Author Topic: Alureon.H rootkit virus TermDD (Read 39849 times)

ishan · « **Reply #15 on:** May 26, 2010, 12:09:44 AM »

Attached all reports/

[recovering disk space - old attachment deleted by admin]

ishan · « **Reply #16 on:** May 26, 2010, 12:10:55 AM »

2nd and last run of Combofix.

[recovering disk space - old attachment deleted by admin]

ishan · « **Reply #17 on:** May 26, 2010, 08:28:44 AM »

Help please?

SuperDave · « **Reply #18 on:** May 26, 2010, 01:43:43 PM »

Download GMER Rootkit Detector and save it your desktop.

* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

ishan · « **Reply #19 on:** May 26, 2010, 04:29:38 PM »

I downloaded Gmer, extracted zip on desktop. When I tried to run it, windows hung. I rebooted machine, tried again with minimum app open and still it hung. It is even before I start scanning.

SuperDave · « **Reply #20 on:** May 26, 2010, 06:12:30 PM »

Ok Please try this one.

Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

ishan · « **Reply #21 on:** May 27, 2010, 01:46:12 AM »

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/26 23:26
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7952000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE26000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB42D8000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xBAC98000   Size: 24576   File Visible: No   Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xB7ACD000   Size: 139264   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\microsoft operations manager\momservice(b).mc8
Status: Size mismatch (API: 71745, Raw: 68535)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_policyevaluator\000000gg.msg
Status: Allocation size mismatch (API: 12288, Raw: 8192)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\ls_scheduledcleanup\0000002s.msg
Status: Allocation size mismatch (API: 61440, Raw: 57344)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_requestassignments\000001cs.msg
Status: Allocation size mismatch (API: 32768, Raw: 20480)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_mp_hinvendpoint\0000002b.msg
Status: Allocation size mismatch (API: 65536, Raw: 61440)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_statusreceiver\00000032.msg
Status: Allocation size mismatch (API: 90112, Raw: 73728)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_[http]mp_locationmanager\0000006w.msg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_[http]mp_policymanager\000001cc.msg
Status: Allocation size mismatch (API: 73728, Raw: 57344)

Path: C:\Documents and Settings\iraval\Local Settings\Apps\2.0\BGNRHMAN.BEO\L9J62ZNZ.Q83\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\iraval\Local Settings\Apps\2.0\BGNRHMAN.BEO\L9J62ZNZ.Q83\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 257   Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xb7ad7620

Stealth Objects
-------------------
Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: MsMpEng.exe (PID: 1944)   Address: 0xe4636818   Size: -

Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe233b818   Size: -

Object: Hidden Handle [Index: 2052, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe2e36020   Size: -

Object: Hidden Handle [Index: 6148, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe5037020   Size: -

Object: Hidden Handle [Index: 8196, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe4fe5020   Size: -

==EOF==

ishan · « **Reply #22 on:** May 27, 2010, 01:47:07 AM »

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/26 23:26
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7952000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE26000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB42D8000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xBAC98000   Size: 24576   File Visible: No   Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xB7ACD000   Size: 139264   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\microsoft operations manager\momservice(b).mc8
Status: Size mismatch (API: 71745, Raw: 68535)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_policyevaluator\000000gg.msg
Status: Allocation size mismatch (API: 12288, Raw: 8192)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\ls_scheduledcleanup\0000002s.msg
Status: Allocation size mismatch (API: 61440, Raw: 57344)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_requestassignments\000001cs.msg
Status: Allocation size mismatch (API: 32768, Raw: 20480)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_mp_hinvendpoint\0000002b.msg
Status: Allocation size mismatch (API: 65536, Raw: 61440)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_statusreceiver\00000032.msg
Status: Allocation size mismatch (API: 90112, Raw: 73728)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_[http]mp_locationmanager\0000006w.msg
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\mp_[http]mp_policymanager\000001cc.msg
Status: Allocation size mismatch (API: 73728, Raw: 57344)

Path: C:\Documents and Settings\iraval\Local Settings\Apps\2.0\BGNRHMAN.BEO\L9J62ZNZ.Q83\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\iraval\Local Settings\Apps\2.0\BGNRHMAN.BEO\L9J62ZNZ.Q83\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 257   Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xb7ad7620

Stealth Objects
-------------------
Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: MsMpEng.exe (PID: 1944)   Address: 0xe4636818   Size: -

Object: Hidden Handle [Index: 4, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe233b818   Size: -

Object: Hidden Handle [Index: 2052, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe2e36020   Size: -

Object: Hidden Handle [Index: 6148, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe5037020   Size: -

Object: Hidden Handle [Index: 8196, Type: UnknownType]
Process: svchost.exe (PID: 1984)   Address: 0xe4fe5020   Size: -

==EOF==

SuperDave · « **Reply #23 on:** May 27, 2010, 09:44:48 AM »

Please follow these instructions carefully.

Please download and save HelpAsst_mebroot_fix.exe

•Double click to run the tool.

•When complete, run mbr -f then reboot.

•After reboot, provide the mbr log.

==============================

Download this << file >> & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: [Select]

@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

ishan · « **Reply #24 on:** May 27, 2010, 07:20:52 PM »

Please download and save HelpAsst_mebroot_fix.exe

I can not download this. There's no such download available.

SuperDave · « **Reply #25 on:** May 27, 2010, 07:55:52 PM »

Sorry about that. I fixed the link.

Please download and save HelpAsst_mebroot_fix.exe
•Double click to run the tool.

•When complete, run mbr -f then reboot.

•After reboot, provide the mbr log.

ishan · « **Reply #26 on:** May 27, 2010, 11:24:05 PM »

Here is MBR log that I found in C:\

C:\Ishan\Virus_Fix\HelpAsst_mebroot_fix.exe
Thu 05/27/2010 at 22:11:41.85

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"6763:TCP"=-
"6764:TCP"=-
"3389:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"6763:TCP"=-
"6764:TCP"=-
"3389:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1737608194-1000615609-2549537844-1005
~ No profile directory exists for S-1-5-21-1737608194-1000615609-2549537844-1005 ~

~ All HelpAssistant profiles removed from registry ~

~~ Checking mbr ~~

user & kernel MBR OK

ishan · « **Reply #27 on:** May 27, 2010, 11:29:17 PM »

TDSS killer report:

22:28:52:531 5048   TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
22:28:52:531 5048   ================================================================================
22:28:52:531 5048   SystemInfo:

22:28:52:531 5048   OS Version: 5.1.2600 ServicePack: 3.0
22:28:52:531 5048   Product type: Workstation
22:28:52:531 5048   ComputerName: SAN
22:28:52:531 5048   UserName: iraval
22:28:52:531 5048   Windows directory: C:\WINDOWS
22:28:52:531 5048   Processor architecture: Intel x86
22:28:52:531 5048   Number of processors: 2
22:28:52:531 5048   Page size: 0x1000
22:28:52:531 5048   Boot type: Normal boot
22:28:52:531 5048   ================================================================================
22:28:52:796 5048   Initialize success
22:28:52:796 5048
22:28:52:796 5048   Scanning   Services ...
22:28:53:156 5048   Raw services enum returned 426 services
22:28:53:203 5048
22:28:53:203 5048   Scanning   Drivers ...
22:28:53:828 5048   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:28:53:859 5048   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:28:53:921 5048   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:28:53:953 5048   AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:28:54:031 5048   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:28:54:125 5048   ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:28:54:156 5048   APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:28:54:187 5048   Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:28:54:250 5048   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:28:54:281 5048   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:28:54:343 5048   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:28:54:390 5048   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:28:54:406 5048   Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:28:54:421 5048   Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:28:54:484 5048   b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:28:54:500 5048   BCMTPM (09a41ba9dc48f2f52ade4a42fe945d98) C:\WINDOWS\system32\DRIVERS\btpmw32.sys
22:28:54:562 5048   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:28:54:578 5048   BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:28:54:609 5048   BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:28:54:703 5048   BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
22:28:54:750 5048   BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:28:54:906 5048   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:28:54:968 5048   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:28:55:015 5048   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:28:55:046 5048   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:28:55:093 5048   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:28:55:125 5048   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:28:55:156 5048   Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:28:55:203 5048   CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys
22:28:55:265 5048   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:28:55:437 5048   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:28:55:734 5048   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:28:55:984 5048   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:28:56:125 5048   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:28:56:312 5048   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:28:56:406 5048   dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
22:28:56:515 5048   DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
22:28:56:734 5048   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:28:56:968 5048   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:28:57:062 5048   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:28:57:140 5048   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:28:57:250 5048   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:28:57:421 5048   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:28:57:515 5048   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:28:57:640 5048   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:28:57:812 5048   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:28:57:906 5048   guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\WINDOWS\system32\Drivers\oz776.sys
22:28:57:984 5048   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:28:58:000 5048   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:28:58:218 5048   HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:28:58:375 5048   HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:28:58:531 5048   HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:28:58:687 5048   HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:28:59:015 5048   HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:28:59:281 5048   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:28:59:343 5048   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:28:59:406 5048   iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
22:28:59:468 5048   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:28:59:500 5048   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:28:59:531 5048   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:28:59:578 5048   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:28:59:593 5048   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:28:59:625 5048   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:28:59:640 5048   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:28:59:687 5048   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:28:59:750 5048   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:28:59:765 5048   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:28:59:781 5048   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:28:59:828 5048   klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
22:28:59:843 5048   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:28:59:875 5048   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:28:59:968 5048   LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
22:29:00:171 5048   LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
22:29:00:296 5048   LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:29:00:328 5048   mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
22:29:00:421 5048   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:29:00:484 5048   mirrorv3 (d96ea49ab9a9174331bc023fd0cadc18) C:\WINDOWS\system32\DRIVERS\rminiv3.sys
22:29:00:500 5048   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:29:00:531 5048   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:29:00:546 5048   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:29:00:562 5048   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:29:00:593 5048   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:29:00:609 5048   MpFilter (fbc56c853814eaa196e22edf596a4ebd) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:29:00:703 5048   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:29:00:765 5048   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:29:00:812 5048   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:29:00:843 5048   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:29:00:890 5048   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:29:00:937 5048   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:29:00:953 5048   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:29:01:015 5048   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:29:01:031 5048   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:29:01:078 5048   n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
22:29:01:125 5048   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:29:01:171 5048   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:29:01:234 5048   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:29:01:250 5048   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:29:01:281 5048   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:29:01:296 5048   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:29:01:328 5048   NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:29:01:343 5048   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:29:01:375 5048   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:29:01:468 5048   NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
22:29:01:531 5048   NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:29:01:562 5048   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:29:01:609 5048   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:29:01:656 5048   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:29:01:859 5048   nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:29:02:031 5048   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:29:02:078 5048   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:29:02:125 5048   ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:29:02:171 5048   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:29:02:187 5048   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:29:02:234 5048   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:29:02:265 5048   PBADRV (e3e6e724d6a82ab6a2afbcb21180ffce) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
22:29:02:296 5048   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:29:02:312 5048   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:29:02:343 5048   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:29:02:453 5048   PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
22:29:02:500 5048   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:29:02:531 5048   prepdrvr (9b322103efe09f5f4a957af62b0387b1) C:\WINDOWS\system32\CCM\prepdrv.sys
22:29:02:578 5048   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:29:02:609 5048   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:29:02:656 5048   PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:29:02:734 5048   raddrvv3 (06d87871fe0788d3f838f69a03168b7f) c:\WINDOWS\system32\rserver30\raddrvv3.sys
22:29:02:812 5048   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:29:02:843 5048   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:29:02:875 5048   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:29:02:921 5048   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:29:02:937 5048   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:29:02:984 5048   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:29:03:015 5048   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:29:03:078 5048   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:29:03:109 5048   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:29:03:156 5048   RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:29:03:203 5048   s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:29:03:234 5048   SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys
22:29:03:328 5048   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:29:03:359 5048   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:29:03:375 5048   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:29:03:437 5048   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:29:03:500 5048   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:29:03:531 5048   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:29:03:562 5048   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:29:03:640 5048   Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
22:29:03:734 5048   STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
22:29:03:781 5048   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:29:03:828 5048   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:29:03:843 5048   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:29:03:890 5048   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:29:03:906 5048   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:29:03:953 5048   TcUsb (125f5adc14839b4afd31cc581629d2b3) C:\WINDOWS\system32\Drivers\tcusb.sys
22:29:03:968 5048   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:29:04:000 5048   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:29:04:031 5048   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:29:04:062 5048   tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
22:29:04:125 5048   tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
22:29:04:203 5048   tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
22:29:04:250 5048   Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
22:29:04:296 5048   Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
22:29:04:312 5048   tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
22:29:04:343 5048   Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
22:29:04:390 5048   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:29:04:437 5048   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:29:04:484 5048   USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:29:04:515 5048   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:29:04:546 5048   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:29:04:562 5048   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:29:04:609 5048   usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:29:04:687 5048   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:29:04:734 5048   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:29:04:781 5048   usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:29:04:812 5048   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:29:04:843 5048   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:29:04:890 5048   vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys
22:29:04:906 5048   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:29:04:953 5048   VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
22:29:04:984 5048   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:29:05:046 5048   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:29:05:109 5048   winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:29:05:171 5048   WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:29:05:187 5048   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:29:05:250 5048   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:29:05:343 5048   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:29:05:406 5048   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:29:05:437 5048
22:29:05:437 5048   Completed
22:29:05:437 5048
22:29:05:437 5048   Results:
22:29:05:437 5048   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
22:29:05:437 5048   File objects infected / cured / cured on reboot:   0 / 0 / 0
22:29:05:437 5048
22:29:05:437 5048   KLMD(ARK) unloaded successfully

SuperDave · « **Reply #28 on:** May 28, 2010, 08:39:04 AM »

That looks good. Could you please run another scan with ComboFix and send me the log?

ishan · « **Reply #29 on:** May 28, 2010, 11:07:23 PM »

ComboFix 10-05-28.02 - iraval 05/28/2010 21:01:52.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1229 [GMT -7:00]
Running from: c:\documents and settings\iraval\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *On-access scanning disabled* (Updated) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://CASANSMS1:80
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-28 05:11 . 2010-05-28 05:11   --------   d-----w-   C:\HelpAsst_backup
2010-05-27 00:14 . 2010-05-27 00:14   503808   ----a-w-   c:\documents and settings\iraval\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4eb22189-n\msvcp71.dll
2010-05-27 00:14 . 2010-05-27 00:14   499712   ----a-w-   c:\documents and settings\iraval\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4eb22189-n\jmc.dll
2010-05-27 00:14 . 2010-05-27 00:14   348160   ----a-w-   c:\documents and settings\iraval\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4eb22189-n\msvcr71.dll
2010-05-27 00:13 . 2010-05-27 00:13   61440   ----a-w-   c:\documents and settings\iraval\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ad6e02a-n\decora-sse.dll
2010-05-27 00:13 . 2010-05-27 00:13   12800   ----a-w-   c:\documents and settings\iraval\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ad6e02a-n\decora-d3d.dll
2010-05-27 00:13 . 2010-05-27 00:13   --------   d-----w-   c:\program files\Common Files\Java
2010-05-27 00:13 . 2010-05-27 00:13   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-26 18:26 . 2010-05-26 18:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Applications
2010-05-26 17:15 . 2009-10-20 16:20   265728   -c----w-   c:\windows\system32\dllcache\http.sys
2010-05-25 21:24 . 2008-06-13 11:05   272128   -c----w-   c:\windows\system32\dllcache\bthport.sys
2010-05-25 21:23 . 2010-02-24 13:11   455680   -c----w-   c:\windows\system32\dllcache\mrxsmb.sys
2010-05-25 21:20 . 2010-02-16 14:08   2146304   -c----w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-25 21:20 . 2010-02-17 16:10   2189952   -c----w-   c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-25 21:20 . 2010-02-16 13:25   2024448   -c----w-   c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-25 21:20 . 2009-11-27 17:11   17920   -c----w-   c:\windows\system32\dllcache\msyuv.dll
2010-05-25 21:13 . 2009-11-27 16:07   8704   -c----w-   c:\windows\system32\dllcache\tsbyuv.dll
2010-05-25 21:13 . 2009-11-27 16:07   48128   -c----w-   c:\windows\system32\dllcache\iyuv_32.dll
2010-05-25 21:12 . 2010-03-11 12:38   459264   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2010-05-25 21:12 . 2010-03-11 12:38   268288   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2010-05-25 21:12 . 2010-03-11 12:38   52224   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-25 21:12 . 2010-03-11 12:38   63488   -c----w-   c:\windows\system32\dllcache\icardie.dll
2010-05-25 21:12 . 2010-03-11 12:38   380928   -c----w-   c:\windows\system32\dllcache\ieapfltr.dll
2010-05-25 21:12 . 2010-03-10 13:18   13824   -c----w-   c:\windows\system32\dllcache\ieudinit.exe
2010-05-25 21:12 . 2009-06-29 08:33   2452872   -c----w-   c:\windows\system32\dllcache\ieapfltr.dat
2010-05-25 21:12 . 2010-03-11 12:38   6067200   -c----w-   c:\windows\system32\dllcache\ieframe.dll
2010-05-25 15:13 . 2010-05-25 15:13   --------   d-----w-   c:\windows\ms
2010-05-25 15:01 . 2008-04-14 12:00   221696   -c--a-w-   c:\windows\system32\dllcache\seo.dll
2010-05-25 15:00 . 2008-04-14 12:00   13463552   -c--a-w-   c:\windows\system32\dllcache\hwxjpn.dll
2010-05-25 14:59 . 2004-05-13 07:39   598071   -c--a-w-   c:\windows\system32\dllcache\fpmmc.dll
2010-05-25 14:40 . 2008-04-14 12:00   13312   -c--a-w-   c:\windows\system32\dllcache\irclass.dll
2010-05-25 14:40 . 2008-04-14 12:00   13312   ----a-w-   c:\windows\system32\irclass.dll
2010-05-25 14:40 . 2008-04-14 12:00   24661   -c--a-w-   c:\windows\system32\dllcache\spxcoins.dll
2010-05-25 14:40 . 2008-04-14 12:00   24661   ----a-w-   c:\windows\system32\spxcoins.dll
2010-05-25 11:10 . 2008-04-14 12:00   16384   -c--a-w-   c:\windows\system32\dllcache\isignup.exe
2010-05-25 06:05 . 2010-05-25 06:05   --------   d-----w-   c:\program files\ESET
2010-05-20 13:47 . 2010-05-20 13:47   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-18 15:02 . 2009-09-07 21:02   27944   ----a-w-   c:\windows\system32\sbbd.exe
2010-05-18 15:02 . 2009-08-05 22:58   93872   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2010-05-18 15:02 . 2010-05-25 15:30   --------   d-----w-   C:\VIPRERESCUE
2010-05-06 04:12 . 2010-05-06 04:12   --------   d-----w-   c:\program files\iPod
2010-05-06 04:11 . 2010-05-06 04:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-06 04:11 . 2010-05-06 04:13   --------   d-----w-   c:\program files\iTunes
2010-05-06 04:00 . 2010-05-06 04:02   --------   d-----w-   c:\program files\QuickTime
2010-05-06 03:56 . 2010-05-06 03:56   --------   d-----w-   c:\program files\Bonjour
2010-05-06 03:40 . 2010-05-06 03:40   73000   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-06 01:30 . 2010-05-06 01:30   --------   d-----w-   c:\documents and settings\iraval\Local Settings\Application Data\Help
2010-05-02 09:05 . 2010-05-02 09:22   --------   d-----w-   C:\WINXP
2010-05-02 05:42 . 2010-05-03 19:36   --------   d-----w-   c:\program files\SiteAdvisor
2010-05-02 05:42 . 2010-05-03 18:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-05-02 05:37 . 2010-05-03 19:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2010-05-02 00:58 . 2010-05-02 00:58   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-05-01 20:35 . 2010-05-01 20:35   --------   d-----w-   c:\documents and settings\admin\Local Settings\Application Data\Mozilla
2010-05-01 19:49 . 2010-05-25 15:52   --------   d-----w-   c:\program files\Windows Live Safety Center
2010-05-01 18:45 . 2010-05-01 18:45   --------   d-----w-   c:\documents and settings\admin\Application Data\Malwarebytes
2010-05-01 16:28 . 2010-05-02 01:28   --------   d-----w-   c:\documents and settings\HelpAssistant\Tracing
2010-05-01 16:28 . 2010-05-01 16:28   --------   d-----w-   c:\documents and settings\HelpAssistant\SametimeTranscripts
2010-05-01 16:26 . 2010-05-01 16:26   --------   d-----w-   c:\documents and settings\HelpAssistant\IBM
2010-05-01 16:22 . 2010-05-01 16:22   --------   d-----w-   c:\documents and settings\HelpAssistant\.ssh
2010-05-01 16:21 . 2007-08-27 22:25   --------   d-----w-   c:\documents and settings\HelpAssistant\UserData
2010-05-01 16:21 . 2010-05-02 01:28   --------   d-s---w-   c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 03:19 . 2009-11-17 07:50   --------   d-----w-   c:\program files\BSEMktWatch
2010-05-28 22:54 . 2010-03-20 20:59   --------   d-----w-   c:\documents and settings\iraval\Application Data\vlc
2010-05-27 00:13 . 2007-08-28 20:08   --------   d-----w-   c:\program files\Java
2010-05-26 14:44 . 2010-02-02 07:52   --------   d-----w-   c:\program files\MagicISO
2010-05-25 16:54 . 2009-11-17 01:50   --------   d-----w-   c:\documents and settings\iraval\Application Data\Wave Systems Corp
2010-05-25 14:56 . 2007-08-27 20:47   24924   ----a-w-   c:\windows\system32\emptyregdb.dat
2010-05-25 14:56 . 2010-05-25 14:56   1663   ----a-w-   c:\windows\inf\COMD6.tmp
2010-05-25 12:21 . 2010-01-03 06:30   --------   d-----w-   c:\documents and settings\iraval\Application Data\Azureus
2010-05-25 12:20 . 2009-12-06 02:59   --------   d-----w-   c:\program files\CCleaner
2010-05-25 11:08 . 2010-05-25 11:08   1663   ----a-w-   c:\windows\inf\COM12F.tmp
2010-05-25 08:20 . 2007-08-27 21:54   95194   ----a-w-   c:\windows\system32\nvModes.dat
2010-05-22 05:53 . 2010-01-03 06:29   --------   d-----w-   c:\program files\Vuze
2010-05-20 13:48 . 2009-11-17 07:50   --------   d-----w-   c:\program files\Google
2010-05-12 19:47 . 2009-07-22 20:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-06 17:36 . 2010-01-16 07:10   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-05-06 04:12 . 2009-11-23 07:43   --------   d-----w-   c:\program files\Common Files\Apple
2010-05-04 03:06 . 2010-03-20 23:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-02 21:22 . 2009-11-23 07:46   --------   d-----w-   c:\documents and settings\iraval\Application Data\Apple Computer
2010-05-02 18:33 . 2010-05-02 18:33   1663   ----a-w-   c:\windows\inf\COME3.tmp
2010-05-02 04:57 . 2009-12-06 01:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-05-02 01:15 . 2007-08-28 19:56   --------   d-----w-   c:\program files\Microsoft Office Communicator
2010-05-01 19:36 . 2010-01-22 12:58   --------   d-----w-   c:\documents and settings\admin\Application Data\Wave Systems Corp
2010-05-01 18:42 . 2010-01-22 12:58   71776   ----a-w-   c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 22:39 . 2010-03-20 23:30   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-03-20 23:30   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-26 03:26 . 2009-10-20 17:11   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-04-19 21:59 . 2010-04-19 21:59   255472   ----a-w-   c:\documents and settings\iraval\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 19:53 . 2009-12-06 01:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2010-04-17 19:53 . 2010-04-17 07:43   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-04-16 15:33 . 2009-11-23 07:43   41472   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-04-16 15:33 . 2009-11-23 07:43   3003680   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-04-16 04:15 . 2010-03-28 07:29   894184   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 16:18 . 2010-04-14 03:02   --------   d-----w-   c:\program files\PuTTY Connection Manager
2010-04-14 03:07 . 2009-11-17 07:20   --------   d-----w-   c:\program files\PuTTY
2010-04-14 02:55 . 2009-11-20 01:53   --------   d-----w-   c:\program files\Quest Software
2010-04-08 20:20 . 2010-04-08 20:20   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-04-02 05:08 . 2009-11-17 07:18   --------   d-----w-   c:\program files\WinSCP
2010-03-28 02:06 . 2007-08-27 22:09   71776   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 15:51 . 2009-08-18 16:08   82696   ----a-w-   c:\windows\system32\lmdimon8.dll
2010-03-11 12:38 . 2008-04-14 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 12:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-25_16.21.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-28 16:18 . 2010-05-28 16:18   16384 c:\windows\Temp\Perflib_Perfdata_930.dat
+ 2010-05-28 16:17 . 2010-05-28 16:17   16384 c:\windows\Temp\Perflib_Perfdata_554.dat
+ 2009-08-07 02:24 . 2009-08-07 02:24   44768 c:\windows\system32\wups2.dll
+ 2007-08-27 20:48 . 2009-08-07 03:24   35552 c:\windows\system32\wups.dll
+ 2007-08-27 20:48 . 2009-08-07 02:24   53472 c:\windows\system32\wuauclt.exe
+ 2008-04-14 12:00 . 2008-05-09 10:53   90112 c:\windows\system32\wshext.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   90112 c:\windows\system32\wshext.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   99840 c:\windows\system32\wmpshell.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   37376 c:\windows\system32\wmdmps.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   33792 c:\windows\system32\wmdmlog.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   54272 c:\windows\system32\wdigest.dll
+ 2008-04-14 12:00 . 2010-04-21 13:28   46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31   80896 c:\windows\system32\tlntsess.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31   76288 c:\windows\system32\telnet.exe
- 2008-04-14 12:00 . 2008-04-14 12:00   75776 c:\windows\system32\strmfilt.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38   75776 c:\windows\system32\strmfilt.dll
+ 2009-08-18 16:08 . 2010-03-17 15:51   82184 c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
- 2010-05-03 18:19 . 2009-05-26 11:40   17272 c:\windows\system32\spmsg.dll
+ 2010-05-26 15:03 . 2009-05-26 09:01   17272 c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   56832 c:\windows\system32\secur32.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39   35328 c:\windows\system32\sc.exe
+ 2008-04-14 12:00 . 2009-10-12 13:38   79872 c:\windows\system32\raschap.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   79872 c:\windows\system32\raschap.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2010-05-26 20:54   89126 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-10-08 21:56   20480 c:\windows\system32\oleaccrc.dll
+ 2007-08-27 20:47 . 2008-06-12 14:23   91648 c:\windows\system32\mtxoci.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   91648 c:\windows\system32\mtxoci.dll
+ 2008-04-14 12:00 . 2008-06-12 14:23   66560 c:\windows\system32\mtxclu.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   66560 c:\windows\system32\mtxclu.dll
+ 2008-04-14 05:42 . 2009-11-27 17:11   17920 c:\windows\system32\msyuv.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07   28672 c:\windows\system32\msvidc32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07   11264 c:\windows\system32\msrle32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   11264 c:\windows\system32\msrle32.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   27136 c:\windows\system32\mspmsnsv.dll
+ 2008-04-14 12:00 . 2007-08-14 01:01   48128 c:\windows\system32\mshtmler.dll
+ 2008-04-14 12:00 . 2007-08-14 01:32   45568 c:\windows\system32\mshta.exe
- 2007-08-27 20:47 . 2008-04-14 12:00   58880 c:\windows\system32\msdtclog.dll
+ 2007-08-27 20:47 . 2008-06-12 14:23   58880 c:\windows\system32\msdtclog.dll
+ 2008-04-14 12:00 . 2008-06-24 16:43   74240 c:\windows\system32\mscms.dll
+ 2008-04-14 12:00 . 2009-09-04 21:03   58880 c:\windows\system32\msasn1.dll
+ 2008-04-14 12:00 . 2007-08-14 01:44   40960 c:\windows\system32\licmgr10.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   11264 c:\windows\system32\LAPRXY.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   27648 c:\windows\system32\jsproxy.dll
+ 2008-04-14 05:41 . 2009-11-27 16:07   48128 c:\windows\system32\iyuv_32.dll
+ 2008-04-14 12:00 . 2007-08-14 01:39   92672 c:\windows\system32\inseng.dll
+ 2008-04-14 12:00 . 2007-08-14 01:36   36352 c:\windows\system32\imgutil.dll
+ 2008-04-14 12:00 . 2007-08-14 01:39   55296 c:\windows\system32\iesetup.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\iernonce.dll
+ 2008-04-14 12:00 . 2010-03-10 13:18   70656 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-10-21 05:38   25088 c:\windows\system32\httpapi.dll
+ 2008-04-14 12:00 . 2009-10-15 16:28   81920 c:\windows\system32\fontsub.dll
+ 2008-04-14 12:00 . 2009-06-24 11:18   92928 c:\windows\system32\drivers\ksecdd.sys
+ 2007-08-27 20:48 . 2009-08-07 03:24   35552 c:\windows\system32\dllcache\wups.dll
+ 2007-08-27 20:48 . 2009-08-07 02:24   53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2008-05-09 10:53   90112 c:\windows\system32\dllcache\wshext.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   90112 c:\windows\system32\dllcache\wshext.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2007-08-27 20:48 . 2006-10-19 04:46   64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2007-08-27 20:48 . 2006-10-19 04:47   96256 c:\windows\system32\dllcache\wmpband.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   54272 c:\windows\system32\dllcache\wdigest.dll
+ 2008-04-14 12:00 . 2009-06-12 12:31   80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2007-08-27 20:46 . 2008-04-14 12:43   40840 c:\windows\system32\dllcache\termdd.sys
+ 2008-04-14 12:00 . 2009-06-12 12:31   76288 c:\windows\system32\dllcache\telnet.exe
- 2008-04-14 12:00 . 2008-04-14 12:00   75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38   75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   56832 c:\windows\system32\dllcache\secur32.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39   35328 c:\windows\system32\dllcache\sc.exe
+ 2008-04-14 12:00 . 2009-10-12 13:38   79872 c:\windows\system32\dllcache\raschap.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   79872 c:\windows\system32\dllcache\raschap.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-14 12:00 . 2009-10-08 21:56   20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2007-08-27 20:47 . 2008-06-12 14:23   91648 c:\windows\system32\dllcache\mtxoci.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-04-14 12:00 . 2008-06-12 14:23   66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07   28672 c:\windows\system32\dllcache\msvidc32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07   11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2008-04-14 12:00 . 2007-08-14 01:01   48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-14 12:00 . 2007-08-14 01:32   45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-27 20:47 . 2008-06-12 14:23   58880 c:\windows\system32\dllcache\msdtclog.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-04-14 12:00 . 2008-06-24 16:43   74240 c:\windows\system32\dllcache\mscms.dll
+ 2008-04-14 12:00 . 2009-09-04 21:03   58880 c:\windows\system32\dllcache\msasn1.dll
+ 2008-04-14 12:00 . 2007-08-14 01:44   40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2008-04-14 12:00 . 2009-06-24 11:18   92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2008-04-14 12:00 . 2010-03-11 12:38   27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2007-08-14 01:39   92672 c:\windows\system32\dllcache\inseng.dll
+ 2008-04-14 12:00 . 2007-08-14 01:36   36352 c:\windows\system32\dllcache\imgutil.dll
+ 2008-04-14 12:00 . 2007-08-14 01:39   55296 c:\windows\system32\dllcache\iesetup.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   44544 c:\windows\system32\dllcache\iernonce.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-27 20:48 . 2007-08-14 01:44   69120 c:\windows\system32\dllcache\iedw.exe
+ 2008-04-14 12:00 . 2010-03-10 13:18   70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-10-21 05:38   25088 c:\windows\system32\dllcache\httpapi.dll
+ 2007-08-27 20:48 . 2007-08-14 01:18   60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-04-14 12:00 . 2009-10-15 16:28   81920 c:\windows\system32\dllcache\fontsub.dll
+ 2007-08-27 20:48 . 2007-08-14 01:54   33792 c:\windows\system32\dllcache\custsat.dll
+ 2008-04-14 12:00 . 2009-12-14 07:08   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   17408 c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 12:00 . 2009-08-07 02:24   96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01   86016 c:\windows\system32\dllcache\cabview.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   84992 c:\windows\system32\dllcache\avifil32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07   84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 12:00 . 2009-07-17 19:01   58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 12:00 . 2007-08-14 01:39   71680 c:\windows\system32\dllcache\admparse.dll
+ 2008-04-14 12:00 . 2009-12-14 07:08   33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 12:00 . 2009-08-07 02:24   96480 c:\windows\system32\cdm.dll
+ 2008-04-14 12:00 . 2010-01-13 14:01   86016 c:\windows\system32\cabview.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07   84992 c:\windows\system32\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   84992 c:\windows\system32\avifil32.dll
+ 2008-04-14 12:00 . 2009-07-17 19:01   58880 c:\windows\system32\atl.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   58880 c:\windows\system32\atl.dll
+ 2008-04-14 12:00 . 2007-08-14 01:39   71680 c:\windows\system32\admparse.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   37888 c:\windows\ie7\url.dll
- 2009-12-14 18:55 . 2008-04-14 12:00   37888 c:\windows\ie7\url.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   39424 c:\windows\ie7\pngfilt.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   39424 c:\windows\ie7\pngfilt.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   96256 c:\windows\ie7\occache.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   96256 c:\windows\ie7\occache.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   56832 c:\windows\ie7\mshtmler.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   56832 c:\windows\ie7\mshtmler.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   29184 c:\windows\ie7\mshta.exe
+ 2010-05-25 18:03 . 2008-04-14 12:00   29184 c:\windows\ie7\mshta.exe
- 2010-01-16 16:38 . 2008-04-14 12:00   22016 c:\windows\ie7\licmgr10.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   22016 c:\windows\ie7\licmgr10.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   15872 c:\windows\ie7\jsproxy.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   15872 c:\windows\ie7\jsproxy.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   96256 c:\windows\ie7\inseng.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   96256 c:\windows\ie7\inseng.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   35840 c:\windows\ie7\imgutil.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   35840 c:\windows\ie7\imgutil.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   93184 c:\windows\ie7\iexplore.exe
+ 2010-05-25 18:03 . 2008-04-14 12:00   93184 c:\windows\ie7\iexplore.exe
+ 2010-05-25 18:03 . 2008-04-14 12:00   62976 c:\windows\ie7\iesetup.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   62976 c:\windows\ie7\iesetup.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   48640 c:\windows\ie7\iernonce.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   48640 c:\windows\ie7\iernonce.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   18432 c:\windows\ie7\iedw.exe
+ 2010-05-25 18:03 . 2008-04-14 12:00   18432 c:\windows\ie7\iedw.exe
+ 2010-05-25 18:03 . 2008-04-14 12:00   34304 c:\windows\ie7\ie4uinit.exe
- 2010-01-16 16:38 . 2008-04-14 12:00   34304 c:\windows\ie7\ie4uinit.exe
- 2010-01-16 16:38 . 2008-04-14 12:00   38912 c:\windows\ie7\hmmapi.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   38912 c:\windows\ie7\hmmapi.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   55808 c:\windows\ie7\extmgr.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   55808 c:\windows\ie7\extmgr.dll
+ 2010-05-25 18:03 . 2004-08-04 12:00   28672 c:\windows\ie7\custsat.dll
- 2010-01-16 16:38 . 2004-08-04 12:00   28672 c:\windows\ie7\custsat.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   99840 c:\windows\ie7\advpack.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   99840 c:\windows\ie7\advpack.dll
- 2010-01-16 16:38 . 2008-04-14 12:00   61440 c:\windows\ie7\admparse.dll
+ 2010-05-25 18:03 . 2008-04-14 12:00   61440 c:\windows\ie7\admparse.dll
+ 2010-05-25 21:20 . 2009-11-27 17:11   17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2010-05-25 21:13 . 2009-11-27 16:07   48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\wmvdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\wmvdmod.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\wmsdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\wmsdmod.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07   8704 c:\windows\system32\tsbyuv.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\MPG4DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\MP4SDMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\MP43DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   7168 c:\windows\system32\dllcache\asferror.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   7168 c:\windows\system32\asferror.dll
+ 2010-05-25 21:13 . 2009-11-27 16:07   8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2007-08-27 20:48 . 2009-08-07 02:24   327896 c:\windows\system32\wucltui.dll
+ 2007-08-27 20:48 . 2009-08-07 02:23   575704 c:\windows\system32\wuapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   155648 c:\windows\system32\wscript.exe
+ 2008-04-14 12:00 . 2008-05-08 11:24   155648 c:\windows\system32\wscript.exe
+ 2008-04-14 12:00 . 2009-04-02 06:02   604160 c:\windows\system32\wmspdmod.dll
+ 2008-04-14 12:00 . 2009-07-14 06:43   286208 c:\windows\system32\wmpdxm.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   242688 c:\windows\system32\wmpasf.dll
+ 2008-04-14 12:00 . 2008-06-18 12:03   938496 c:\windows\system32\WMNetmgr.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   157184 c:\windows\system32\wmidx.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   227328 c:\windows\system32\wmerror.dll
+ 2008-04-14 12:00 . 2007-10-28 00:40   222720 c:\windows\system32\wmasf.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   757248 c:\windows\system32\WMADMOD.dll
+ 2008-04-14 12:00 . 2009-06-10 06:14   132096 c:\windows\system32\wkssvc.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 12:00 . 2009-12-24 06:59   177664 c:\windows\system32\wintrust.dll
+ 2008-04-14 12:00 . 2009-08-25 09:17   354816 c:\windows\system32\winhttp.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   233472 c:\windows\system32\webcheck.dll
+ 2007-08-27 20:46 . 2009-02-06 10:10   227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2007-08-27 20:46 . 2009-02-09 12:10   453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2007-08-27 20:46 . 2009-02-09 12:10   473600 c:\windows\system32\wbem\fastprox.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2009-10-15 16:28   119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 12:00 . 2009-08-26 08:00   247326 c:\windows\system32\strmdll.dll
+ 2010-05-26 18:27 . 2010-03-17 15:51   160008 c:\windows\system32\spool\drivers\w32x86\3\lmdiui8.dll
+ 2010-05-26 18:27 . 2010-03-17 15:51   984336 c:\windows\system32\spool\drivers\w32x86\3\lmdigraph8.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:00 . 2009-12-08 09:23   474112 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:00 . 2009-02-06 11:11   110592 c:\windows\system32\services.exe
+ 2008-04-14 12:00 . 2008-05-09 10:53   172032 c:\windows\system32\scrrun.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   172032 c:\windows\system32\scrrun.dll
+ 2008-04-14 12:00 . 2008-05-09 10:53   180224 c:\windows\system32\scrobj.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   180224 c:\windows\system32\scrobj.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   147456 c:\windows\system32\schannel.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10   401408 c:\windows\system32\rpcss.dll
+ 2008-04-14 12:00 . 2009-04-15 14:51   585216 c:\windows\system32\rpcrt4.dll
+ 2008-04-14 12:00 . 2009-10-12 13:38   149504 c:\windows\system32\rastls.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   211456 c:\windows\system32\qasf.dll
+ 2004-08-04 12:00 . 2010-05-26 20:54   505758 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2008-04-14 12:00   284160 c:\windows\system32\pdh.dll
+ 2008-04-14 12:00 . 2009-03-06 14:22   284160 c:\windows\system32\pdh.dll
+ 2008-04-14 12:00 . 2009-10-08 21:57   220160 c:\windows\system32\oleacc.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   102912 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   270336 c:\windows\system32\oakley.dll
+ 2008-04-14 12:00 . 2009-10-13 10:30   270336 c:\windows\system32\oakley.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10   714752 c:\windows\system32\ntdll.dll
+ 2008-04-14 12:00 . 2008-10-15 16:34   337408 c:\windows\system32\netapi32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   337408 c:\windows\system32\netapi32.dll
+ 2008-04-14 12:00 . 2008-06-20 17:46   245248 c:\windows\system32\mswsock.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   245248 c:\windows\system32\mswsock.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   321536 c:\windows\system32\mswmdm.dll
+ 2008-04-14 12:00 . 2009-08-05 09:01   204800 c:\windows\system32\mswebdvd.dll
+ 2008-04-14 12:00 . 2009-09-11 14:18   136192 c:\windows\system32\msv1_0.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   671232 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2006-12-04 23:21   414720 c:\windows\system32\msscp.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   193024 c:\windows\system32\msrating.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   175616 c:\windows\system32\mspmsp.dll
+ 2007-08-27 20:47 . 2009-12-16 18:43   343040 c:\windows\system32\mspaint.exe
- 2007-08-27 20:47 . 2008-04-14 12:00   343040 c:\windows\system32\mspaint.exe
+ 2008-04-14 12:00 . 2006-10-19 04:47   179712 c:\windows\system32\msnetobj.dll
+ 2008-04-14 12:00 . 2007-08-14 01:54   156160 c:\windows\system32\msls31.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   477696 c:\windows\system32\mshtmled.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   161792 c:\windows\system32\msdtcuiu.dll
+ 2007-08-27 20:47 . 2008-06-12 14:23   161792 c:\windows\system32\msdtcuiu.dll
+ 2007-08-27 20:47 . 2008-06-12 14:23   956928 c:\windows\system32\msdtctm.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   956928 c:\windows\system32\msdtctm.dll
+ 2007-08-27 20:47 . 2008-06-13 02:53   428032 c:\windows\system32\msdtcprx.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   730112 c:\windows\system32\lsasrv.dll
+ 2008-04-14 12:00 . 2008-06-18 08:09   100864 c:\windows\system32\logagent.exe
+ 2008-04-14 12:00 . 2009-05-07 15:32   345600 c:\windows\system32\localspl.dll
+ 2008-04-14 12:00 . 2009-03-21 14:06   989696 c:\windows\system32\kernel32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   989696 c:\windows\system32\kernel32.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   301568 c:\windows\system32\kerberos.dll
+ 2008-04-14 12:00 . 2009-08-13 15:16   512000 c:\windows\system32\jscript.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   512000 c:\windows\system32\jscript.dll
+ 2010-05-27 00:13 . 2010-05-27 00:13   153376 c:\windows\system32\javaws.exe
+ 2010-05-27 00:13 . 2010-05-27 00:13   145184 c:\windows\system32\javaw.exe
+ 2010-05-27 00:13 . 2010-05-27 00:13   145184 c:\windows\system32\java.exe
+ 2007-08-27 20:48 . 2010-01-29 15:01   691712 c:\windows\system32\inetcomm.dll
- 2007-08-27 20:48 . 2008-04-14 12:00   691712 c:\windows\system32\inetcomm.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   192512 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   385024 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-23 05:18   161792 c:\windows\system32\ieakui.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   230400 c:\windows\system32\ieaksie.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   153088 c:\windows\system32\ieakeng.dll
+ 2008-04-14 12:00 . 2008-10-23 12:36   286720 c:\windows\system32\gdi32.dll
- 2007-08-27 14:41 . 2010-05-25 11:17   276560 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-27 14:41 . 2010-05-26 16:13   276560 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 12:00 . 2010-03-11 12:38   133120 c:\windows\system32\extmgr.dll
+ 2008-04-14 12:00 . 2008-07-07 20:26   253952 c:\windows\system32\es.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   214528 c:\windows\system32\dxtrans.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   347136 c:\windows\system32\dxtmsft.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   991744 c:\windows\system32\drmv2clt.dll
+ 2008-04-14 12:00 . 2010-02-11 12:02   226880 c:\windows\system32\drivers\tcpip6.sys
+ 2008-04-14 12:00 . 2008-06-20 11:51   361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-04-14 12:00 . 2009-12-31 16:50   353792 c:\windows\system32\drivers\srv.sys
+ 2008-04-14 12:00 . 2008-05-08 14:02   203136 c:\windows\system32\drivers\rmcast.sys
+ 2008-04-14 12:00 . 2010-02-24 13:11   455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-14 12:00 . 2009-10-20 16:20   265728 c:\windows\system32\drivers\http.sys
+ 2008-04-14 12:00 . 2008-06-13 11:05   272128 c:\windows\system32\drivers\bthport.sys
+ 2008-04-14 12:00 . 2008-08-14 10:04   138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 12:00 . 2008-06-20 17:46   147968 c:\windows\system32\dnsapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   147968 c:\windows\system32\dnsapi.dll
+ 2007-08-27 20:48 . 2009-08-07 02:24   327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-08-27 20:48 . 2009-08-07 02:23   575704 c:\windows\system32\dllcache\wuapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   155648 c:\windows\system32\dllcache\wscript.exe
+ 2008-04-14 12:00 . 2008-05-08 11:24   155648 c:\windows\system32\dllcache\wscript.exe
+ 2007-08-27 20:47 . 2008-04-21 12:08   215552 c:\windows\system32\dllcache\wordpad.exe
+ 2008-04-14 12:00 . 2009-04-02 06:02   604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2008-04-14 12:00 . 2009-07-14 06:43   286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2008-04-14 12:00 . 2008-06-18 12:03   938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2007-08-27 20:46 . 2009-02-06 10:10   227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2007-08-27 20:46 . 2009-02-09 12:10   453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   157184 c:\windows\system32\dllcache\wmidx.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   227328 c:\windows\system32\dllcache\wmerror.dll
+ 2008-04-14 12:00 . 2007-10-28 00:40   222720 c:\windows\system32\dllcache\wmasf.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2008-04-14 12:00 . 2009-06-10 06:14   132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-14 12:00 . 2009-12-24 06:59   177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2009-08-25 09:17   354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-27 20:48 . 2008-05-27 17:23   765952 c:\windows\system32\dllcache\vgx.dll
+ 2008-04-14 12:00 . 2010-03-09 11:09   430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 12:00 . 2007-06-27 05:10   317440 c:\windows\system32\dllcache\unregmp2.exe
- 2007-08-27 20:48 . 2008-04-14 12:00   153088 c:\windows\system32\dllcache\triedit.dll
+ 2007-08-27 20:48 . 2009-06-21 21:44   153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-04-14 12:00 . 2010-02-11 12:02   226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 12:00 . 2008-06-20 11:51   361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-04-14 12:00 . 2009-10-15 16:28   119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 12:00 . 2009-08-26 08:00   247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-04-14 12:00 . 2009-12-31 16:50   353792 c:\windows\system32\dllcache\srv.sys
+ 2008-04-14 12:00 . 2009-12-08 09:23   474112 c:\windows\system32\dllcache\shlwapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-04-14 12:00 . 2009-02-06 11:11   110592 c:\windows\system32\dllcache\services.exe
+ 2008-04-14 12:00 . 2008-05-09 10:53   172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-04-14 12:00 . 2008-05-09 10:53   180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   147456 c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10   401408 c:\windows\system32\dllcache\rpcss.dll
+ 2008-04-14 12:00 . 2009-04-15 14:51   585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-14 12:00 . 2008-05-08 14:02   203136 c:\windows\system32\dllcache\rmcast.sys
+ 2008-04-14 12:00 . 2009-10-12 13:38   149504 c:\windows\system32\dllcache\rastls.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   211456 c:\windows\system32\dllcache\qasf.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 12:00 . 2009-03-06 14:22   284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 12:00 . 2009-10-08 21:57   220160 c:\windows\system32\dllcache\oleacc.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   102912 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2009-10-13 10:30   270336 c:\windows\system32\dllcache\oakley.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10   714752 c:\windows\system32\dllcache\ntdll.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   337408 c:\windows\system32\dllcache\netapi32.dll
+ 2008-04-14 12:00 . 2008-10-15 16:34   337408 c:\windows\system32\dllcache\netapi32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 12:00 . 2008-06-20 17:46   245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2008-04-14 12:00 . 2009-08-05 09:01   204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2008-04-14 12:00 . 2009-09-11 14:18   136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   671232 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2006-12-04 23:21   414720 c:\windows\system32\dllcache\msscp.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   193024 c:\windows\system32\dllcache\msrating.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   175616 c:\windows\system32\dllcache\mspmsp.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   343040 c:\windows\system32\dllcache\mspaint.exe
+ 2007-08-27 20:47 . 2009-12-16 18:43   343040 c:\windows\system32\dllcache\mspaint.exe
+ 2008-04-14 12:00 . 2006-10-19 04:47   179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2008-04-14 12:00 . 2007-08-14 01:54   156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-27 20:47 . 2008-06-12 14:23   161792 c:\windows\system32\dllcache\msdtcuiu.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   161792 c:\windows\system32\dllcache\msdtcuiu.dll
- 2007-08-27 20:47 . 2008-04-14 12:00   956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2007-08-27 20:47 . 2008-06-12 14:23   956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2007-08-27 20:47 . 2008-06-13 02:53   428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-08-27 20:48 . 2008-05-01 14:33   331776 c:\windows\system32\dllcache\msadce.dll
- 2007-08-27 20:48 . 2008-04-14 12:00   331776 c:\windows\system32\dllcache\msadce.dll
+ 2007-08-27 20:48 . 2006-10-19 04:47   243712 c:\windows\system32\dllcache\mpvis.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-14 12:00 . 2008-06-18 08:09   100864 c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 12:00 . 2009-05-07 15:32   345600 c:\windows\system32\dllcache\localspl.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-04-14 12:00 . 2009-03-21 14:06   989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-04-14 12:00 . 2009-06-25 08:25   301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-14 12:00 . 2009-08-13 15:16   512000 c:\windows\system32\dllcache\jscript.dll
- 2007-08-27 20:48 . 2008-04-14 12:00   691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-08-27 20:48 . 2010-01-29 15:01   691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-08-27 20:48 . 2010-02-23 05:20   634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-14 12:00 . 2010-03-11 12:38   192512 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-23 05:18   161792 c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-14 12:00 . 2008-10-23 12:36   286720 c:\windows\system32\dllcache\gdi32.dll
+ 2007-08-27 20:46 . 2009-02-09 12:10   473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-04-14 12:00 . 2008-07-07 20:26   253952 c:\windows\system32\dllcache\es.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2008-04-14 12:00 . 2008-06-20 17:46   147968 c:\windows\system32\dllcache\dnsapi.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-04-14 12:00 . 2008-05-09 08:45   135168 c:\windows\system32\dllcache\cscript.exe
+ 2008-04-14 12:00 . 2006-10-19 04:47   229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   542720 c:\windows\system32\dllcache\blackbox.dll
+ 2008-04-14 12:00 . 2008-08-14 10:04   138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-14 12:00 . 2010-03-11 12:38   124928 c:\windows\system32\dllcache\advpack.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   617472 c:\windows\system32\dllcache\advapi32.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10   617472 c:\windows\system32\dllcache\advapi32.dll
+ 2008-04-14 12:00 . 2009-11-21 15:51   471552 c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 12:00 . 2010-02-12 04:33   100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2008-04-14 12:00 . 2008-05-09 08:45   135168 c:\windows\system32\cscript.exe
+ 2008-04-14 12:00 . 2006-10-19 04:47   229376 c:\windows\system32\cewmdm.dll
+ 2008-04-14 12:00 . 2006-10-19 04:47   542720 c:\windows\system32\blackbox.dll
+ 2008-04-14 12:00 . 2010-03-11 12:38   124928 c:\windows\system32\advpack.dll
- 2008-04-14 12:00 . 2008-04-14 12:00   617472 c:\windows\system32\advapi32.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10   617472 c:\windows\system32\advapi32.dll
+ 2008-04-14 12:00 . 2010-02-12 04:33   100864 c:\windows\system32\6to4svc.dll
+ 2010-05-27 00:13 . 2010-05-27 00:13   180224 c:\windows\Installer\b1f912.msi
+ 2010-05-27 00:13 . 2010-05-27 00:13   576000 c:\windows\Installer\b1f90d.msi
+ 2008-04-14 12:00 . 2007-06-27 05:10   317440 c:\windows\inf\unregmp2.exe
+ 2010-05-25 18:03 . 2008-04-14 12:00   666112 c:\windows\ie7\wininet.

Computer Hope Forum

News:

Author Topic: Alureon.H rootkit virus TermDD (Read 39849 times)

ishan

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

SuperDave

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

SuperDave

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

SuperDave

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

SuperDave

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD

SuperDave

Re: Alureon.H rootkit virus TermDD

ishan

Re: Alureon.H rootkit virus TermDD