Tech Support Forum banner
Status
Not open for further replies.

Infected with Trojan reader_s.exe

703 views 1 reply 2 participants last post by  Glaswegian 
#1 · (Edited)
Good Afternoon,

My XP Pro SP 2, is infected with a few viruses I assume, Malwarebytes and AVG 8.0 free, tell me I have the reader_s.exe. and VRT.temp infections. I am experiencing a slew of problems as a result of this infection.

I have used, Spybot, Malwarebytes,AVG and Ad-aware to resolve this issue but have had no luck. This virus redirects and won't load any online virus scanners, using browsers (IE6 and Firefox), also windows update has been disabled.

IF anyone can offer any assistance of any kind on how to rectify this issue, it would be greatly appreciated !

Sincerely,

Bill


DDS Results:


DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 11:35:17.90 on 03/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1380 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Rogers Online Protection Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
svchost.exe C:\WINDOWS\TEMP\VRT6.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.ca/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mSearchURL = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {B2BA40A2-74F0-42BD-F434-12345A2C8953} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {F2BADA0D-FD61-45EF-A994-64A073FD6613} - No File
TB: {65742936-8079-408B-9F3C-874B78030A72} - No File
TB: {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Rogers SHS] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [reader_s] c:\documents and settings\user\reader_s.exe
uPolicies-explorer: MaxRecentDocs = 11 (0xb)
mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
STS: {e517b912-2c97-4a94-8b15-e7fe902b8d86} - No File
STS: {e2ba40a2-74f3-42bd-f434-2604812c8953}: sdfg54y54yhhgth6w4efvrg
STS: {d7bf4552-94f1-42bd-f434-3604812c856d}: sfdawtawgreage4tregrgae34
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli c:\windows\system32\nenepoke.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\2o0gt9r9.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: XUL Cache: {2D32BBF9-AD9E-41C8-BEC5-DDD5C27A7FF9} - c:\documents and settings\administrator\local settings\application data\{2D32BBF9-AD9E-41C8-BEC5-DDD5C27A7FF9}
FF - HiddenExtension: XUL Cache: {7E9B2C38-1735-4EC6-9813-A2084A062936} - c:\documents and settings\user\local settings\application data\{7E9B2C38-1735-4EC6-9813-A2084A062936}

============= SERVICES / DRIVERS ===============

R?2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 34816]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-11 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-22 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-22 27656]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-22 298264]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2008-4-8 140648]
S0 KL1;KL1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S0 qtsox;qtsox;c:\windows\system32\drivers\jquq.sys --> c:\windows\system32\drivers\jquq.sys [?]
S1 a657d9d4;a657d9d4;c:\windows\system32\drivers\a657d9d4.sys --> c:\windows\system32\drivers\a657d9d4.sys [?]
S1 abr509e;abr509e;c:\windows\system32\drivers\abr509e.sys --> c:\windows\system32\drivers\abr509e.sys [?]
S1 cdt42b6;cdt42b6;c:\windows\system32\drivers\cdt42b6.sys --> c:\windows\system32\drivers\cdt42b6.sys [?]
S1 efbd30b;efbd30b;c:\windows\system32\drivers\efbd30b.sys --> c:\windows\system32\drivers\efbd30b.sys [?]
S1 ggde096;ggde096;c:\windows\system32\drivers\ggde096.sys --> c:\windows\system32\drivers\ggde096.sys [?]
S1 ghd3876;ghd3876;c:\windows\system32\drivers\ghd3876.sys --> c:\windows\system32\drivers\ghd3876.sys [?]
S1 ghs74ad;ghs74ad;c:\windows\system32\drivers\ghs74ad.sys --> c:\windows\system32\drivers\ghs74ad.sys [?]
S1 hiefdb7;hiefdb7;c:\windows\system32\drivers\hiefdb7.sys --> c:\windows\system32\drivers\hiefdb7.sys [?]
S1 ijf17e9;ijf17e9;c:\windows\system32\drivers\ijf17e9.sys [2009-5-3 17376]
S1 jkgb2d8;jkgb2d8;c:\windows\system32\drivers\jkgb2d8.sys --> c:\windows\system32\drivers\jkgb2d8.sys [?]
S1 khte006;khte006;c:\windows\system32\drivers\khte006.sys --> c:\windows\system32\drivers\khte006.sys [?]
S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]
S1 mnoe1dc;mnoe1dc;c:\windows\system32\drivers\mnoe1dc.sys --> c:\windows\system32\drivers\mnoe1dc.sys [?]
S1 tfq556a;tfq556a;c:\windows\system32\drivers\tfq556a.sys --> c:\windows\system32\drivers\tfq556a.sys [?]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [?]
S2 CX88XBAR;MSI PVS Crossbar;c:\windows\system32\drivers\CX88XBar.SYS [2009-3-29 9812]
S3 13c16;13c16;\??\c:\windows\system32\13c16.sys --> c:\windows\system32\13c16.sys [?]
S3 27d11;27d11;\??\c:\windows\system32\27d11.sys --> c:\windows\system32\27d11.sys [?]
S3 46915;46915;\??\c:\windows\system32\46915.sys --> c:\windows\system32\46915.sys [?]
S3 4fd17;4fd17;\??\c:\windows\system32\4fd17.sys --> c:\windows\system32\4fd17.sys [?]
S3 83219;83219;\??\c:\windows\system32\83219.sys --> c:\windows\system32\83219.sys [?]
S3 8c61B;8c61B;\??\c:\windows\system32\8c61b.sys --> c:\windows\system32\8c61B.sys [?]
S3 aa5E;aa5E;\??\c:\windows\system32\aa5e.sys --> c:\windows\system32\aa5E.sys [?]
S3 at1394;at1394;\??\c:\windows\system32\at1394.sys --> c:\windows\system32\at1394.sys [?]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-7-2 89600]
S3 b6aD;b6aD;\??\c:\windows\system32\b6ad.sys --> c:\windows\system32\b6aD.sys [?]
S3 cpuz126;cpuz126;\??\c:\docume~1\user\locals~1\temp\cpuz.sys --> c:\docume~1\user\locals~1\temp\cpuz.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 e20F;e20F;\??\c:\windows\system32\e20f.sys --> c:\windows\system32\e20F.sys [?]
S3 e5b1A;e5b1A;\??\c:\windows\system32\e5b1a.sys --> c:\windows\system32\e5b1A.sys [?]
S3 e8a13;e8a13;\??\c:\windows\system32\e8a13.sys --> c:\windows\system32\e8a13.sys [?]
S3 f4f12;f4f12;\??\c:\windows\system32\f4f12.sys --> c:\windows\system32\f4f12.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-11-18 42512]
S3 NRKCTL32;NRKCTL32;\??\c:\documents and settings\user\desktop\nrkctl32.sys --> c:\documents and settings\user\desktop\NRKCTL32.SYS [?]
S3 protect;protect;c:\windows\system32\drivers\protect.sys [2009-5-3 18944]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 vitra;vitra;c:\windows\system32\drivers\vitra.sys --> c:\windows\system32\drivers\vitra.sys [?]
S4 gupdate1c9867ce4a7afd2;Google Update Service (gupdate1c9867ce4a7afd2); [x]

=============== Created Last 30 ================

2009-05-03 10:33 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-05-03 10:33 61,440 a------- c:\windows\system32\D.tmp
2009-05-03 10:33 17,376 a------- c:\windows\system32\drivers\ijf17e9.sys
2009-05-03 10:33 124 a------- c:\windows\system32\9.tmp
2009-05-03 05:10 1,053,696 a------- c:\windows\explorer.exe
2009-05-03 04:36 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-05-03 04:36 <DIR> --d----- c:\program files\GlobalSCAPE
2009-05-03 03:46 <DIR> --d----- c:\program files\Online Services
2009-05-02 21:55 61,440 a------- c:\windows\system32\8.tmp
2009-05-02 21:55 124 a------- c:\windows\system32\4.tmp
2009-05-02 20:58 61,440 a------- c:\windows\system32\A.tmp
2009-05-02 20:58 36,352 a------- c:\windows\system32\reader_s.exe
2009-05-02 20:58 36,352 a------- c:\documents and settings\user\reader_s.exe
2009-05-02 20:58 124 a------- c:\windows\system32\7.tmp
2009-05-02 19:34 230 a------- c:\windows\system32\spupdsvc.inf
2009-05-02 15:58 0 a------- c:\windows\system32\22.tmp
2009-05-02 15:28 <DIR> --d----- C:\INSTALL
2009-05-02 15:24 <DIR> --d----- C:\WINDOWS.0
2009-05-02 15:14 28,672 ac------ c:\windows\system32\dllcache\vidcap.ax
2009-05-02 15:14 28,672 a------- c:\windows\system32\vidcap.ax
2009-05-02 14:17 118,784 a------- c:\windows\system32\ac3acm.acm
2009-05-02 14:17 124 a------- c:\windows\system32\9BA.tmp
2009-05-02 14:17 124 a------- c:\windows\system32\56.tmp
2009-05-02 14:17 124 a------- c:\windows\system32\21A.tmp
2009-05-02 14:17 0 a------- c:\windows\system32\9BE.tmp
2009-05-02 00:16 1,440,800 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-02 00:16 20,348 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-02 00:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-02 00:16 32 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-02 00:01 <DIR> --d----- c:\docume~1\user\applic~1\Rogers Online Protection
2009-05-02 00:01 <DIR> --d----- c:\program files\Rogers Online Protection
2009-05-02 00:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Rogers Online Protection
2009-05-01 22:43 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2009-04-30 00:12 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-30 00:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-29 23:44 124 a------- c:\windows\system32\15.tmp
2009-04-28 22:00 124 a------- c:\windows\system32\10.tmp
2009-04-28 19:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-28 19:29 290,816 a------- c:\windows\system32\dllcache\adsiis51.dll
2009-04-28 19:29 43,520 a------- c:\windows\system32\dllcache\admwprox.dll
2009-04-27 10:31 577,536 a------- c:\windows\system32\dllcache\user32.dll
2009-04-27 10:29 <DIR> --d----- c:\windows\ERUNT
2009-04-27 10:23 <DIR> --d----- C:\SDFix
2009-04-25 23:16 109 a------- C:\xcrashdump.dat
2009-04-25 22:53 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-04-25 22:53 <DIR> --d----- c:\program files\Belarc
2009-04-25 21:29 132,608 a------- c:\windows\system32\VT100.EXE.vir
2009-04-24 05:46 44 a------- c:\windows\system32\1E.tmp
2009-04-23 22:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-23 22:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-23 22:32 409,600 a------- c:\windows\system32\cmd.execf
2009-04-21 22:36 <DIR> --d----- c:\program files\common files\Research In Motion
2009-04-21 19:26 <DIR> --d----- C:\ATI
2009-04-20 23:34 <DIR> --dsh--- c:\documents and settings\user\PrivacIE
2009-04-20 23:31 <DIR> --dsh--- c:\documents and settings\user\IETldCache
2009-04-20 23:27 81,920 ac------ c:\windows\system32\dllcache\ieencode.dll
2009-04-20 23:27 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-20 22:12 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-04-20 22:12 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-20 22:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 22:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-20 22:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-04-20 21:52 <DIR> --d----- c:\program files\common files\iS3
2009-04-20 21:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-04-20 21:31 213,120 -c------ c:\windows\system32\dllcache\ndis.sys
2009-04-20 21:24 0 a------- c:\windows\system32\1F.tmp
2009-04-20 21:24 0 a------- c:\windows\system32\1D.tmp
2009-04-20 21:24 132 a------- c:\windows\system32\1B.tmp
2009-04-20 21:24 132 a------- c:\windows\system32\1A.tmp
2009-04-20 05:32 80 a------- c:\windows\system32\18.tmp
2009-04-20 05:20 80 a------- c:\windows\system32\16.tmp
2009-04-20 05:16 80 a------- c:\windows\system32\14.tmp
2009-04-20 04:31 80 a------- c:\windows\system32\12.tmp
2009-04-20 02:54 23,392 a------- c:\windows\system32\nscompat.tlb
2009-04-20 02:54 16,832 a------- c:\windows\system32\amcompat.tlb
2009-04-20 02:25 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-19 22:46 2,470 a------- c:\windows\system32\tmp.reg
2009-04-19 22:45 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-04-19 22:45 288,417 a------- c:\windows\system32\SrchSTS.exe
2009-04-19 22:45 136,192 a------- c:\windows\system32\swreg.exe
2009-04-19 22:45 101,376 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-04-19 22:45 90,112 a------- c:\windows\system32\VACFix.exe
2009-04-19 22:45 85,504 a------- c:\windows\system32\IEDFix.exe
2009-04-19 22:45 85,504 a------- c:\windows\system32\IEDFix.C.exe
2009-04-19 22:45 80,896 a------- c:\windows\system32\swxcacls.exe
2009-04-19 22:45 71,680 a------- c:\windows\system32\dumphive.exe
2009-04-19 22:45 53,248 a------- c:\windows\system32\Process.exe
2009-04-19 22:45 29,184 a------- c:\windows\system32\WS2Fix.exe
2009-04-19 06:00 155 a------- c:\windows\system32\SelfDel.bat
2009-04-19 03:00 <DIR> --d----- c:\windows\system32\3361
2009-04-19 03:00 <DIR> --d----- c:\windows\dhcp
2009-04-19 02:59 <DIR> --dshr-- c:\program files\ThunMail
2009-04-19 02:59 <DIR> --d----- c:\docume~1\user\applic~1\pidle
2009-04-19 02:59 24,064 a------- C:\mxntwq.exe
2009-04-19 02:59 2 a------- C:\1078773042
2009-04-15 05:48 397,824 a------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:48 283,648 a------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 05:48 128,512 a------- c:\windows\system32\dllcache\services.exe
2009-04-15 05:48 721,920 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:48 708,096 a------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 05:48 616,960 a------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:48 472,064 a------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:48 437,248 a------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:47 235,008 a------- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 05:47 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-11 04:33 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-11 04:32 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-11 04:09 <DIR> --d----- c:\windows\system32\syncdb

==================== Find3M ====================

2009-05-03 05:03 25,600 a------- c:\windows\system32\userinit.exe
2009-05-02 00:27 1,196,032 ac------ c:\windows\RtlUpd.exe
2009-04-26 20:53 170,750 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-04-26 20:53 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-24 21:53 256 ac------ c:\documents and settings\user\pool.bin
2009-04-20 21:31 182,656 -c------ c:\windows\system32\drivers\ndis.sys
2009-04-19 21:28 94,208 a------- c:\windows\DUMPce4c.tmp
2009-03-28 23:39 0 a------- c:\program files\WinDVR.exe.local
2009-03-20 21:50 3,358,720 ac------ c:\windows\system32\GPhotos.scr
2009-02-06 13:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 17:35 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-11 02:30 22,328 ac------ c:\docume~1\user\applic~1\PnkBstrK.sys
2008-03-09 15:25 236 ac--h--- c:\program files\common files\dx.reg
2008-02-04 01:27 18 ac------ c:\documents and settings\user\Settings.dat
2007-11-24 20:20 94,208 ac------ c:\docume~1\user\applic~1\ezplay.sys
2007-11-24 20:20 87,608 ac------ c:\docume~1\user\applic~1\inst.exe
2007-11-24 20:20 47,360 ac------ c:\docume~1\user\applic~1\pcouffin.sys
2007-11-24 20:17 102,400 ac------ c:\docume~1\user\applic~1\ezpinst.exe
2004-10-01 22:00 61,440 ac------ c:\program files\Uninstall_CDS.exe
2007-12-12 05:28 61 -c-sh--- c:\windows\cnerolf.bin

============= FINISH: 11:35:39.14 ===============
 

Attachments

See less See more
#2 ·
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top