Possible Virus. (TR/Crypt.TKM....)

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Possible Virus. (TR/Crypt.TKM....)29th October 2010, 8:43 am

I have had some issues with a virus I believe well I thought I was fixing it turns out I am not good with computers. I have some how messed up something important and now my firefox will not work. It says that it is configured to a proxy or something like that and therefore says it is not compatable or something. I have removed my firefox but really want to get it back but don't know how to fix the problem. I think that a virus is to blame but not sure. I have Avira AntiVirus Personal downloaded and running on my pc as well as Online armor and Malwarebytes. Please help I need my pc to be completely clean and in running fashion just not sure how to do this. Over the past few days it has slowed down and all that so I don't know what the deal is. Please Please Please help me......

Re: Possible Virus. (TR/Crypt.TKM....)29th October 2010, 9:09 am

Sorry I placed it in the wrong spot.

Re: Possible Virus. (TR/Crypt.TKM....)29th October 2010, 4:50 pm

Hi,

Welcome to GeekPolice.net!

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:38 pm

OTL logfile created on: 10/31/2010 4:20:35 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Cattie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 94.76 Gb Free Space | 63.61% Space Free | Partition Type: NTFS

Computer Name: CLBPC | User Name: Cattie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 16:18:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cattie\Desktop\OTL.exe
PRC - [2009/12/05 08:53:40 | 003,042,504 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2009/12/05 08:53:38 | 006,622,920 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 12:21:18 | 000,156,160 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:38 pm

========== Modules (SafeList) ==========

MOD - [2010/10/31 16:18:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cattie\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/05 08:53:38 | 000,941,256 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 19:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\VentSrv\ventrilo_svc.exe -- (Ventrilo)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Cattie\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/02/18 06:33:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/23 16:35:21 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/06 21:41:36 | 006,811,904 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/06 21:29:14 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/06 21:29:08 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/06 21:25:40 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/23 10:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 12:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:38 pm

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/04/22 11:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cattie\Application Data\Mozilla\Extensions
[2010/08/23 10:58:21 | 000,001,943 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober21872000.xml
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober426181186.gif
[2010/05/10 18:01:07 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober426181186.src

O1 HOSTS File: ([2010/07/10 01:12:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe ()
O4 - Startup: C:\Documents and Settings\Cattie\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cattie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cattie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:39 pm

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (15213259493736448)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 16:18:47 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cattie\Desktop\OTL.exe
[2010/10/29 03:26:23 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/29 03:26:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/29 02:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/10/29 02:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/10/29 02:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/10/29 02:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/29 02:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/10/29 02:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/10/29 02:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010/10/29 02:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/10/29 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/29 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/29 02:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/29 02:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\Application Data\MSNInstaller
[2010/10/24 03:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\Local Settings\Application Data\ATTYToolbar
[2010/10/24 03:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2010/10/24 03:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/22 20:56:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 16:21:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
[2010/10/31 16:18:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cattie\Desktop\OTL.exe
[2010/10/31 12:15:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{96B2581F-E1FF-4224-B9F2-AB3E31D00B96}.job
[2010/10/30 09:22:07 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2096645506-828190138-1039861506-1008.job
[2010/10/30 09:21:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/30 09:21:54 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 09:21:54 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/30 08:40:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/29 08:10:14 | 000,466,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/29 08:10:14 | 000,081,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 06:03:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet D1400 series.job
[2010/10/29 02:55:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/29 02:09:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2096645506-828190138-1039861506-1008.job
[2010/10/24 16:25:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/15 15:19:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cattie\Start Menu\Programs\Startup\CurseClientStartup.ccip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:39 pm

========== Files Created - No Company Name ==========

[2010/10/29 02:55:47 | 2078,789,632 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/15 15:19:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cattie\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/24 10:20:12 | 000,384,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 19:53:59 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\Poladroid prefs.plist
[2010/05/12 21:06:10 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/10 17:20:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\wklnhst.dat
[2010/03/09 12:58:01 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Cattie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/27 23:44:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/08/09 04:11:24 | 000,010,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xonopeb.ban
[2009/08/09 04:11:23 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agijudo.dat
[2009/08/09 04:11:23 | 000,013,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tumudyh.lib
[2009/06/09 10:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2009/04/09 01:14:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/12 14:20:01 | 000,008,553 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/23 16:39:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/23 16:03:01 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/23 16:03:01 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/23 16:02:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/23 16:02:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/23 16:02:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/23 16:01:22 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========

< >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2004/08/04 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 05:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 05:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 05:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 05:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 13:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 19:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 19:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 19:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 19:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 19:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 19:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 19:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 19:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 19:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 19:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 19:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 19:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 19:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 19:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 19:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/10/21 05:39:33 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/04 11:39:14 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/02/18 04:49:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/10 01:14:49 | 000,878,954 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/23 16:06:40 | 000,007,097 | RH-- | M] () -- C:\dell.sdr
[2010/10/30 09:21:54 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/07 13:11:43 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/04/23 16:36:12 | 000,001,211 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/14 16:03:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/30 09:21:53 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/09/26 17:41:52 | 000,000,204 | ---- | M] () -- C:\Plugins
[2010/07/19 18:03:30 | 000,001,736 | ---- | M] () -- C:\sti.log
[2008/04/23 16:36:19 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %PROGRAMFILES%\*. >
[2010/01/15 12:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire
[2009/04/09 00:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/18 07:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/08/23 15:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\att games
[2010/02/18 06:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/10/27 18:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2010/01/08 23:52:21 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2010/10/29 02:23:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 13:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/04/23 16:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/03/24 12:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\Crystalize
[2008/04/23 16:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/10/29 01:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/04/23 16:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/10/29 02:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/01/15 17:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/10/29 02:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/03/24 12:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\GameMill Entertainment
[2010/10/29 02:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/25 07:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/10/29 02:51:56 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/29 08:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/29 02:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/24 10:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Jewels of the Nile
[2010/05/01 10:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/14 16:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2004/08/10 13:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/04/23 16:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/29 08:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/06/25 13:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/10/29 08:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/29 03:11:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/15 03:07:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/29 02:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 13:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/04/23 16:22:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/10/10 19:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\myapp
[2010/01/14 16:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/04/23 16:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/05/16 20:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/10/29 02:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/01/12 00:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\Nova Development
[2010/10/29 02:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2004/08/10 13:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 08:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/10/10 17:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/01/08 23:23:26 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect World Entertainment
[2008/04/23 16:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/10/29 02:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/10/29 02:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\real(2)
[2009/08/15 03:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/23 16:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/03/24 12:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\SBC Yahoo!
[2010/06/14 04:33:55 | 000,000,000 | ---D | M] -- C:\Program Files\SecondLifeViewer2
[2010/01/14 19:53:19 | 000,000,000 | ---D | M] -- C:\Program Files\Selectsoft
[2010/02/05 13:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2008/08/10 02:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/02/18 05:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\Tall Emu
[2009/10/10 19:51:58 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/06/14 02:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\TrueGames
[2010/01/25 07:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Turbo Tax Audit Support Center
[2004/08/10 13:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/29 02:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2008/04/23 16:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/10/21 16:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Vegas Slots Bonus
[2010/01/14 16:06:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/01/14 16:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 13:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/10/29 02:51:38 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2010/10/29 02:50:41 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2010/07/19 19:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft Public Test
[2004/08/10 13:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/10/24 03:46:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2004/08/10 12:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Cattie\Application Data\desktop.ini
[2010/05/31 19:57:19 | 000,000,507 | ---- | M] () -- C:\Documents and Settings\Cattie\Application Data\Poladroid prefs.plist
[2010/03/10 17:20:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cattie\Application Data\wklnhst.dat

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:39 pm

< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2010/01/14 16:00:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-30 13:40:09

< >

< >

========== Files - Unicode (All) ==========
[2009/07/11 15:25:41 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/07/11 15:25:41 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7079A696
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F7ECF6A
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACBFC561
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B3C72
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:726A7C8D
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D49B96B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E01CFEDF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42CF153
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A42F4C
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48529647
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FBB88CF
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C67845
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60D0CFE2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA18B6B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A4217C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B5A665E
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF4B1DA9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8C4808B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03033228
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D82A9FCF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C885EDD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18AE7C5A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD171C9E
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41B89F80
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF2EA4BB
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10D19E3
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:445352A1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26140299
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9775780
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93CBF2B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81C88EA7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCB70953
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBA1A307
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C509008
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:017D5143
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21F28B00
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E100A8C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7C402E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B9E766D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7

< End of report >

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:41 pm

it only opened 1 notepad the otl.txt one

Re: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 11:09 pm

Hi,

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
[2009/08/09 04:11:24 | 000,010,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xonopeb.ban
[2009/08/09 04:11:23 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agijudo.dat
[2009/08/09 04:11:23 | 000,013,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tumudyh.lib

:commands
[emptytemp]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

============

Please download ComboFix Possible Virus. (TR/Crypt.TKM....) Combofix

Possible Virus. (TR/Crypt.TKM....) Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Possible Virus. (TR/Crypt.TKM....) Query_RC

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Possible Virus. (TR/Crypt.TKM....) RC_successful

Possible Virus. (TR/Crypt.TKM....) RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 12:52 am

OTL logfile created on: 11/1/2010 7:46:18 PM - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Cattie\Desktop\unused shit
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 94.85 Gb Free Space | 63.67% Space Free | Partition Type: NTFS

Computer Name: CLBPC | User Name: Cattie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 16:18:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cattie\Desktop\unused shit\OTL.exe
PRC - [2009/12/05 08:53:40 | 003,042,504 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2009/12/05 08:53:38 | 006,622,920 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 12:21:18 | 000,156,160 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe

========== Modules (SafeList) ==========

MOD - [2010/10/31 16:18:47 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cattie\Desktop\unused shit\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/05 08:53:38 | 000,941,256 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 19:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\VentSrv\ventrilo_svc.exe -- (Ventrilo)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Cattie\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/02/18 06:33:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/23 16:35:21 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/06 21:41:36 | 006,811,904 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/06 21:29:14 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/04/06 21:29:08 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/06 21:25:40 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/23 10:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 12:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2004/07/29 13:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 17:08:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 17:08:13 | 000,000,000 | ---D | M]

[2010/04/22 11:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cattie\Application Data\Mozilla\Extensions
[2010/10/31 17:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cattie\Application Data\Mozilla\Firefox\Profiles\ip2bm7id.default\extensions
[2010/10/31 17:08:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/23 10:58:21 | 000,001,943 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober21872000.xml
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober426181186.gif
[2010/05/10 18:01:07 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober426181186.src

O1 HOSTS File: ([2010/07/10 01:12:57 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Cattie\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cattie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cattie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 16:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Zappit
[2010/10/29 03:26:23 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/29 03:26:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/29 02:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/10/29 02:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/29 02:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/10/29 02:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/10/29 02:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2010/10/29 02:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/10/29 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/29 02:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/29 02:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/29 02:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\Application Data\MSNInstaller
[2010/10/24 03:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cattie\Local Settings\Application Data\ATTYToolbar
[2010/10/24 03:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2010/10/24 03:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/22 20:56:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

========== Files - Modified Within 30 Days ==========

[2010/11/01 19:46:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
[2010/11/01 19:40:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{96B2581F-E1FF-4224-B9F2-AB3E31D00B96}.job
[2010/11/01 16:50:24 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\System Cleanup by Zappit.job
[2010/11/01 06:03:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet D1400 series.job
[2010/10/31 21:51:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/31 17:08:15 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Cattie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/31 17:08:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/31 16:53:17 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2096645506-828190138-1039861506-1008.job
[2010/10/31 16:53:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 16:53:05 | 2078,789,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/31 16:48:18 | 000,001,530 | ---- | M] () -- C:\Documents and Settings\Cattie\Application Data\Microsoft\Internet Explorer\Quick Launch\Zappit!.lnk
[2010/10/31 16:48:18 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Cattie\Desktop\Zappit!.lnk
[2010/10/30 09:21:54 | 000,224,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/30 08:40:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/29 08:10:14 | 000,466,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/29 08:10:14 | 000,081,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 02:55:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/29 02:09:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2096645506-828190138-1039861506-1008.job
[2010/10/15 15:19:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cattie\Start Menu\Programs\Startup\CurseClientStartup.ccip

========== Files Created - No Company Name ==========

[2010/10/31 17:08:15 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/31 17:08:15 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/31 16:50:29 | 000,000,244 | ---- | C] () -- C:\WINDOWS\tasks\System Cleanup by Zappit.job
[2010/10/31 16:48:18 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\Microsoft\Internet Explorer\Quick Launch\Zappit!.lnk
[2010/10/31 16:48:18 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Cattie\Desktop\Zappit!.lnk
[2010/10/29 02:55:47 | 2078,789,632 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/15 15:19:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cattie\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/24 10:20:12 | 000,384,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 19:53:59 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\Poladroid prefs.plist
[2010/03/10 17:20:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cattie\Application Data\wklnhst.dat
[2010/03/09 12:58:01 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Cattie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/27 23:44:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/08/09 04:11:24 | 000,010,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xonopeb.ban
[2009/08/09 04:11:23 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agijudo.dat
[2009/08/09 04:11:23 | 000,013,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tumudyh.lib
[2009/06/09 10:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2009/04/09 01:14:06 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/12 14:20:01 | 000,008,553 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/23 16:39:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/23 16:03:01 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/23 16:03:01 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/23 16:02:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/23 16:02:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/23 16:02:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/23 16:01:22 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========

< :OTL >

< [2009/08/09 04:11:24 | 000,010,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xonopeb.ban >
Invalid Switch: 09 04:11:24 | 000,010,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xonopeb.ban

< [2009/08/09 04:11:23 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agijudo.dat >
Invalid Switch: 09 04:11:23 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agijudo.dat

< [2009/08/09 04:11:23 | 000,013,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tumudyh.lib >
Invalid Switch: 09 04:11:23 | 000,013,722 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tumudyh.lib

< >

< >

< >

< :commands >

< [emptytemp] >

========== Files - Unicode (All) ==========
[2009/07/11 15:25:41 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/07/11 15:25:41 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE524528
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7079A696
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F7ECF6A
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACBFC561
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902B3C72
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:726A7C8D
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0A3B1D
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D49B96B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F50F1555
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E01CFEDF
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE89FFE
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42CF153
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A42F4C
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48529647
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FBB88CF
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2085D07D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C67845
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60D0CFE2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CA18B6B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A4217C
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B5A665E
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF4B1DA9
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8C4808B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03033228
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D82A9FCF
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C885EDD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18AE7C5A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD171C9E
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41B89F80
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF2EA4BB
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10D19E3
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:445352A1
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26140299
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9775780
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93CBF2B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81C88EA7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCB70953
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBA1A307
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81B52FA6
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C509008
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:017D5143
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21F28B00
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E100A8C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7C402E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B9E766D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7

< End of report >

Re: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:14 am

ComboFix 10-11-01.01 - Cattie 11/01/2010 19:58:28.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1557 [GMT -5:00]
Running from: c:\documents and settings\Cattie\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Created from 2010-10-02 to 2010-11-02 )))))))))))))))))))))))))))))))
.

2010-11-02 00:53 . 2010-11-02 00:53 -------- d-----w- C:\commy21275c
2010-10-31 21:48 . 2010-10-31 21:48 -------- d-----w- c:\program files\Zappit
2010-10-29 08:26 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-29 08:26 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-29 07:54 . 2010-10-29 07:54 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-29 07:52 . 2010-10-29 07:52 -------- d-----w- c:\program files\Real
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\program files\NOS
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\program files\Oberon Media
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\program files\Java
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\program files\Common Files\Java
2010-10-29 07:45 . 2010-10-29 07:45 -------- d-----w- c:\program files\ESET
2010-10-29 07:24 . 2010-10-29 07:24 -------- d-----w- c:\documents and settings\Cattie\Application Data\MSNInstaller
2010-10-24 08:46 . 2010-10-26 02:02 -------- d-----w- c:\documents and settings\Cattie\Local Settings\Application Data\ATTYToolbar
2010-10-24 08:46 . 2010-10-29 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTYToolbar
2010-10-24 08:46 . 2010-10-29 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 17:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 17:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 17:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 17:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 22:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 17:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 17:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-07-10_06.13.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-23 21:22 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2008-04-23 21:22 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2004-08-10 17:51 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv(2).exe
+ 2004-08-10 17:51 . 2010-10-29 13:10 81774 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2004-08-10 17:51 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 17:51 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2004-08-10 17:51 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2009-07-11 16:57 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-11 16:57 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 91648 c:\windows\system32\dllcache\xactsrv.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 50688 c:\windows\system32\dllcache\wstdecod.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\wmiaprpl.dll
+ 2008-08-27 00:45 . 2004-08-04 03:29 25471 c:\windows\system32\dllcache\watv10nt.sys
+ 2008-08-27 00:45 . 2004-08-04 03:29 22271 c:\windows\system32\dllcache\watv06nt.sys
+ 2008-08-27 00:45 . 2004-08-04 03:29 11935 c:\windows\system32\dllcache\wadv11nt.sys
+ 2008-08-27 00:45 . 2004-08-04 03:29 11871 c:\windows\system32\dllcache\wadv09nt.sys
+ 2008-08-27 00:45 . 2004-08-04 03:29 11295 c:\windows\system32\dllcache\wadv08nt.sys
+ 2008-08-27 00:45 . 2004-08-04 03:29 11807 c:\windows\system32\dllcache\wadv07nt.sys
+ 2008-08-27 00:45 . 2008-04-13 18:43 14208 c:\windows\system32\dllcache\wacompen.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 15872 c:\windows\system32\dllcache\w3ssl.dll
+ 2004-08-10 18:24 . 2008-04-13 18:36 42240 c:\windows\system32\dllcache\viaagp.sys
+ 2008-08-27 00:45 . 2008-04-14 00:12 11325 c:\windows\system32\dllcache\vchnt5.dll
+ 2004-08-04 04:08 . 2008-04-13 18:45 20608 c:\windows\system32\dllcache\usbuhci.sys
+ 2008-08-27 00:56 . 2008-04-13 18:45 26368 c:\windows\system32\dllcache\usbstor.sys
+ 2008-07-12 19:16 . 2008-04-13 18:47 25856 c:\windows\system32\dllcache\usbprint.sys
+ 2004-08-04 04:08 . 2008-04-13 18:45 15872 c:\windows\system32\dllcache\usbintel.sys
+ 2008-07-07 18:11 . 2008-04-13 18:45 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2001-08-17 19:03 . 2008-04-13 18:45 25728 c:\windows\system32\dllcache\usbcamd2.sys
+ 2001-08-17 19:03 . 2008-04-13 18:45 25600 c:\windows\system32\dllcache\usbcamd.sys
+ 2008-08-27 00:45 . 2008-04-13 18:56 12800 c:\windows\system32\dllcache\usb8023x.sys
+ 2004-08-10 17:51 . 2008-04-13 18:56 12800 c:\windows\system32\dllcache\usb8023.sys
+ 2004-08-10 17:51 . 2008-04-13 18:32 66048 c:\windows\system32\dllcache\udfs.sys
+ 2008-08-27 00:45 . 2008-04-13 18:36 44672 c:\windows\system32\dllcache\uagp35.sys
+ 2004-08-04 04:03 . 2008-04-13 18:56 12288 c:\windows\system32\dllcache\tunmp.sys
+ 2004-08-10 18:01 . 2008-04-14 00:13 21896 c:\windows\system32\dllcache\tdtcp.sys
+ 2004-08-10 18:01 . 2008-04-14 00:13 12040 c:\windows\system32\dllcache\tdpipe.sys
+ 2004-08-10 17:51 . 2008-04-13 18:40 14976 c:\windows\system32\dllcache\tape.sys
+ 2010-07-08 14:21 . 2008-04-13 17:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2004-08-04 04:08 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-04 04:09 . 2008-04-13 18:46 25344 c:\windows\system32\dllcache\sonydcam.sys
+ 2008-08-27 00:44 . 2004-08-04 03:41 13240 c:\windows\system32\dllcache\slwdmsup.sys
+ 2008-08-27 00:44 . 2004-08-04 03:41 95424 c:\windows\system32\dllcache\slnthal.sys
+ 2004-08-10 18:22 . 2008-04-13 18:36 40960 c:\windows\system32\dllcache\sisagp.sys
+ 2004-08-04 03:59 . 2008-04-13 18:40 11008 c:\windows\system32\dllcache\sffp_sd.sys
+ 2004-08-04 03:59 . 2008-04-13 18:40 11904 c:\windows\system32\dllcache\sffdisk.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 31232 c:\windows\system32\dllcache\sethc.exe
+ 2004-08-04 03:59 . 2008-04-13 18:40 15744 c:\windows\system32\dllcache\serenum.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 54784 c:\windows\system32\dllcache\sendmail.dll
+ 2004-08-04 04:07 . 2008-04-13 18:36 79232 c:\windows\system32\dllcache\sdbus.sys
+ 2004-08-04 03:59 . 2008-04-13 18:40 96384 c:\windows\system32\dllcache\scsiport.sys
+ 2008-08-27 00:44 . 2008-04-13 18:56 30592 c:\windows\system32\dllcache\rndismpx.sys
+ 2004-08-10 17:51 . 2008-04-13 18:56 30592 c:\windows\system32\dllcache\rndismp.sys
+ 2008-08-27 00:44 . 2008-04-13 18:46 59136 c:\windows\system32\dllcache\rfcomm.sys
+ 2008-08-27 00:44 . 2004-08-04 03:41 13776 c:\windows\system32\dllcache\recagent.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 88576 c:\windows\system32\dllcache\rasauto.dll
+ 2004-08-10 17:51 . 2008-04-13 18:56 69120 c:\windows\system32\dllcache\psched.sys
+ 2004-08-04 03:59 . 2008-04-13 18:40 80128 c:\windows\system32\dllcache\parport.sys
+ 2004-08-04 03:59 . 2008-04-13 18:31 42752 c:\windows\system32\dllcache\p3.sys
+ 2004-08-10 17:51 . 2008-04-13 18:56 88320 c:\windows\system32\dllcache\nwlnkipx.sys
+ 2004-08-10 17:51 . 2008-04-13 18:53 40320 c:\windows\system32\dllcache\nmnt.sys
+ 2004-08-04 03:58 . 2008-04-13 18:51 61824 c:\windows\system32\dllcache\nic1394.sys
+ 2010-07-08 14:21 . 2008-04-13 17:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\narrator.exe
+ 2008-08-27 00:43 . 2008-04-13 18:43 12672 c:\windows\system32\dllcache\mutohpen.sys

Re: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:15 am

+ 2007-05-08 22:08 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll
- 2008-08-27 00:43 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 57344 c:\windows\system32\dllcache\msvcirt.dll
- 2004-08-10 17:51 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-10 17:51 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\msgsvc.dll
- 2008-07-26 13:30 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-07-26 13:30 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 04:07 . 2008-04-13 18:36 63744 c:\windows\system32\dllcache\mf.sys
+ 2004-08-10 17:51 . 2008-04-14 00:11 35328 c:\windows\system32\dllcache\mciqtz32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 72704 c:\windows\system32\dllcache\magnify.exe
+ 2004-08-10 17:51 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 17:57 . 2008-04-13 18:54 11264 c:\windows\system32\dllcache\irenum.sys
+ 2004-08-10 17:51 . 2008-04-13 18:57 20864 c:\windows\system32\dllcache\ipinip.sys
+ 2004-08-10 17:51 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\ip6fw.sys
+ 2004-08-04 03:59 . 2008-04-13 18:31 36352 c:\windows\system32\dllcache\intelppm.sys
+ 2004-08-10 18:02 . 2008-04-14 00:12 20480 c:\windows\system32\dllcache\inetwiz.exe
+ 2004-08-10 18:02 . 2008-04-13 16:22 48128 c:\windows\system32\dllcache\inetres.dll
+ 2004-08-10 17:51 . 2008-04-14 00:11 32768 c:\windows\system32\dllcache\inetmib1.dll
+ 2004-08-10 18:02 . 2008-04-14 00:11 49152 c:\windows\system32\dllcache\icwutil.dll
+ 2004-08-10 18:02 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\icwrmind.exe
+ 2004-08-10 18:02 . 2008-04-14 00:11 32768 c:\windows\system32\dllcache\icwdl.dll
+ 2004-08-10 18:02 . 2008-04-14 00:12 86016 c:\windows\system32\dllcache\icwconn2.exe
+ 2004-08-10 18:02 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\icwconn.dll
+ 2004-08-10 18:30 . 2008-04-13 18:41 18560 c:\windows\system32\dllcache\i2omp.sys
+ 2008-08-27 00:42 . 2008-04-13 18:45 19200 c:\windows\system32\dllcache\hidir.sys
+ 2008-08-27 00:42 . 2008-04-13 18:46 25600 c:\windows\system32\dllcache\hidbth.sys
+ 2008-08-27 00:42 . 2008-04-13 18:36 46464 c:\windows\system32\dllcache\gagp30kx.sys
+ 2004-08-04 03:59 . 2008-04-13 18:40 20480 c:\windows\system32\dllcache\flpydisk.sys
+ 2004-08-04 03:59 . 2008-04-13 18:40 27392 c:\windows\system32\dllcache\fdc.sys
+ 2004-08-10 17:51 . 2008-04-14 00:11 20480 c:\windows\system32\dllcache\encapi.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 55632 c:\windows\system32\dllcache\dwil1033.dll
+ 2004-08-10 17:50 . 2008-04-13 18:40 14208 c:\windows\system32\dllcache\diskdump.sys
+ 2004-08-04 03:59 . 2008-04-13 18:31 36736 c:\windows\system32\dllcache\crusoe.sys
+ 2004-08-10 17:50 . 2008-04-14 00:12 33280 c:\windows\system32\dllcache\clipsrv.exe
+ 2008-08-27 00:42 . 2008-04-14 00:11 15423 c:\windows\system32\dllcache\ch7xxnt5.dll
+ 2008-08-27 00:42 . 2008-04-13 18:46 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2008-08-27 00:42 . 2008-04-13 18:46 36480 c:\windows\system32\dllcache\bthprint.sys
+ 2008-08-27 00:42 . 2008-04-13 18:46 37888 c:\windows\system32\dllcache\bthmodem.sys
+ 2008-08-27 00:42 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2004-08-04 05:56 . 2008-04-14 00:11 20992 c:\windows\system32\dllcache\bthci.dll
+ 2004-08-10 17:50 . 2008-04-13 18:53 71552 c:\windows\system32\dllcache\bridge.sys
+ 2008-08-27 00:42 . 2008-04-14 00:11 17279 c:\windows\system32\dllcache\atv10nt5.dll
+ 2008-08-27 00:42 . 2008-04-14 00:11 14143 c:\windows\system32\dllcache\atv06nt5.dll
+ 2008-08-27 00:42 . 2008-04-14 00:11 25471 c:\windows\system32\dllcache\atv04nt5.dll
+ 2008-08-27 00:42 . 2008-04-14 00:11 11359 c:\windows\system32\dllcache\atv02nt5.dll
+ 2008-08-27 00:42 . 2008-04-14 00:11 21183 c:\windows\system32\dllcache\atv01nt5.dll
+ 2004-08-10 17:50 . 2008-04-13 18:51 55808 c:\windows\system32\dllcache\atmlane.sys
+ 2004-08-10 17:50 . 2008-04-13 18:51 59904 c:\windows\system32\dllcache\atmarpc.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 63488 c:\windows\system32\dllcache\atinxsxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 31744 c:\windows\system32\dllcache\atinxbxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 73216 c:\windows\system32\dllcache\atintuxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 13824 c:\windows\system32\dllcache\atinttxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 28672 c:\windows\system32\dllcache\atinsnxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 52224 c:\windows\system32\dllcache\atinraxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 14336 c:\windows\system32\dllcache\atinpdxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 13824 c:\windows\system32\dllcache\atinmdxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 57856 c:\windows\system32\dllcache\atinbtxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 34735 c:\windows\system32\dllcache\ati1xsxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 29455 c:\windows\system32\dllcache\ati1xbxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 36463 c:\windows\system32\dllcache\ati1tuxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 21343 c:\windows\system32\dllcache\ati1ttxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 26367 c:\windows\system32\dllcache\ati1snxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 63663 c:\windows\system32\dllcache\ati1rvxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 30671 c:\windows\system32\dllcache\ati1raxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 12047 c:\windows\system32\dllcache\ati1pdxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 11615 c:\windows\system32\dllcache\ati1mdxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 56623 c:\windows\system32\dllcache\ati1btxx.sys
+ 2004-08-10 17:50 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2004-08-04 03:58 . 2008-04-13 18:51 60800 c:\windows\system32\dllcache\arp1394.sys
+ 2004-08-04 03:59 . 2008-04-13 18:31 37760 c:\windows\system32\dllcache\amdk7.sys
+ 2004-08-04 03:59 . 2008-04-13 18:31 37376 c:\windows\system32\dllcache\amdk6.sys
+ 2004-08-10 18:16 . 2008-04-13 18:36 43008 c:\windows\system32\dllcache\amdagp.sys
+ 2004-08-10 18:16 . 2008-04-13 18:36 42752 c:\windows\system32\dllcache\alim1541.sys
+ 2004-08-10 18:22 . 2008-04-13 18:36 44928 c:\windows\system32\dllcache\agpcpq.sys
+ 2004-08-10 17:58 . 2008-04-13 18:36 42368 c:\windows\system32\dllcache\agp440.sys
+ 2010-09-22 14:43 . 2010-09-22 14:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-23 20:55 . 2010-09-23 20:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 08:17 . 2010-09-23 08:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 08:17 . 2010-09-23 08:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-06-10 13:18 . 2010-06-10 13:18 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-10-29 13:11 . 2010-10-29 13:11 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-04-23 21:30 . 2010-10-29 13:11 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
- 2008-04-23 21:30 . 2009-06-26 08:05 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2010-10-29 13:07 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-29 13:07 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-29 13:07 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e02e0e34\System.Drawing.Design.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_27d2786d\CustomMarshalers.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5ec9dec678303ebff0ef018edb5ec595\UIAutomationProvider.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-10-29 13:12 . 2010-10-29 13:12 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\de26af01222270c121788161496fcfe7\PresentationFontCache.ni.exe
+ 2010-10-29 13:11 . 2010-10-29 13:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c5adeedb70e6e052a6556c6ab9b6918\PresentationCFFRasterizer.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-10-29 13:16 . 2010-10-29 13:16 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-06-10 13:19 . 2010-06-10 13:19 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-01 11:13 . 2010-07-30 03:18 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-09-01 11:13 . 2009-10-08 03:17 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-09-01 11:13 . 2010-07-30 03:18 93696 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-07-22 23:20 . 2010-07-30 03:18 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2010-10-30 13:38 . 2008-04-14 00:11 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll
+ 2010-10-30 13:40 . 2008-04-14 00:12 57856 c:\windows\$NtUninstallKB2347290$\spoolsv.exe
+ 2010-10-29 13:01 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-10-29 13:01 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll
+ 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll
+ 2010-10-29 13:12 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll
+ 2010-10-29 13:12 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll
+ 2010-10-29 13:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll
+ 2010-10-29 13:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll
+ 2010-10-29 13:10 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll
+ 2010-10-29 08:07 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll
+ 2010-10-29 13:10 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2347290\update\spcustom.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2347290\spmsg.dll
+ 2010-08-17 13:19 . 2010-08-17 13:19 58880 c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll
+ 2010-10-29 13:12 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2259922\update\spcustom.dll
+ 2010-10-29 13:12 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2259922\spmsg.dll
+ 2010-07-20 15:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-20 15:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll

Re: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:15 am

+ 2010-10-30 13:38 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2141007\update\spcustom.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2141007\spmsg.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2121546\update\spcustom.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2121546\spmsg.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2004-08-10 18:01 . 2008-04-13 17:10 6656 c:\windows\system32\dllcache\wmiapres.dll
+ 2004-08-10 18:36 . 2008-04-13 18:40 5376 c:\windows\system32\dllcache\viaide.sys
+ 2008-08-27 00:44 . 2008-04-13 18:36 5888 c:\windows\system32\dllcache\smbali.sys
+ 2008-08-27 00:44 . 2008-04-14 00:12 3901 c:\windows\system32\dllcache\siint5.dll
+ 2004-08-10 17:51 . 2004-08-04 10:00 3584 c:\windows\system32\dllcache\riched32.dll
+ 2008-04-23 21:11 . 2008-04-13 18:39 4992 c:\windows\system32\dllcache\mspqm.sys
+ 2008-04-23 21:11 . 2008-04-13 18:39 5376 c:\windows\system32\dllcache\mspclock.sys
+ 2008-04-23 21:11 . 2008-04-13 18:39 7552 c:\windows\system32\dllcache\mskssrv.sys
+ 2004-08-10 17:51 . 2004-08-04 10:00 7168 c:\windows\system32\dllcache\mscat32.dll
+ 2004-08-10 17:58 . 2008-04-13 18:40 5504 c:\windows\system32\dllcache\intelide.sys
+ 2004-08-04 05:56 . 2008-04-14 00:11 7168 c:\windows\system32\dllcache\hccoin.dll
+ 2004-08-10 17:50 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\cisvc.exe
+ 2004-08-10 17:57 . 2008-04-14 00:11 8704 c:\windows\system32\dllcache\batt.dll
+ 2008-08-27 00:41 . 2008-04-14 00:11 3775 c:\windows\system32\dllcache\adv11nt5.dll
+ 2008-08-27 00:41 . 2008-04-14 00:11 3711 c:\windows\system32\dllcache\adv09nt5.dll
+ 2008-08-27 00:41 . 2008-04-14 00:11 3135 c:\windows\system32\dllcache\adv08nt5.dll
+ 2008-08-27 00:41 . 2008-04-14 00:11 3647 c:\windows\system32\dllcache\adv07nt5.dll
+ 2008-08-27 00:41 . 2008-04-14 00:11 3615 c:\windows\system32\dllcache\adv05nt5.dll
+ 2008-08-27 00:41 . 2008-04-14 00:11 3967 c:\windows\system32\dllcache\adv02nt5.dll
+ 2008-08-27 00:41 . 2008-04-14 00:11 4255 c:\windows\system32\dllcache\adv01nt5.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-24 13:03 . 2010-06-24 13:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
+ 2004-08-10 17:51 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2004-08-10 17:51 . 2010-05-06 10:41 916480 c:\windows\system32\wininet(4).dll
+ 2004-08-10 17:51 . 2010-06-24 12:22 916480 c:\windows\system32\wininet(3).dll
+ 2004-08-10 17:51 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-10 17:51 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2004-08-10 17:51 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed(2).dll
+ 2004-08-10 17:51 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2004-08-10 17:51 . 2010-10-29 13:10 466326 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 23:54 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
- 2004-08-10 17:51 . 2008-04-14 00:11 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-08-10 17:51 . 2010-04-05 16:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-07-11 12:04 . 2010-07-11 12:04 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2004-08-10 18:02 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 17:51 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-10 17:51 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-10 17:57 . 2010-06-10 16:58 224024 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 17:57 . 2010-10-30 14:21 224024 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-23 21:19 . 2008-04-13 17:39 689152 c:\windows\system32\dllcache\xpsp3res.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 129024 c:\windows\system32\dllcache\xmlprov.dll
+ 2009-04-16 22:42 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-10 18:02 . 2008-04-14 00:12 402432 c:\windows\system32\dllcache\wmm2filt.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 144896 c:\windows\system32\dllcache\wmiprov.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 126464 c:\windows\system32\dllcache\wmiapsrv.exe
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
- 2008-04-23 21:20 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-23 21:20 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 289792 c:\windows\system32\dllcache\vssvc.exe
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-08-27 00:45 . 2008-04-13 18:46 121984 c:\windows\system32\dllcache\usbvideo.sys
+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-14 23:47 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2008-08-27 00:44 . 2004-08-04 03:41 404990 c:\windows\system32\dllcache\slntamr.sys
+ 2008-08-27 00:44 . 2004-08-04 03:41 129535 c:\windows\system32\dllcache\slnt7554.sys
+ 2004-08-10 18:01 . 2008-04-14 00:12 141312 c:\windows\system32\dllcache\sessmgr.exe
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2008-08-27 00:44 . 2004-08-04 03:29 166912 c:\windows\system32\dllcache\s3gnbm.sys
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-10 18:01 . 2008-04-14 00:13 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2004-08-10 18:01 . 2008-04-13 18:32 196224 c:\windows\system32\dllcache\rdpdr.sys
+ 2004-08-10 17:51 . 2008-04-13 17:21 733696 c:\windows\system32\dllcache\qedwipes.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 562176 c:\windows\system32\dllcache\qedit.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 279040 c:\windows\system32\dllcache\qdv.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 192512 c:\windows\system32\dllcache\qcap.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 237568 c:\windows\system32\dllcache\qasf.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 237056 c:\windows\system32\dllcache\provthrd.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 560640 c:\windows\system32\dllcache\printui.dll
+ 2004-08-04 04:07 . 2008-04-13 18:36 120192 c:\windows\system32\dllcache\pcmcia.sys
+ 2007-08-13 23:44 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 23:44 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-08-27 00:44 . 2004-08-04 03:41 180360 c:\windows\system32\dllcache\ntmtlfax.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 435200 c:\windows\system32\dllcache\ntmssvc.dll
+ 2004-08-10 18:01 . 2008-04-14 00:12 212992 c:\windows\system32\dllcache\ntevt.dll
+ 2008-08-27 00:43 . 2004-08-04 03:29 452736 c:\windows\system32\dllcache\mtxparhm.sys
+ 2008-08-27 00:43 . 2004-08-04 03:41 126686 c:\windows\system32\dllcache\mtlmnt5.sys
+ 2004-08-10 17:51 . 2008-04-14 00:12 506368 c:\windows\system32\dllcache\msxml.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-07-26 13:30 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2004-08-10 17:51 . 2008-04-14 00:11 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2004-08-10 17:51 . 2010-04-05 16:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2008-04-23 21:20 . 2010-09-18 17:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-10 17:51 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2004-08-10 17:51 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2004-08-10 17:51 . 2008-04-14 10:41 423936 c:\windows\system32\dllcache\licdll.dll
+ 2008-08-14 18:41 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-07-11 16:57 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-07-11 16:57 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-09 21:56 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-09 21:56 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-10 17:51 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-10 17:51 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 17:51 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 18:02 . 2008-04-14 00:11 172032 c:\windows\system32\dllcache\icwhelp.dll
+ 2008-08-27 00:42 . 2004-08-04 03:41 685056 c:\windows\system32\dllcache\hsfcxts2.sys
+ 2008-08-27 00:42 . 2004-08-04 03:41 220032 c:\windows\system32\dllcache\hsfbs2s2.sys
+ 2004-08-10 18:02 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe
- 2004-08-10 18:02 . 2008-04-14 00:12 744448 c:\windows\system32\dllcache\helpsvc.exe
+ 2004-08-10 17:51 . 2008-04-14 00:11 122880 c:\windows\system32\dllcache\glu32.dll
+ 2004-08-10 17:51 . 2008-04-13 19:14 143744 c:\windows\system32\dllcache\fastfat.sys
+ 2004-08-10 17:51 . 2008-04-14 00:11 186880 c:\windows\system32\dllcache\encdec.dll
+ 2004-08-10 17:50 . 2008-04-13 18:44 153344 c:\windows\system32\dllcache\dmio.sys
+ 2004-08-10 17:50 . 2008-04-13 18:44 799744 c:\windows\system32\dllcache\dmboot.sys
+ 2008-08-27 00:42 . 2008-04-13 18:51 101120 c:\windows\system32\dllcache\bthpan.sys
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
+ 2008-08-27 00:42 . 2004-08-04 03:29 104960 c:\windows\system32\dllcache\atinrvxx.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 701440 c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-08-27 00:42 . 2004-08-04 03:29 327040 c:\windows\system32\dllcache\ati2mtaa.sys
+ 2010-02-14 08:00 . 2010-10-30 04:01 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2004-08-10 17:50 . 2010-04-20 05:30 285696 c:\windows\system32\atmfd(3).dll
+ 2004-08-10 18:02 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-10 18:02 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-22 14:43 . 2010-09-22 14:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 07:25 . 2010-09-23 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-23 08:17 . 2010-09-23 08:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-24 02:02 . 2010-09-24 02:02 798208 c:\windows\Installer\f8318e.msp
+ 2010-09-24 02:02 . 2010-09-24 02:02 798208 c:\windows\Installer\34f8cd63.msp
- 2008-04-23 21:30 . 2009-06-26 08:05 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2008-04-23 21:30 . 2010-10-29 13:11 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2008-04-23 21:30 . 2009-06-26 08:05 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
+ 2008-04-23 21:30 . 2010-10-29 13:11 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2008-04-23 21:30 . 2009-06-26 08:05 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2008-04-23 21:30 . 2010-10-29 13:11 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-11-28 00:33 . 2007-11-28 00:33 173408 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F378_WkProof.dll
+ 2007-11-28 00:34 . 2007-11-28 00:34 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20987_wkwpqd.dll
+ 2007-11-28 00:34 . 2007-11-28 00:34 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F20985_wkwpqrtf.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-29 13:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-29 13:07 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-29 13:07 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-29 13:07 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-10-29 13:02 . 2010-10-29 13:02 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fe472458\System.Drawing.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f14e90e3\System.Drawing.Design.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b2658b08\CustomMarshalers.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-10-29 13:14 . 2010-10-29 13:14 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\672c4d8e3c33e309c1ed90fa4cb85aba\WindowsFormsIntegration.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\cd91a32f4e36ccb2981c72c0d333e928\UIAutomationTypes.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\9df760fdf8071c7b0de78f39de365e6a\UIAutomationClient.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\90199b4aa63b1b9c8ed0c3de16eec824\System.Drawing.Design.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-10-29 13:16 . 2010-10-29 13:16 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-10-29 13:13 . 2010-10-29 13:13 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e7e7321956e6822b1bf3691c35c842f6\PresentationFramework.Aero.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a14488afff027f0f2985e659449097f5\PresentationFramework.Royale.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\787e60c5dd562cb45887080095d2a3b7\PresentationFramework.Classic.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2313ccc125dcb6a9800048ec1c51ec12\PresentationFramework.Luna.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-10-29 13:16 . 2010-10-29 13:16 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-10-29 13:16 . 2010-10-29 13:16 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-07-22 23:20 . 2010-07-30 03:18 833024 c:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2010-07-22 23:20 . 2010-07-30 03:18 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-07-22 23:20 . 2010-07-30 03:18 114688 c:\windows\.jagex_cache_32\runescape\jaclib.dll

Re: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:15 am

+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe
+ 2010-10-29 13:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll
+ 2010-10-29 13:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe
+ 2010-10-29 13:10 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll
+ 2010-10-29 13:10 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2008-04-14 00:12 406016 c:\windows\$NtUninstallKB981322$\usp10.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981322$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981322$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll
+ 2010-10-29 13:12 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2008-04-14 00:11 384512 c:\windows\$NtUninstallKB975558_WM8$\mp4sdmod.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2347290$\spuninst\updspapi.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2347290$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2259922$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2259922$\spuninst\spuninst.exe
+ 2010-07-20 15:55 . 2010-02-23 00:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-20 15:55 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-20 15:55 . 2008-04-14 00:12 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-10-29 13:01 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-10-29 13:01 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2141007$\spuninst\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2141007$\spuninst\spuninst.exe
+ 2010-10-30 13:38 . 2010-01-29 15:01 691712 c:\windows\$NtUninstallKB2141007$\inetcomm.dll
+ 2010-10-30 13:39 . 2008-04-14 00:12 293376 c:\windows\$NtUninstallKB2121546$\winsrv.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2121546$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2121546$\spuninst\spuninst.exe
+ 2010-10-29 13:12 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe
+ 2010-10-29 13:12 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll
+ 2010-10-29 13:12 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe
+ 2010-10-29 13:12 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe
+ 2010-10-29 08:26 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys
+ 2010-10-29 13:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll
+ 2010-10-29 13:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe
+ 2010-10-29 13:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe
+ 2010-10-29 13:10 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll
+ 2010-10-29 13:10 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe
+ 2010-10-29 13:10 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe
+ 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2347290\update\updspapi.dll
+ 2010-10-30 13:40 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2347290\update\update.exe
+ 2010-10-30 13:40 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2347290\spuninst.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe
+ 2010-10-29 13:12 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB2259922\update\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2259922\update\update.exe
+ 2010-10-29 13:12 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2259922\spuninst.exe
+ 2010-07-20 15:55 . 2010-02-23 00:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-20 15:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-20 15:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-13 21:52 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2141007\update\updspapi.dll
+ 2010-10-30 13:38 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2141007\update\update.exe
+ 2010-10-30 13:38 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2141007\spuninst.exe
+ 2010-06-09 07:41 . 2010-06-09 07:41 692736 c:\windows\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2121546\update\updspapi.dll
+ 2010-10-30 13:39 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2121546\update\update.exe
+ 2010-10-30 13:39 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2121546\spuninst.exe
+ 2010-06-18 17:43 . 2010-06-18 17:43 293376 c:\windows\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll
+ 2010-10-29 13:12 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe
+ 2010-10-29 13:12 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll
+ 2010-10-30 13:39 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe
+ 2010-10-30 13:39 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe
+ 2010-10-29 08:26 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2004-08-10 17:51 . 2010-08-26 22:16 4886528 c:\windows\system32\wmp.dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon(4).dll
+ 2004-08-10 17:51 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon(3).dll
+ 2004-08-10 17:51 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-10 17:51 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32(3).dll
+ 2010-07-10 03:59 . 2010-10-29 07:55 9843028 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-10 17:51 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 1287168 c:\windows\system32\ole32(3).dll
+ 2004-08-10 17:51 . 2010-04-28 02:25 2189952 c:\windows\system32\ntoskrnl.exe
- 2004-08-10 17:51 . 2010-02-17 14:10 2189952 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2010-04-27 13:05 2066816 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2010-02-16 13:25 2066816 c:\windows\system32\ntkrnlpa.exe
- 2004-08-10 17:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 17:51 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 17:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3(2).dll
+ 2004-08-10 17:51 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-07-11 12:04 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 23:34 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
+ 2004-08-10 17:51 . 2010-08-26 22:16 4886528 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-14 23:47 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-23 21:20 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2009-04-16 23:13 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-16 23:13 . 2010-02-17 14:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-16 23:13 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-16 23:13 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-16 23:13 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-16 23:13 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-27 00:43 . 2004-08-04 03:41 1309184 c:\windows\system32\dllcache\mtlstrm.sys
+ 2008-04-23 21:19 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2008-04-23 21:19 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-10 17:51 . 2008-04-14 00:12 1428992 c:\windows\system32\dllcache\msvidctl.dll
+ 2007-12-08 01:07 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-09 19:38 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2010-03-09 19:38 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2008-07-26 13:30 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-27 00:42 . 2004-08-04 03:41 1041536 c:\windows\system32\dllcache\hsfdpsp2.sys
+ 2004-08-10 17:50 . 2008-04-14 00:11 1179648 c:\windows\system32\dllcache\d3d8.dll
+ 2010-09-22 14:44 . 2010-09-22 14:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2010-05-11 11:40 . 2010-05-11 11:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 07:25 . 2010-09-23 07:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-07-09 22:28 . 2010-07-09 22:28 2151424 c:\windows\Installer\f831b0.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\f8319e.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\f83196.msp
+ 2010-09-23 12:39 . 2010-09-23 12:39 4265472 c:\windows\Installer\f8317d.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\d921380.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\d921378.msp
+ 2010-07-09 22:28 . 2010-07-09 22:28 2151424 c:\windows\Installer\484c2f2.msp
+ 2010-07-11 01:14 . 2010-07-11 01:14 2850816 c:\windows\Installer\484c2d6.msp
+ 2010-09-23 12:39 . 2010-09-23 12:39 4265472 c:\windows\Installer\34f8cd5c.msp
+ 2008-04-23 21:30 . 2010-10-29 13:11 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-04-23 21:30 . 2009-06-26 08:05 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
- 2008-04-23 21:30 . 2009-06-26 08:05 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2008-04-23 21:30 . 2010-10-29 13:11 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2007-11-28 00:33 . 2007-11-28 00:33 2901344 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F22194_wksssdb.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-29 13:07 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2009-04-16 23:13 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-16 23:13 . 2010-02-17 14:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-16 23:13 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-16 23:13 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-16 23:13 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-04-16 23:13 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-04-25 20:08 . 2007-04-25 20:08 2233944 c:\windows\Downloaded Program Files\msi.1.0.0.8.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b85554df\System.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_52820eb5\System.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_cbad1cc1\System.Xml.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_60cbd3e2\System.Xml.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a3a1ad63\System.Windows.Forms.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6baf8b52\System.Windows.Forms.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7fe2b767\System.Drawing.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7f41cd71\System.Design.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2fdfb313\System.Design.dll
+ 2010-10-29 13:03 . 2010-10-29 13:03 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_48e58e71\mscorlib.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0cd5c040\mscorlib.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cec7ecb8eac09dd630d180ce87d23b80\WindowsBase.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b7f6e7b265f9aae807ddc4284563e550\UIAutomationClientsideProviders.ni.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5eb08849d17b272ed2a393420cb0305b\System.Speech.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\99767d4df92b83fdfb06012512722ec1\System.Printing.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f04ef00e652a8655a717639e8aeb7b63\System.Data.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c18c236a09e715138daec2e25be205bb\System.Data.Linq.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\faeda674832135a080bc73eda51813ff\System.Core.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3e85c3d63ce3c3f37061aa626feb2a52\ReachFramework.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf67db30179ff6e8cb1bdbaa290d122e\PresentationUI.ni.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\835786d8a0caabae09ad440f6e3abfc6\PresentationBuildTasks.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-10-29 13:17 . 2010-10-29 13:17 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-15 08:13 . 2009-08-15 08:13 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-24 13:03 . 2010-06-24 13:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-24 13:04 . 2010-06-24 13:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-29 13:10 . 2010-10-29 13:10 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-29 13:09 . 2010-10-29 13:09 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-10 13:19 . 2010-06-10 13:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-10 13:19 . 2010-06-10 13:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-29 13:02 . 2010-10-29 13:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-10-29 13:02 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe
+ 2010-10-29 13:10 . 2010-02-17 14:10 2189952 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
+ 2010-10-29 13:10 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe
+ 2010-10-29 13:10 . 2010-02-16 13:25 2066816 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
+ 2010-10-29 13:10 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe
+ 2010-10-30 13:39 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll
+ 2010-10-30 13:39 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll
+ 2010-10-29 08:02 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe
+ 2010-10-29 08:07 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
+ 2010-10-29 08:07 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe
+ 2010-04-28 12:14 . 2010-04-28 12:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
+ 2010-10-29 08:07 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe
+ 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll
+ 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll
+ 2010-03-10 14:00 . 2010-10-07 15:46 35385288 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
+ 2008-07-26 13:30 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-24 19:08 . 2010-09-24 19:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\f83187.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\f83174.msp
+ 2010-05-19 18:08 . 2010-05-19 18:08 11408896 c:\windows\Installer\484c2e0.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\34f8cd53.msp
+ 2010-10-29 13:07 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
+ 2010-10-29 13:18 . 2010-10-29 13:18 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-10-29 13:16 . 2010-10-29 13:16 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\52ca772b93f517fc8fe53d0a240642b3\System.ServiceModel.ni.dll
+ 2010-10-29 13:14 . 2010-10-29 13:14 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
+ 2010-10-29 13:13 . 2010-10-29 13:13 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll
+ 2010-10-29 13:12 . 2010-10-29 13:12 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll
+ 2010-10-29 13:11 . 2010-10-29 13:11 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
.

Re: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:16 am

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-23 98304]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\Cattie\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-10-15 0]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-07 02:25 69632 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 -c--a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-07 02:41 8466432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-07 02:42 81920 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-04-07 02:42 1626112 -c--a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-04-23 21:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-07 02:25 16859648 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 16:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard downloader
"3724:TCP"= 3724:TCP:blizzard downloader
"57991:TCP"= 57991:TCP:Pando Media Booster
"57991:UDP"= 57991:UDP:Pando Media Booster
"56349:TCP"= 56349:TCP:Pando Media Booster
"56349:UDP"= 56349:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"3920:TCP"= 3920:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2/18/2010 5:17 AM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2/18/2010 5:17 AM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2/18/2010 5:17 AM 29776]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/18/2010 6:25 AM 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2/18/2010 5:17 AM 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2/18/2010 5:17 AM 3291336]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-01 c:\windows\Tasks\System Cleanup by Zappit.job
- c:\program files\Zappit\zappit.exe [2010-10-31 19:44]

2010-11-02 c:\windows\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-11-02 c:\windows\Tasks\User_Feed_Synchronization-{96B2581F-E1FF-4224-B9F2-AB3E31D00B96}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-11-01 c:\windows\Tasks\WebReg Deskjet D1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Cattie\Application Data\Mozilla\Firefox\Profiles\ip2bm7id.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Cattie\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 20:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2096645506-828190138-1039861506-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-01 20:08:19
ComboFix-quarantined-files.txt 2010-11-02 01:08
ComboFix2.txt 2010-07-10 06:14
ComboFix3.txt 2010-02-18 10:00
ComboFix4.txt 2009-10-11 03:57
ComboFix5.txt 2010-11-02 00:55

Pre-Run: 101,787,820,032 bytes free
Post-Run: 102,725,369,856 bytes free

- - End Of File - - ECB3B0914CF6FF45FBB96F26FC064726

Re: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 4:55 pm

Hi,

Possible Virus. (TR/Crypt.TKM....) Bf_new

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Re: Possible Virus. (TR/Crypt.TKM....)3rd November 2010, 10:28 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5029

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/3/2010 5:25:48 AM
mbam-log-2010-11-03 (05-25-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 248934
Time elapsed: 1 hour(s), 14 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP221\A0076732.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP222\A0077745.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Re: Possible Virus. (TR/Crypt.TKM....)3rd November 2010, 5:19 pm

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Possible Virus. (TR/Crypt.TKM....)

descriptionPossible Virus. (TR/Crypt.TKM....)29th October 2010, 8:43 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)29th October 2010, 9:09 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)29th October 2010, 4:50 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:38 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:38 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:38 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:39 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:39 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:39 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 9:41 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)31st October 2010, 11:09 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 12:52 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:14 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:15 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:15 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:15 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 1:16 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)2nd November 2010, 4:55 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)3rd November 2010, 10:28 am

descriptionRe: Possible Virus. (TR/Crypt.TKM....)3rd November 2010, 5:19 pm

descriptionRe: Possible Virus. (TR/Crypt.TKM....)