541000.exe
c:\windows\8563203.exe
c:\windows\8585515.exe
c:\windows\8607718.exe
c:\windows\8629984.exe
c:\windows\8652203.exe
c:\windows\8674437.exe
c:\windows\8696671.exe
c:\windows\8718921.exe
c:\windows\8741171.exe
c:\windows\875156.exe
c:\windows\8763406.exe
c:\windows\8785593.exe
c:\windows\8807828.exe
c:\windows\8830406.exe
c:\windows\8852609.exe
c:\windows\8874906.exe
c:\windows\8897125.exe
c:\windows\8919359.exe
c:\windows\8941578.exe
c:\windows\8963781.exe
c:\windows\897390.exe
c:\windows\8986015.exe
c:\windows\9008296.exe
c:\windows\9030546.exe
c:\windows\9052765.exe
c:\windows\9075125.exe
c:\windows\9097390.exe
c:\windows\9119609.exe
c:\windows\9141812.exe
c:\windows\9164015.exe
c:\windows\9186218.exe
c:\windows\919656.exe
c:\windows\9208453.exe
c:\windows\9230671.exe
c:\windows\9252890.exe
c:\windows\9275125.exe
c:\windows\9297390.exe
c:\windows\9319609.exe
c:\windows\9341859.exe
c:\windows\9364078.exe
c:\windows\9386343.exe
c:\windows\9408562.exe
c:\windows\942375.exe
c:\windows\9430765.exe
c:\windows\9453046.exe
c:\windows\9475406.exe
c:\windows\9497828.exe
c:\windows\9520093.exe
c:\windows\9542312.exe
c:\windows\9567593.exe
c:\windows\9589843.exe
c:\windows\9612109.exe
c:\windows\9634343.exe
c:\windows\964609.exe
c:\windows\9656562.exe
c:\windows\9678828.exe
c:\windows\9701062.exe
c:\windows\9723265.exe
c:\windows\9745468.exe
c:\windows\9767687.exe
c:\windows\9789890.exe
c:\windows\9812171.exe
c:\windows\9834390.exe
c:\windows\9856609.exe
c:\windows\986859.exe
c:\windows\9878843.exe
c:\windows\9901046.exe
c:\windows\9923265.exe
c:\windows\9945546.exe
c:\windows\9967781.exe
c:\windows\9990453.exe
c:\windows\system32\drivers\UACuwfdbexh.sys
c:\windows\system32\UACbyngysoy.dll
c:\windows\system32\UAChiquoecl.dll
c:\windows\system32\UACiasrpdsn.dll
c:\windows\system32\UACibapunqi.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnkeppbqd.dat
c:\windows\system32\UACpylkrjet.dll
c:\windows\system32\UACpynawxir.log
c:\windows\system32\UACtepakyfq.log
c:\windows\system32\UACtibmntul.log
c:\windows\taskmgr32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_I386P
-------\Service_new_drv


((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-14 08:36 . 2009-04-14 08:36 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-13 05:48 . 2009-04-13 05:48 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-12 12:58 . 2009-04-12 12:58 20328 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 08:21 . 2009-04-11 08:21 -------- d-----w c:\documents and settings\Tim Martin\Application Data\Uniblue
2009-04-10 23:48 . 2009-04-11 11:01 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-10 23:48 . 2009-04-10 23:48 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 10:24 . 2008-06-10 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-04-15 10:24 . 2008-06-10 04:22 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-14 08:45 . 2008-01-09 09:26 -------- d-----w c:\program files\uTorrent
2009-04-14 08:45 . 2008-01-09 09:26 -------- d-----w c:\documents and settings\Tim Martin\Application Data\uTorrent
2009-04-13 01:54 . 2007-12-12 11:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-13 01:54 . 2007-12-12 11:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 10:28 . 2009-04-11 10:28 -------- d-----w c:\program files\ViewMate Keyboard KC207
2009-04-11 10:28 . 2005-10-08 10:20 -------- d-----w c:\program files\ViewMate Desktop CC2201
2009-04-11 08:36 . 2006-03-06 08:56 -------- d-----w c:\program files\Java
2009-03-31 10:20 . 2009-03-31 09:55 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-31 05:47 . 2008-03-08 23:54 -------- d-----w c:\documents and settings\Tim Martin\Application Data\dvdcss
2009-03-08 19:19 . 2009-02-21 13:04 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2008-12-31 06:58 . 2005-10-07 06:10 20328 ----a-w c:\documents and settings\Tim Martin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-10-31 13:00 . 2005-10-31 13:00 19552 ----a-w c:\documents and settings\Tim Martin\Application Data\GDIPFONTCACHEV1.DAT
2005-10-07 06:24 . 2005-10-07 06:24 133 ----a-w c:\documents and settings\Tim Martin\Local Settings\Application Data\fusioncache.dat
2008-08-16 06:2008-08-16 06:42 42:36 . c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 06:2008-08-16 06:42 42:02 . c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 06:2008-08-16 06:42 42:12 . c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 06:2008-08-16 06:42 42:08 . c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 06:2008-08-16 06:43 43:00 . c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 06:2008-08-16 06:42 42:10 . c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 06:2008-08-16 06:42 42:32 . c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-20 21:2008-05-20 21:41 41:08 . c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-20 21:2008-05-20 21:41 41:08 . c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-20 21:2008-05-20 21:41 41:08 . c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 02:2008-06-05 02:58 58:54 . c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 06:2008-08-16 06:42 42:04 . c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Media Key.lnk - c:\program files\ViewMate Keyboard KC207\MagicKey.exe [2009-4-11 159744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ViewMate Desktop Keyboard.lnk - c:\program files\ViewMate Desktop CC2201\MagicKey.exe [2005-10-8 159744]
ViewMate Desktop Mouse.lnk - c:\program files\ViewMate Desktop CC2201\MulMouse.exe [2005-10-8 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tim Martin^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Tim Martin\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tim Martin^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Tim Martin\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-14 16:22 267048 ----a-w c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-09-20 04:16 90112 ----a-w c:\program files\Common Files\Logitech\QCDriver2\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 01:54 5674352 ----a-w c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-07-26 09:14 1867776 ----a-w c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 01:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-11 11:43 7630848 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 12:13 385024 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 02:03 36975 ----a-w c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44174:TCP"= 44174:TCP:Port
"10095:TCP"= 10095:TCP:10095

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-03-21 450400]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2005-08-04 26112]
S1 kbfilter;Keyboard Filter Driver; [x]
S1 MUsbFltr;WayTechMUSBFilterDriver; [x]
S1 UsbFltr;WayTechUSBFilterDriver; [x]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-05-12 1287296]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a88fcd4-4fdd-11dd-b4b7-00148502025b}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 03:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
Notify-klogon - (no file)
MSConfigStartUp-D-Link AirPlus G - c:\program files\D-Link\AirPlus G\AirGCFG.exe
MSConfigStartUp-dflnl - c:\windows\system32\dflnl.exe
MSConfigStartUp-gxcsv - c:\windows\system32\gxcsv.exe
MSConfigStartUp-InternodeUsage - c:\progra~1\INTERN~2\mum.exe
MSConfigStartUp-LogitechGalleryRepair - c:\program files\Logitech\ImageStudio\ISStart.exe
MSConfigStartUp-LogitechImageStudioTray - c:\program files\Logitech\ImageStudio\LogiTray.exe
MSConfigStartUp-mschkdsk - c:\windows\system32\mschkdsk.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-soft2 - c:\windows\127281.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-ttool - c:\windows\9129837.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = athena.akorn.net.au:8080
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: **{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tim Martin\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {6508AF78-32C5-48A2-BC29-6D43B06BFCCA} = 208.67.220.220,208.67.222.222
TCP: {878AE3BA-5202-4C49-8BBB-A8B9CBF9C970} = 208.67.220.220,208.67.222.222
TCP: {AE8C4056-C5EE-42D5-ACD0-61C6457AA694} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ww4eqcma.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-884357618-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C47E4CAC-BCA0-5B58-834F-5544FEE4A479}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjmgkglhjgedakhjjkkaimopjfecgfdnc"=hex:61,61,00,00
"bbjmgkglhjgedakhjjlinhbndjhogcnmjkgo"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\nview.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ViewMate Keyboard KC207\OSD.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-15 21:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 11:02

Pre-Run: 47,077,285,888 bytes free
Post-Run: 46,967,623,680 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
1787 --- E O F --- 2009-03-21 06:04
Astara123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-16-2009, 12:09 AM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,893
OS: WinXP and Vista


Re: Computer being ravaged by unknown virus
Hello Astara123,

ComboFix made easy work of that. How is the system behaving now?

Even if the system is running well, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:


**Vista users - right click on the IE icon and run as administrator


Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-16-2009, 05:06 AM   #8 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 6
OS: XP


Re: Computer being ravaged by unknown virus
Hi Ried,

Good news!! Computer appears to be booting normally now without crashing. I'm too wary to open any other internet pages until I protect my PC properly.

Were all those .exe files that were spat out in the ComboFix report viruses??
I definitely want to make sure I have the right Anti-virus/malware software on my system from now on.

Here is the report from the Kaspersky Scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, April 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, April 16, 2009 05:02:30
Records in database: 2049653
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 96559
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:29:18


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACuwfdbexh.sys.vir Infected: Rootkit.Win32.Agent.iur 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbyngysoy.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChiquoecl.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACiasrpdsn.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACibapunqi.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpylkrjet.dll.vir Infected: Packed.Win32.Tdss.f 1

The selected area was scanned.
Attached Files
File Type: txt Kaspersky Scan Report.txt (1.4 KB, 0 views)
Last edited by Astara123; 04-16-2009 at 05:09 AM.
Astara123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-16-2009, 05:50 AM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,893
OS: WinXP and Vista


Re: Computer being ravaged by unknown virus
Quote:
Were all those .exe files that were spat out in the ComboFix report viruses??
Yes.


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

FixCSet::
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

======================================


If you are in need of an anti virus product, Avira AntiVir free edition is a good choice. Download, install, update definitions, and run a full system scan.

======================================

Kaspersky is only reporting backups created during the course of this fix which shall be clearing momentarily.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.



To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-17-2009, 05:47 AM   #10 (permalink)
Registered User
 
Join Date: Apr 2009
Posts: 6
OS: XP


Re: Computer being ravaged by unknown virus
Hi Ried,

What an absolute gem you are!! My PC is running completely crash-free now. I have installed all the recommended software and have performed all full system scans and I'm coming up clean :)

I performed the final ComboFix task, but wasn't sure if you wanted the report so I've attached it anyway.

Thank you so incredibly much - words wouldn't explain how grateful I am for the help you've provided. Thank you!!

Final ComboFix Report:

ComboFix 09-04-15.08 - Administrator 04/17/2009 19:11.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.386 [GMT 10:00]
Running from: c:\documents and settings\Administrator\Desktop\Comboooofix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-16 13:31 . 2009-04-16 13:34 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 08:14 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 08:14 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 08:14 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 08:14 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 08:14 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 08:14 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 08:14 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 08:14 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 08:14 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 10:25 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 10:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 10:25 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 08:36 . 2009-04-14 08:36 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-13 05:48 . 2009-04-13 05:48 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-12 12:58 . 2009-04-12 12:58 20328 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 08:21 . 2009-04-11 08:21 -------- d-----w c:\documents and settings\Tim Martin\Application Data\Uniblue
2009-04-10 23:48 . 2009-04-11 11:01 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-10 23:48 . 2009-04-10 23:48 1409 ----a-w c:\windows\QTFont.for
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 10:24 . 2008-06-10 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-04-15 10:24 . 2008-06-10 04:22 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-14 08:45 . 2008-01-09 09:26 -------- d-----w c:\program files\uTorrent
2009-04-14 08:45 . 2008-01-09 09:26 -------- d-----w c:\documents and settings\Tim Martin\Application Data\uTorrent
2009-04-13 01:54 . 2007-12-12 11:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-13 01:54 . 2007-12-12 11:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 10:28 . 2009-04-11 10:28 -------- d-----w c:\program files\ViewMate Keyboard KC207
2009-04-11 10:28 . 2005-10-08 10:20 -------- d-----w c:\program files\ViewMate Desktop CC2201
2009-04-11 08:36 . 2006-03-06 08:56 -------- d-----w c:\program files\Java
2009-03-31 10:20 . 2009-03-31 09:55 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-31 05:47 . 2008-03-08 23:54 -------- d-----w c:\documents and settings\Tim Martin\Application Data\dvdcss
2009-03-08 19:19 . 2009-02-21 13:04 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-31 06:58 . 2005-10-07 06:10 20328 ----a-w c:\documents and settings\Tim Martin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-10-31 13:00 . 2005-10-31 13:00 19552 ----a-w c:\documents and settings\Tim Martin\Application Data\GDIPFONTCACHEV1.DAT
2005-10-07 06:24 . 2005-10-07 06:24 133 ----a-w c:\documents and settings\Tim Martin\Local Settings\Application Data\fusioncache.dat
2008-08-16 06:2008-08-16 06:42 42:36 . c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 06:2008-08-16 06:42 42:02 . c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 06:2008-08-16 06:42 42:12 . c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 06:2008-08-16 06:42 42:08 . c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 06:2008-08-16 06:43 43:00 . c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 06:2008-08-16 06:42 42:10 . c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 06:2008-08-16 06:42 42:32 . c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-20 21:2008-05-20 21:41 41:08 . c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-20 21:2008-05-20 21:41 41:08 . c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-20 21:2008-05-20 21:41 41:08 . c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 02:2008-06-05 02:58 58:54 . c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 06:2008-08-16 06:42 42:04 . c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_10.58.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-17 09:16 . 2009-04-17 09:16 16384 c:\windows\temp\Perflib_Perfdata_a4.dat
+ 2005-10-07 05:58 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2005-10-07 05:58 . 2007-07-26 22:41 26488 c:\windows\system32\spupdsvc.exe
- 2008-08-03 04:50 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2008-08-03 04:50 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-04-17 08:49 63984 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-04-04 22:13 63984 c:\windows\system32\perfc009.dat
- 2005-10-07 03:37 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2005-10-07 03:37 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2006-11-07 10:03 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 10:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2005-10-07 03:37 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2005-10-07 03:37 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-06 16:26 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2006-11-06 16:26 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
- 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 00:58 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 00:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2007-05-11 12:47 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-11 12:47 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-05-11 12:47 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-11 12:47 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-16 13:33 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-16 13:33 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-16 13:33 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-16 13:33 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-16 13:33 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2009-04-15 10:25 . 2008-05-03 11:55 2560 c:\windows\system32\xpsp4res.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 826368 c:\windows\system32\wininet.dll
+ 2004-08-04 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\wininet.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2005-10-07 03:37 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2005-10-07 03:37 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2005-10-07 03:37 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-04 12:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
- 2004-08-04 12:00 . 2009-04-04 22:13 407102 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-04-17 08:49 407102 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-04 12:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2006-11-07 10:03 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-07 10:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2005-10-07 03:37 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2005-10-07 03:37 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
- 2005-10-07 03:37 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2005-10-07 03:37 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2005-10-07 03:37 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2006-10-17 00:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
- 2006-10-17 00:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2006-10-17 00:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2009-04-15 10:25 . 2008-04-21 12:08 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2009-04-16 08:14 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-16 08:14 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2009-04-16 08:14 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2009-04-16 08:14 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-16 08:14 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-04-16 08:14 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-11 12:47 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-11 12:47 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-16 08:14 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2005-10-07 03:39 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-11 12:47 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-11 12:47 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-11 12:47 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-04-16 08:14 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-04-16 08:14 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-16 13:33 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-16 13:33 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-16 13:33 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-16 13:33 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-16 13:33 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-16 13:33 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2006-11-07 10:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2006-09-05 12:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2006-09-05 12:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-02 04:55 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-02-02 04:55 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-02 04:55 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-02 04:55 . 2009-02-07 09:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-02 04:55 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-02 04:55 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-02-02 04:55 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-11 12:47 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-11 12:47 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2007-05-11 12:47 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-16 13:33 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-16 13:33 . 2009-01-16 10:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-16 13:33 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-16 13:33 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2009-02-02 04:55 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-02-02 04:55 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-02 04:55 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-02 04:55 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-02 04:55 . 2009-02-07 09:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-02 04:55 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-02-02 04:55 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-10-07 06:19 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Media Key.lnk - c:\program files\ViewMate Keyboard KC207\MagicKey.exe [2009-4-11 159744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ViewMate Desktop Keyboard.lnk - c:\program files\ViewMate Desktop CC2201\MagicKey.exe [2005-10-8 159744]
ViewMate Desktop Mouse.lnk - c:\program files\ViewMate Desktop CC2201\MulMouse.exe [2005-10-8 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tim Martin^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Tim Martin\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tim Martin^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Tim Martin\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-14 16:22 267048 ----a-w c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-09-20 04:16 90112 ----a-w c:\program files\Common Files\Logitech\QCDriver2\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 01:54 5674352 ----a-w c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-07-26 09:14 1867776 ----a-w c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 01:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-11 11:43 7630848 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 12:13 385024 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 02:03 36975 ----a-w c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44174:TCP"= 44174:TCP:Port
"10095:TCP"= 10095:TCP:10095

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-03-21 450400]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2005-08-04 26112]
S1 kbfilter;Keyboard Filter Driver; [x]
S1 MUsbFltr;WayTechMUSBFilterDriver; [x]
S1 UsbFltr;WayTechUSBFilterDriver; [x]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-05-12 1287296]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a88fcd4-4fdd-11dd-b4b7-00148502025b}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 03:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = athena.akorn.net.au:8080
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: **{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tim Martin\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {6508AF78-32C5-48A2-BC29-6D43B06BFCCA} = 208.67.220.220,208.67.222.222
TCP: {878AE3BA-5202-4C49-8BBB-A8B9CBF9C970} = 208.67.220.220,208.67.222.222
TCP: {AE8C4056-C5EE-42D5-ACD0-61C6457AA694} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Tim Martin\Application Data\Mozilla\Firefox\Profiles\tycm0lt2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-884357618-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C47E4CAC-BCA0-5B58-834F-5544FEE4A479}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjmgkglhjgedakhjjkkaimopjfecgfdnc"=hex:61,61,00,00
"bbjmgkglhjgedakhjjlinhbndjhogcnmjkgo"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\nview.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ViewMate Keyboard KC207\OSD.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-17 19:19 - machine was rebooted [Tim Martin]
ComboFix-quarantined-files.txt 2009-04-17 09:19
ComboFix2.txt 2009-04-15 11:02

Pre-Run: 46,456,406,016 bytes free
Post-Run: 46,509,154,304 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=6 Sets=1,2,3,6
456 --- E O F --- 2009-04-16 13:34
Astara123 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-17-2009, 06:57 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,893
OS: WinXP and Vista


Re: Computer being ravaged by unknown virus
Quote:
My PC is running completely crash-free now. I have installed all the recommended software and have performed all full system scans and I'm coming up clean :)

I performed the final ComboFix task, but wasn't sure if you wanted the report so I've attached it anyway.

Thank you so incredibly much - words wouldn't explain how grateful I am for the help you've provided. Thank you!!
You're quite welcome, Astara123.


Enjoy the upcoming weekend.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:08 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85