Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
10 Posts
Discussion Starter · #1 ·
ok, so now it is pretty obvius that i have a trojan.

Trying to run the dds, my antivir told me that http://www.forospyware.com/sUBs/dds was a virus:

"Virus or unwanted program 'HIDDENEXT/Crypted [heuristic]'
detected in file 'C:\Users\sla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DZHWN0R\dds[1].pif.
Action performed: Deny access"

Luckily there were two other possibilities, so I managed to get a report.

u wanna see it? Ill attach the txt-file and ill post the txt into this post..,

Trying to run the GMER roodkit scanner got me scared. It found a lot of infected files, but half the way through, the screen turned all blue, and the screen said something about that the system crashed.



PS: Actually, Id like to confess, that I had Daemon tools installed, so I tried to un-install it. The extra drive disappeared. But the last two times, i restarted the program pops up with a message. Can I make it stop? Wanna see a hijack-this log?


What do i do now? I dont have a boot cd






DDS:



DDS (Ver_09-12-01.01) - NTFSx86
Run by SLA at 21:24:31,98 on 03-12-2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_06
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.45.1030.18.2046.1131 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sla\Desktop\dds.com
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.vucaarhus.dk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: Hjælp til tilmelding til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {c08df07a-3e49-4e25-9ab0-d3882835f153} - QUICKfind BHO Object
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ABBYY Screenshot Reader Bonus]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
uPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
uPolicies-explorer: NoAutorun = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-explorer: NoTaskGrouping = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-explorer: DontSetAutoplayCheckbox = 1 (0x1)
mPolicies-explorer: NoAutorun = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: UseDefaultTile = 1 (0x1)
mPolicies-explorer: NoDisconnect = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: disablecad = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DefaultLogonDomain = vucaarhus
mPolicies-system: DisableStatusMessages = 1 (0x1)
mPolicies-system: ShutdownSessionTimeout = 5 (0x5)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download alle med NetXfer - c:\program files\xi\netxfer\NXAddList.html
IE: Download med NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\partygaming\partycasino\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: emu.dk
Trusted Zone: microsoft.com
Trusted Zone: supportcenter.dk
Trusted Zone: vucaarhus.dk
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {07E8D22D-C723-485C-BE6F-003241549305} - hxxp://extcom.esoft.dk/extern/3d/eplan.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxp://webmail.djh.dk/dwa8W.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://photoservice.fujicolor.eu/ips-opdata/layout/fuji01/activex/IPSUploader4.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sla\appdata\roaming\mozilla\firefox\profiles\rz5xicbp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vucaarhus.dk/
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-3 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-5 11608]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-2-15 26624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-5 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-5 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-5 55656]
R2 BthFilterHelper;Bluetooth Feature Support;c:\program files\csr\vista profile pack\BthFilterHelper.exe [2006-11-7 127488]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2002-7-9 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2002-7-9 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2002-7-9 670720]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2002-7-9 50688]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2002-7-9 31232]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2002-7-9 111616]
R3 BthAvrcp;Bluetooth AVRCP-profil;c:\windows\system32\drivers\BthAvrcp.sys [2008-5-28 12800]
R3 BTHFILT;Bluetooth-kommandofilter;c:\windows\system32\drivers\BthFilt.sys [2008-5-28 13824]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-2-7 3712]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2009-2-12 3768]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-11-20 38400]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-11-17 31360]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-6-2 179712]
S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-2 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-4 54632]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-2-12 184320]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2009-8-28 40448]
S4 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2008-4-2 11048]
S4 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2008-4-2 14120]
S4 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2008-4-2 16808]

=============== Created Last 30 ================

2009-12-03 17:05:49 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-03 17:05:47 0 d-----w- c:\program files\Panda Security
2009-12-03 16:24:10 0 d-----w- C:\Intel
2009-12-03 16:08:06 553 ----a-w- c:\windows\USetup.iss
2009-12-03 1659 0 d-----w- c:\windows\system32\RTCOM
2009-12-03 1626 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-03 1625 17408 ----a-w- c:\windows\system32\RtkCoInst.dll
2009-12-03 1623 315392 ----a-w- c:\windows\HideWin.exe
2009-12-03 1618 0 d-----w- C:\dell
2009-12-02 23:39:45 0 d-----w- c:\program files\Windows Portable Devices
2009-12-02 23:39:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-02 23:17:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-12-02 23:17:27 0 d-----w- c:\program files\Synaptics
2009-12-02 23:15:35 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-02 23:14:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-02 23:14:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-02 23:14:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-02 22:40:01 0 d-----w- c:\windows\system32\eu-ES
2009-12-02 22:40:01 0 d-----w- c:\windows\system32\ca-ES
2009-12-02 22:39:58 0 d-----w- c:\windows\system32\vi-VN
2009-12-02 17:19:17 34400 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-02 17:19:17 2410272 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-02 17:19:05 1099 ----a-w- C:\rollback.ini
2009-12-02 16:55:56 0 d-----w- c:\programdata\ParetoLogic
2009-12-02 16:55:56 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-02 13:33:43 0 d-----w- c:\windows\system32\EventProviders
2009-12-02 13:31:59 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
2009-12-02 13:30:57 6103040 ----a-w- c:\windows\system32\chtbrkr.dll
2009-12-02 13:29:53 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-12-02 13:29:53 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-12-02 13:29:15 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-12-02 12:23:06 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-12-02 12:23:05 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-12-02 12:23:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-12-02 12:22:17 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-12-02 12:21:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-02 12:21:58 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-30 21:18:46 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-30 21:17:15 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-30 21:17:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-29 20:19:15 0 d-----w- c:\program files\GPLGS
2009-11-29 20:18:46 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-11-29 20:18:46 0 d-----w- c:\program files\Acro Software
2009-11-27 14:24:30 0 d-----w- c:\program files\Trend Micro
2009-11-17 14:01:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-17 13:54:42 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-17 13:54:32 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-17 13:54:29 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-17 13:54:29 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-11 16:56:57 118 ----a-w- c:\windows\system32\MRT.INI
2009-11-11 16:54:00 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-11 16:46:35 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-11-11 16:44:43 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-11-11 16:42:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-11 16:42:45 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 16:42:03 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-11 14:48:34 0 d-----w- c:\users\sla\appdata\roaming\ABBYY
2009-11-10 10:25:55 0 d-----w- c:\program files\Camfrog
2009-11-08 20:07:50 0 d-----w- c:\program files\iPod
2009-11-08 20:07:48 0 d-----w- c:\program files\iTunes
2009-11-04 10:36:59 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

==================== Find3M ====================

2009-12-03 19:48:56 558554 ----a-w- c:\windows\system32\perfh006.dat
2009-12-03 19:48:56 109896 ----a-w- c:\windows\system32\perfc006.dat
2009-12-03 19:45:45 27649 ----a-w- c:\programdata\nvModes.dat
2009-12-03 19:40:37 9889 ----a-w- c:\windows\bthservsdp.dat
2009-12-03 16:48:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-03 16:48:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-03 16:48:46 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-02 23:39:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-02 22:26:40 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-27 08:58:11 4096 ----a-w- c:\windows\d3dx.dat
2009-10-21 12:53:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-21 12:52:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-08 07:26:45 0 ----a-w- c:\users\sla\temp.dat
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-06 20:52:32 6394 ----a-w- c:\windows\system32\krncode.dat
2009-09-06 20:52:32 20065 ----a-w- c:\windows\system32\wincode.dat
2009-09-06 20:52:32 1575 ----a-w- c:\windows\system32\pwrcode.dat
2008-06-02 16:07:39 174 --sha-w- c:\program files\desktop.ini
2006-11-21 04:52:20 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2006-11-21 04:52:20 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2006-11-21 04:52:20 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2006-11-21 04:52:20 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-05 12:17:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060520090606\index.dat

============= FINISH: 21:26:00,29 ===============
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top