Active virus attacked my pc and now i can`t log into my pc.

Roti66 · 2010/03/17

========== Files Created - No Company Name ==========

[2010/03/04 10:23:47 | 000,000,098 | ---- | C] () -- C:\guyseg8se4v108.bat
[2010/03/04 10:22:15 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\09661913.exe
[2010/03/04 10:22:15 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\202656.BAT
[2010/03/04 10:22:05 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\sad\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/04 10:20:01 | 000,042,544 | ---- | C] () -- C:\Documents and Settings\sad\SyncMan.exe
[2010/03/04 10:08:01 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\209625.BAT
[2010/03/04 10:07:58 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\6051992.exe
[2010/03/04 10:07:58 | 000,036,865 | ---- | C] () -- C:\WINDOWS\System32\mszdltsg.dll
[2010/03/04 10:07:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/04 10:07:31 | 000,000,118 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_.mkv
[2010/03/04 10:07:31 | 000,000,118 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_.mkv
[2010/03/04 10:07:30 | 000,958,976 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,958,976 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,958,976 | -HS- | C] () -- C:\WINDOWS\System32\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:07:30 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:07:30 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\System32\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:07:06 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/03/04 10:06:18 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\rmlaif.sys
[2010/03/04 10:06:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDdibcroqnue.dll
[2010/03/04 10:06:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\_VOIDptyvcfwtke.dll
[2010/03/04 10:05:57 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\_VOIDrpuwappalk.dll
[2010/03/04 10:05:57 | 000,000,271 | ---- | C] () -- C:\WINDOWS\System32\_VOIDiurwtnmbie.dat
[2010/03/04 10:05:50 | 000,053,552 | ---- | C] () -- C:\WINDOWS\System32\SyncMan.exe
[2010/03/04 10:05:50 | 000,042,544 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\SyncMan.exe
[2010/03/04 07:24:15 | 000,025,244 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\cc_20100304_192414.reg
[2010/02/23 11:03:25 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\maintain 90 lebey.bmp
[2010/02/10 09:30:41 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\vlc-1.0.5-win32.exe
[2010/02/08 11:39:12 | 000,163,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV532AV.SYS
[2010/02/08 11:39:12 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/04 09:57:33 | 000,420,631 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\DSC03415.JPG
[2010/02/04 09:54:15 | 000,383,379 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\DSC03413.JPG
[2010/02/04 09:48:09 | 000,369,157 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\DSC03417.JPG
[2010/01/31 22:13:46 | 000,031,368 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\cc_20100201_101343.reg
[2010/01/31 04:03:02 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\default.htm
[2010/01/23 14:29:12 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\sad\Application Data\Smiley.ico
[2010/01/20 11:34:04 | 000,000,288 | ---- | C] () -- C:\WINDOWS\mrinstu.iss
[2010/01/20 11:28:20 | 000,000,146 | ---- | C] () -- C:\WINDOWS\DelMR.bat
[2010/01/20 11:25:03 | 000,025,214 | R--- | C] () -- C:\WINDOWS\System32\memorystick.ico
[2010/01/11 13:32:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/11 13:32:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/11 13:32:34 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/01/11 13:32:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/11 13:32:33 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/11 13:32:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/11 13:32:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/08 07:47:25 | 000,007,427 | ---- | C] () -- C:\Documents and Settings\sad\.recently-used.xbel
[2009/12/02 11:20:42 | 004,162,471 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\insomnia.pdf
[2009/11/17 13:13:08 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\CCleaner.lnk
[2009/10/27 11:26:39 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\Shortcut to Bayang-pc.lnk
[2009/10/21 03:31:18 | 000,006,302 | ---- | C] () -- C:\WINDOWS\System32\WFVXD.vxd
[2009/10/21 03:31:18 | 000,006,302 | ---- | C] () -- C:\WINDOWS\System32\WFOXVXD.vxd
[2009/10/21 03:31:17 | 000,001,533 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wfsys.inf
[2009/10/20 13:29:16 | 041,878,951 | ---- | C] () -- C:\WINDOWS\System32\mspcache.dll
[2009/10/20 09:20:13 | 012,340,187 | ---- | C] () -- C:\WINDOWS\System32\nvmcache.dll
[2009/10/20 07:34:54 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\sad\My Documents\Default.rdp
[2009/08/06 19:14:04 | 001,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/14 11:50:42 | 000,081,191 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/14 11:50:35 | 000,016,960 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/05/14 11:50:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/14 11:50:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/14 11:50:01 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/05/14 11:50:01 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2009/05/14 11:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/05/14 11:49:57 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/14 11:49:57 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/05/14 11:49:40 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/05/14 11:46:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/04/16 00:03:46 | 001,206,508 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/06 07:16:05 | 000,206,317 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\snapshot 02.png
[2009/03/06 07:16:05 | 000,186,357 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\snapshot 01.png
[2009/03/06 07:09:24 | 000,216,066 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\HyperM2.svg
[2009/03/06 07:09:19 | 000,221,112 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\HyperM1.svg
[2009/03/04 12:33:06 | 000,151,693 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\TROBL.jpg
[2009/03/04 12:33:02 | 000,096,374 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\praha_chodov_zima_letecky1.jpg
[2009/03/04 12:32:42 | 000,109,007 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\fc_mall02.gif
[2009/03/04 12:32:40 | 000,160,992 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\antares0xj2.jpg
[2009/03/04 12:29:04 | 000,093,079 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\Ms.jpg
[2009/03/04 11:27:23 | 000,182,695 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\snapshot 19.png
[2009/02/15 16:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2009/02/15 01:47:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/02/10 06:47:30 | 000,031,318 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\cc_20090210_184728.reg
[2009/01/12 13:50:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\spmsg32.dll
[2009/01/11 06:12:30 | 000,941,568 | ---- | C] () -- C:\WINDOWS\System32\napx86.dll
[2009/01/11 06:12:30 | 000,941,568 | ---- | C] () -- C:\WINDOWS\System32\inetcx86.dll
[2008/12/10 15:57:47 | 000,039,234 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\cc_20081211_035743.reg
[2008/11/04 23:03:42 | 000,201,096 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\cc_20081105_1103.reg
[2008/11/04 23:02:38 | 000,008,637 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\cc_20081105_1102.reg
[2008/10/22 09:22:49 | 003,707,551 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\die to live background track.mp3
[2008/10/19 10:27:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2008/09/17 11:31:09 | 000,044,468 | ---- | C] () -- C:\Documents and Settings\sad\My Documents\Sayang+Ustazah+Norzalina.pdf
[2008/09/16 06:26:26 | 000,062,569 | ---- | C] () -- C:\WINDOWS\skin.png
[2008/08/26 23:28:10 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/08/26 23:28:00 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/08/26 23:27:55 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/08/26 23:27:53 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/08/25 01:53:47 | 009,338,297 | ---- | C] () -- C:\Documents and Settings\sad\Desktop\03 - Die To Live.mp3
[2008/08/10 13:49:57 | 000,002,429 | ---- | C] () -- C:\WINDOWS\dep32ceg.dll
[2008/08/10 13:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spr32snl.dll
[2008/08/10 13:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopb32ul.dll
[2008/08/10 13:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iopa32ul.dll
[2008/05/31 01:33:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/31 01:07:07 | 000,000,289 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/05/07 01:12:40 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/04/28 18:31:13 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2008/04/28 18:31:13 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2008/04/28 18:31:13 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2008/04/28 18:31:12 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2008/04/28 18:31:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2008/04/28 18:31:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2008/04/28 18:31:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2008/04/28 18:31:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2008/04/28 18:31:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2008/04/28 18:31:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2008/04/28 18:31:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2008/04/28 18:31:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2008/04/28 18:31:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2008/04/28 18:31:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2008/04/28 18:31:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2008/04/28 18:31:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2008/04/28 18:31:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2008/04/28 18:31:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2008/04/28 18:31:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2008/04/28 18:31:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2008/04/28 18:31:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2008/04/28 18:31:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2008/04/28 18:31:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2008/04/28 18:31:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2008/04/28 18:31:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2008/04/28 18:31:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2008/04/28 18:31:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2008/04/28 18:31:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2008/04/28 18:31:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2008/04/28 18:31:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2008/04/28 18:31:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2008/04/28 18:31:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2008/04/28 18:31:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2008/04/28 18:31:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2008/04/28 18:30:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2008/04/28 18:30:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2008/04/28 18:30:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2008/04/28 18:30:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2008/04/28 18:30:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2008/04/28 18:30:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2008/04/28 18:30:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2008/04/28 18:30:56 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2008/04/28 18:30:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2008/04/28 18:30:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2008/04/28 18:30:51 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/04/28 18:30:42 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/04/28 18:30:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/04/28 18:30:42 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/04/28 18:30:42 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2008/04/28 18:30:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/04/28 18:30:42 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/04/28 18:30:42 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2008/04/28 18:30:41 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/04/28 18:30:01 | 000,105,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/28 18:29:00 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2008/04/28 18:28:57 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/04/28 13:22:01 | 000,166,912 | ---- | C] () -- C:\Documents and Settings\sad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/28 13:03:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/04/28 12:17:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/28 11:06:37 | 000,015,480 | ---- | C] () -- C:\Documents and Settings\sad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/04/28 11:06:27 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\sad\Local Settings\Application Data\fusioncache.dat
[2008/04/28 10:54:29 | 000,000,172 | ---- | C] () -- C:\Sigmatel
[2008/04/28 10:52:35 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2008/04/28 10:52:32 | 000,005,242 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2008/04/28 10:50:55 | 008,038,192 | -H-- | C] () -- C:\Documents and Settings\sad\Local Settings\Application Data\IconCache.db
[2008/04/28 10:46:35 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\sad\ntuser.ini
[2008/04/28 10:46:35 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\sad\Application Data\desktop.ini
[2008/04/28 10:46:34 | 009,175,040 | -H-- | C] () -- C:\Documents and Settings\sad\NTUSER.DAT
[2008/04/28 10:45:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2008/04/28 10:45:36 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/04/28 10:45:35 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2008/04/28 10:45:17 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2008/04/28 10:45:16 | 000,225,280 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2008/04/28 10:44:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/28 10:44:15 | 000,000,062 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
[2008/04/28 10:44:11 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2008/04/28 10:43:46 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2008/04/28 10:43:46 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2008/04/28 10:43:44 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/04/28 10:43:31 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2008/04/28 10:43:30 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/04/28 10:43:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/04/28 10:43:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/04/28 10:43:20 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/04/28 10:43:09 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/04/28 10:43:04 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/04/28 10:42:51 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/04/28 10:42:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2008/04/28 10:42:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2008/04/28 10:42:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2008/04/28 10:42:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2008/04/28 10:42:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2008/04/28 10:42:46 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2008/04/28 10:42:46 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2008/04/28 10:42:46 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2008/04/28 10:42:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2008/04/28 10:42:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2008/04/28 10:42:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2008/04/28 10:42:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2008/04/28 10:42:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2008/04/28 10:42:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2008/04/28 10:42:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2008/04/28 10:42:44 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2008/04/28 10:42:44 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2008/04/28 10:42:44 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2008/04/28 10:42:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2008/04/28 10:42:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2008/04/28 10:42:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2008/04/28 10:42:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2008/04/28 10:42:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2008/04/28 10:42:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2008/04/28 10:42:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2008/04/28 10:42:43 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2008/04/28 10:42:43 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2008/04/28 10:42:43 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2008/04/28 10:42:43 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2008/04/28 10:42:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2008/04/28 10:42:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2008/04/28 10:42:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2008/04/28 10:42:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2008/04/28 10:42:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2008/04/28 10:42:42 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2008/04/28 10:42:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2008/04/28 10:42:41 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2008/04/28 10:42:41 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2008/04/28 10:42:41 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2008/04/28 10:42:41 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2008/04/28 10:42:40 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2008/04/28 10:42:06 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/04/28 10:42:06 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/04/28 10:42:06 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/04/28 10:42:06 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/04/28 10:42:06 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/04/28 10:42:02 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/04/28 10:42:02 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/04/28 10:42:01 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/04/28 10:41:07 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2008/04/28 10:41:07 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2008/04/28 10:41:01 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2008/04/28 10:41:01 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2008/04/28 10:41:01 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2008/04/28 10:41:01 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2008/04/28 10:41:01 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2008/04/28 10:41:01 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2008/04/28 10:40:46 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2008/04/28 10:40:08 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/04/28 10:40:08 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/04/28 10:40:00 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2008/04/28 10:38:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/28 10:37:59 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/04/28 10:37:59 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/04/28 10:37:59 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/04/28 10:37:59 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/04/28 10:37:58 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/04/28 10:37:58 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/04/28 10:37:58 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/04/28 10:37:58 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/04/28 10:37:58 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/04/28 10:37:58 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/04/28 10:37:58 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/04/28 10:37:57 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2008/04/28 10:37:57 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2008/04/28 10:37:57 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2008/04/28 10:37:57 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2008/04/28 10:37:57 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2008/04/28 10:37:57 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2008/04/28 10:37:56 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2008/04/28 10:37:56 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2008/04/28 10:37:54 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/04/28 10:37:54 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/04/28 10:37:53 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/04/28 10:37:44 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2006/09/23 01:12:38 | 000,074,715 | ---- | C] () -- C:\WINDOWS\System32\IE7Eula.rtf
[2006/08/31 20:44:04 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat
[2006/08/31 20:44:04 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2006/06/29 02:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 02:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/08 00:06:50 | 000,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls
[2006/06/08 00:06:50 | 000,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls
[2006/06/08 00:06:50 | 000,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls
[2006/06/08 00:06:50 | 000,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls
[2006/06/08 00:06:50 | 000,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls
[2006/04/18 03:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 03:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004/08/06 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/06 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2004/08/06 16:00:00 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2004/08/06 16:00:00 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2004/08/06 16:00:00 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2004/08/06 16:00:00 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2004/08/06 16:00:00 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2004/08/06 16:00:00 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2004/08/06 16:00:00 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2004/08/06 16:00:00 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2004/08/06 16:00:00 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2004/08/06 16:00:00 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2004/08/06 16:00:00 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2004/08/06 16:00:00 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2004/08/06 16:00:00 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2004/08/06 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/06 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2004/08/06 16:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2004/08/06 16:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/06 16:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll
[2004/08/06 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/06 16:00:00 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2004/08/06 16:00:00 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls
[2004/08/06 16:00:00 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sortkey.nls
[2004/08/06 16:00:00 | 000,250,048 | RHS- | C] () -- C:\ntldr
[2004/08/06 16:00:00 | 000,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp

Roti66 · 2010/03/17

[2004/08/06 16:00:00 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2004/08/06 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/06 16:00:00 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2004/08/06 16:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_950.nls
[2004/08/06 16:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_950.nls
[2004/08/06 16:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_949.nls
[2004/08/06 16:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_949.nls
[2004/08/06 16:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_936.nls
[2004/08/06 16:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_936.nls
[2004/08/06 16:00:00 | 000,172,032 | -H-- | C] () -- C:\WINDOWS\Fonts\services.exe
[2004/08/06 16:00:00 | 000,167,219 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2004/08/06 16:00:00 | 000,167,219 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs
[2004/08/06 16:00:00 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2004/08/06 16:00:00 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_932.nls
[2004/08/06 16:00:00 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_932.nls
[2004/08/06 16:00:00 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2004/08/06 16:00:00 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2004/08/06 16:00:00 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2004/08/06 16:00:00 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20261.nls
[2004/08/06 16:00:00 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\c_20261.nls
[2004/08/06 16:00:00 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2004/08/06 16:00:00 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2004/08/06 16:00:00 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2004/08/06 16:00:00 | 000,102,446 | ---- | C] () -- C:\WINDOWS\System32\net.hlp
[2004/08/06 16:00:00 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs
[2004/08/06 16:00:00 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\eventquery.vbs
[2004/08/06 16:00:00 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls
[2004/08/06 16:00:00 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\unicode.nls
[2004/08/06 16:00:00 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2004/08/06 16:00:00 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2004/08/06 16:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/06 16:00:00 | 000,069,886 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_874.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_874.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_865.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_865.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_863.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_863.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_861.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_861.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_860.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_860.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_850.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_850.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_775.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_775.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_437.nls
[2004/08/06 16:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_437.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_500.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_500.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28605.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28605.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28598.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28598.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28593.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28593.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28592.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28592.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28591.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28591.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21866.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21866.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20905.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20905.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20866.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20866.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1258.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1258.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1257.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1257.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1256.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1256.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1255.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1255.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1254.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1254.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1253.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1252.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1252.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1251.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1250.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1026.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1026.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10079.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10079.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10000.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10000.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_037.nls
[2004/08/06 16:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_037.nls
[2004/08/06 16:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2004/08/06 16:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2004/08/06 16:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2004/08/06 16:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2004/08/06 16:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2004/08/06 16:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2004/08/06 16:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2004/08/06 16:00:00 | 000,061,172 | ---- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp
[2004/08/06 16:00:00 | 000,059,167 | ---- | C] () -- C:\WINDOWS\System\setup.inf
[2004/08/06 16:00:00 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2004/08/06 16:00:00 | 000,056,700 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2004/08/06 16:00:00 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2004/08/06 16:00:00 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2004/08/06 16:00:00 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2004/08/06 16:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2004/08/06 16:00:00 | 000,050,620 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2004/08/06 16:00:00 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2004/08/06 16:00:00 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2004/08/06 16:00:00 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM
[2004/08/06 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/06 16:00:00 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2004/08/06 16:00:00 | 000,044,451 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc
[2004/08/06 16:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2004/08/06 16:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2004/08/06 16:00:00 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2004/08/06 16:00:00 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2004/08/06 16:00:00 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2004/08/06 16:00:00 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2004/08/06 16:00:00 | 000,040,505 | ---- | C] () -- C:\WINDOWS\System32\cmdlib.wsc
[2004/08/06 16:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax
[2004/08/06 16:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2004/08/06 16:00:00 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2004/08/06 16:00:00 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2004/08/06 16:00:00 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2004/08/06 16:00:00 | 000,036,364 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc
[2004/08/06 16:00:00 | 000,035,755 | ---- | C] () -- C:\WINDOWS\System32\prncnfg.vbs
[2004/08/06 16:00:00 | 000,035,755 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2004/08/06 16:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2004/08/06 16:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2004/08/06 16:00:00 | 000,034,871 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc
[2004/08/06 16:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2004/08/06 16:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2004/08/06 16:00:00 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2004/08/06 16:00:00 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2004/08/06 16:00:00 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2004/08/06 16:00:00 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2004/08/06 16:00:00 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2004/08/06 16:00:00 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2004/08/06 16:00:00 | 000,032,674 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp
[2004/08/06 16:00:00 | 000,032,546 | ---- | C] () -- C:\WINDOWS\System32\prnmngr.vbs
[2004/08/06 16:00:00 | 000,032,546 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2004/08/06 16:00:00 | 000,029,454 | ---- | C] () -- C:\WINDOWS\System32\prnport.vbs
[2004/08/06 16:00:00 | 000,029,454 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2004/08/06 16:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2004/08/06 16:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2004/08/06 16:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2004/08/06 16:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2004/08/06 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/06 16:00:00 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2004/08/06 16:00:00 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2004/08/06 16:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2004/08/06 16:00:00 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2004/08/06 16:00:00 | 000,025,415 | ---- | C] () -- C:\WINDOWS\System32\prndrvr.vbs
[2004/08/06 16:00:00 | 000,025,415 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2004/08/06 16:00:00 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\geo.nls
[2004/08/06 16:00:00 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\geo.nls
[2004/08/06 16:00:00 | 000,024,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2004/08/06 16:00:00 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2004/08/06 16:00:00 | 000,021,527 | ---- | C] () -- C:\WINDOWS\System32\prnjobs.vbs
[2004/08/06 16:00:00 | 000,021,527 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2004/08/06 16:00:00 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2004/08/06 16:00:00 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2004/08/06 16:00:00 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2004/08/06 16:00:00 | 000,019,694 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2004/08/06 16:00:00 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2004/08/06 16:00:00 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2004/08/06 16:00:00 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2004/08/06 16:00:00 | 000,015,860 | ---- | C] () -- C:\WINDOWS\System32\prnqctl.vbs
[2004/08/06 16:00:00 | 000,015,860 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2004/08/06 16:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2004/08/06 16:00:00 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2004/08/06 16:00:00 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2004/08/06 16:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2004/08/06 16:00:00 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2004/08/06 16:00:00 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2004/08/06 16:00:00 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2004/08/06 16:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2004/08/06 16:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2004/08/06 16:00:00 | 000,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2004/08/06 16:00:00 | 000,010,790 | ---- | C] () -- C:\WINDOWS\System32\edit.hlp
[2004/08/06 16:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2004/08/06 16:00:00 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2004/08/06 16:00:00 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2004/08/06 16:00:00 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2004/08/06 16:00:00 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ctype.nls
[2004/08/06 16:00:00 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls
[2004/08/06 16:00:00 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2004/08/06 16:00:00 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2004/08/06 16:00:00 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2004/08/06 16:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\services
[2004/08/06 16:00:00 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2004/08/06 16:00:00 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2004/08/06 16:00:00 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\l_intl.nls
[2004/08/06 16:00:00 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_intl.nls
[2004/08/06 16:00:00 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2004/08/06 16:00:00 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2004/08/06 16:00:00 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2004/08/06 16:00:00 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2004/08/06 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/06 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2004/08/06 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/06 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2004/08/06 16:00:00 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2004/08/06 16:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2004/08/06 16:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2004/08/06 16:00:00 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2004/08/06 16:00:00 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2004/08/06 16:00:00 | 000,003,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam
[2004/08/06 16:00:00 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2004/08/06 16:00:00 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2004/08/06 16:00:00 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2004/08/06 16:00:00 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2004/08/06 16:00:00 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2004/08/06 16:00:00 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2004/08/06 16:00:00 | 000,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h
[2004/08/06 16:00:00 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2004/08/06 16:00:00 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h
[2004/08/06 16:00:00 | 000,002,755 | ---- | C] () -- C:\WINDOWS\System32\mqprfsym.h
[2004/08/06 16:00:00 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2004/08/06 16:00:00 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2004/08/06 16:00:00 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2004/08/06 16:00:00 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2004/08/06 16:00:00 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
[2004/08/06 16:00:00 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h
[2004/08/06 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/06 16:00:00 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht
[2004/08/06 16:00:00 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs
[2004/08/06 16:00:00 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf
[2004/08/06 16:00:00 | 000,001,131 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2004/08/06 16:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2004/08/06 16:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2004/08/06 16:00:00 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2004/08/06 16:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2004/08/06 16:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2004/08/06 16:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2004/08/06 16:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2004/08/06 16:00:00 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap
[2004/08/06 16:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2004/08/06 16:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2004/08/06 16:00:00 | 000,000,799 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2004/08/06 16:00:00 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.enu
[2004/08/06 16:00:00 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.eng
[2004/08/06 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/06 16:00:00 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2004/08/06 16:00:00 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2004/08/06 16:00:00 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\login.cmd
[2004/08/06 16:00:00 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h
[2004/08/06 16:00:00 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h
[2004/08/06 16:00:00 | 000,000,407 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\networks
[2004/08/06 16:00:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\l_except.nls
[2004/08/06 16:00:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_except.nls
[2004/08/06 16:00:00 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h
[2004/08/06 16:00:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2004/08/06 16:00:00 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2004/08/06 16:00:00 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2004/08/06 16:00:00 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\View Channels.scf
[2004/08/06 16:00:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2004/08/06 16:00:00 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2004/08/06 16:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== LOP Check ==========

[2009/04/15 23:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\.purple
[2008/05/31 21:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\DataLayer
[2010/01/08 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\gtk-2.0
[2010/02/26 04:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\imeshmediabartb
[2009/06/04 08:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\Inkscape
[2010/01/13 12:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\IObit
[2009/08/10 10:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\MegauploadToolbar
[2008/08/31 14:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\Nokia
[2008/05/01 05:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\Opera
[2008/05/31 20:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\PC Suite
[2010/01/20 11:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\Teleca
[2010/03/04 07:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sad\Application Data\uTorrent

========== Purity Check ==========

< End of report >

broni · 2010/03/17

You can stop it for now, because it'll take for ever.
Let me know, if you see this message.

broni · 2010/03/17

Oh, OK. That's it?

broni · 2010/03/17

The presence of the following files:
C:\WINDOWS\system32\config\systemprofile\reader_s.exe
C:\WINDOWS\System32\reader_s.exe
makes me believe, you might have been hit with Virut polymorphic virus.

Let's secure your working computer, first, since you're moving files using USB stick.
On your working computer...
Download, and run Flash Disinfector, and save it to your desktop.

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.

Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.

Wait until it has finished scanning and then exit the program.

Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

I'll give you more instructions in my next reply.

broni · 2010/03/17

Using USB stick, copy following files from infected computer:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
Move the stick to working computer and upload above files to http://www.virustotal.com/ for security check.
Post scans results.

Roti66 · 2010/03/18

i don`t understand....do i have to run the flash disinfector at my infected computer using the OTLPE cd?

broni · 2010/03/18

No, you install Flash Disinfector on good computer, so when you plug in USB stick with files from bad computer, nothing will run automatically from USB stick, thus infecting your good computer.

Roti66 · 2010/03/19

explorer.exe result:

File size: 1033728 bytes
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1A55F
timedatestamp.....: 0x48025C30 (Sun Apr 13 21:17:04 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44C09 0x44E00 6.38 fd89c9ce334764ffdbb62637ad9b5809
.data 0x46000 0x1DB4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 0x48000 0xB2268 0xB2400 6.63 95339c37646fa93e3695e06572a21889
.reloc 0xFB000 0x374C 0x3800 6.78 ec335057489badbf6d8142b57175fd91

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=12896823fb95bfb3dc9b46bcaedc9923
ssdeep: 12288:HHmcoCUyZtwAvAs4wTCyrPTloHWYUrkf8w0Vnzac1/g/J/vMS:nmfty/wAvN7lrvbkf8w0VnH1/g/J/k
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
PDFiD : ['-', None, None]
RDS : NSRL Reference Data Set

svchost.exe result:
File size: 14336 bytes
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x48025BC0 (Sun Apr 13 21:15:12 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C00 0x2C00 6.29 f6589e1ed3da6afefb0b4294d9ff7f2e
.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=27c6d03bcdb8cfeb96b716f3d8be3e18
ssdeep: 384:IDvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:INcG6xlCRaJKGOA7SHJ
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
PDFiD : ['-', None, None]
RDS : NSRL Reference Data Set

and userinit.exe cannot be found just user.exe

broni · 2010/03/19

You posted "Additional information" portion of the scan.
I need upper section to be posted.
It'll look like this:

File explorer.exe received on 2010.03.19 17:44:38 (UTC)
Current status: finished
Result: 0/42 (0.00%)
a-squared 4.5.0.50 2010.03.19 -
AhnLab-V3 5.0.0.2 2010.03.19 -
AntiVir 8.2.1.196 2010.03.19 -
Antiy-AVL 2.0.3.7 2010.03.19 -
Authentium 5.2.0.5 2010.03.19 -
Avast 4.8.1351.0 2010.03.19 -
Avast5 5.0.332.0 2010.03.19 -
[....]
Click to expand...

IMPORTANT! When you upload and the file is listed as already analyzed, click on Reanalyse file now button.

Roti66 · 2010/03/31

explorer.exe

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.31 -
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.6.7 2010.03.31 -
Antiy-AVL 2.0.3.7 2010.03.31 -
Authentium 5.2.0.5 2010.03.31 -
Avast 4.8.1351.0 2010.03.31 -
Avast5 5.0.332.0 2010.03.31 -
AVG 9.0.0.787 2010.03.30 -
BitDefender 7.2 2010.03.31 -
CAT-QuickHeal 10.00 2010.03.31 -
ClamAV 0.96.0.0-git 2010.03.31 -
Comodo 4448 2010.03.31 -
DrWeb 5.0.2.03300 2010.03.31 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7399 2010.03.31 -
F-Prot 4.5.1.85 2010.03.31 -
F-Secure 9.0.15370.0 2010.03.31 -
Fortinet 4.0.14.0 2010.03.30 -
GData 19 2010.03.31 -
Ikarus T3.1.1.80.0 2010.03.31 -
Jiangmin 13.0.900 2010.03.31 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.31 -
McAfee 5936 2010.03.30 -
McAfee+Artemis 5936 2010.03.30 -
McAfee-GW-Edition 6.8.5 2010.03.31 -
Microsoft 1.5605 2010.03.31 -
NOD32 4987 2010.03.31 -
Norman 6.04.10 2010.03.30 -
nProtect 2009.1.8.0 2010.03.31 -
Panda 10.0.2.2 2010.03.30 -
PCTools 7.0.3.5 2010.03.31 -
Prevx 3.0 2010.03.31 -
Rising 22.41.02.02 2010.03.31 -
Sophos 4.52.0 2010.03.31 -
Sunbelt 6120 2010.03.31 -
Symantec 20091.2.0.41 2010.03.31 -
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.03.31 -
VBA32 3.12.12.2 2010.03.30 -
ViRobot 2010.3.31.2253 2010.03.31 -
VirusBuster 5.0.27.0 2010.03.30 -

svchost.exe result:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.31 -
AhnLab-V3 5.0.0.2 2010.03.30 -
AntiVir 7.10.6.7 2010.03.31 -
Antiy-AVL 2.0.3.7 2010.03.31 -
Authentium 5.2.0.5 2010.03.31 -
Avast 4.8.1351.0 2010.03.31 -
Avast5 5.0.332.0 2010.03.31 -
AVG 9.0.0.787 2010.03.30 -
BitDefender 7.2 2010.03.31 -
CAT-QuickHeal 10.00 2010.03.31 -
ClamAV 0.96.0.0-git 2010.03.31 -
Comodo 4448 2010.03.31 -
DrWeb 5.0.2.03300 2010.03.31 -
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7399 2010.03.31 -
F-Prot 4.5.1.85 2010.03.31 -
F-Secure 9.0.15370.0 2010.03.31 -
Fortinet 4.0.14.0 2010.03.30 -
GData 19 2010.03.31 -
Ikarus T3.1.1.80.0 2010.03.31 -
Jiangmin 13.0.900 2010.03.31 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.31 -
McAfee 5936 2010.03.30 -
McAfee+Artemis 5936 2010.03.30 -
McAfee-GW-Edition 6.8.5 2010.03.31 -
Microsoft 1.5605 2010.03.31 -
NOD32 4987 2010.03.31 -
Norman 6.04.10 2010.03.30 -
nProtect 2009.1.8.0 2010.03.31 -
Panda 10.0.2.2 2010.03.30 -
PCTools 7.0.3.5 2010.03.31 -
Prevx 3.0 2010.03.31 -
Rising 22.41.02.02 2010.03.31 -
Sophos 4.52.0 2010.03.31 -
Sunbelt 6120 2010.03.31 -
Symantec 20091.2.0.41 2010.03.31 -
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.03.31 -
VBA32 3.12.12.2 2010.03.30 -
ViRobot 2010.3.31.2253 2010.03.31 -
VirusBuster 5.0.27.0 2010.03.30 -

broni · 2010/03/31

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\sad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...GBBALGWDLvJAAg
IE - HKU\sad_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\QUARAN~1\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\QUARAN~1\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: ({2af1cff1-8e9f-4e31-b899-8e428d2f3946}) - {2af1cff1-8e9f-4e31-b899-8e428d2f3946} - C:\WINDOWS\system32\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\System32\yayyxuu.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\QUARAN~1\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\QUARAN~1\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24] File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\system32\reader_s.exe (TWX Corp.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKU\.DEFAULT..\Run: [2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24] File not found
O4 - HKU\.DEFAULT..\Run: [asr64_ldm.exe] C:\WINDOWS\Temp\asr64_ldm.exe (Microsoft Corp.)
O4 - HKU\.DEFAULT..\Run: [reader_s] C:\Documents and Settings\sad\reader_s.exe (TWX Corp.)
O4 - HKU\.DEFAULT..\Run: [SyncMan] File not found
O4 - HKU\sad_ON_C..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe File not found
O4 - HKU\sad_ON_C..\Run: [Messenger (Yahoo!)] E:\Quarantine\Messenger\YahooMessenger.exe File not found
O4 - HKU\sad_ON_C..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] File not found
O4 - HKLM..\RunOnceEx: [Flag] Reg Error: Invalid data type. File not found
F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()
F3 - HKU\.DEFAULT WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\Fonts\services.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: exec = C:\WINDOWS\fonts\services.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Value error. File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - Winlogon\Notify\yayyxuu: DllName - yayyxuu.dll - File not found
O28 - HKLM ShellExecuteHooks: {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\System32\yayyxuu.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - Unable to open key or key not present!
O33 - MountPoints2\{1614b847-fe4e-11dd-820e-0019d12e499d}\Shell\AutoRun\command - " " = hyetn1i.exe
O33 - MountPoints2\{1614b847-fe4e-11dd-820e-0019d12e499d}\Shell\open\Command - " " = hyetn1i.exe
O33 - MountPoints2\{a4e49e84-cfef-11dd-bf9a-0019d12e499d}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{a4e49e84-cfef-11dd-bf9a-0019d12e499d}\Shell\AutoRun\command - " " = C:\WINDOWS\System32\RunDLL32.EXE -- File not found
O33 - MountPoints2\{a4e49e84-cfef-11dd-bf9a-0019d12e499d}\Shell\Explore\command - " " = Flash.10.Setup.exe
O33 - MountPoints2\{a4e49e84-cfef-11dd-bf9a-0019d12e499d}\Shell\Open\command - " " = Flash.10.Setup.exe
O33 - MountPoints2\{a4e49e84-cfef-11dd-bf9a-0019d12e499d}\Shell\Scan for Viruses\command - " " = Scanner.exe
[2010/03/04 10:22:42 | 000,249,856 | ---- | C] (-) -- C:\WINDOWS\System32\2376322.exe
[2010/03/04 10:22:01 | 000,033,792 | ---- | C] (Andreas Hausladen) -- C:\WINDOWS\System32\3479578.exe
[2010/03/04 10:20:04 | 000,029,184 | ---- | C] (TWX Corp.) -- C:\Documents and Settings\sad\reader_s.exe
[2010/03/04 10:07:45 | 000,033,792 | ---- | C] (Andreas Hausladen) -- C:\WINDOWS\System32\8807642.exe
[2010/03/04 10:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\_VOIDjismuecyex
[2010/03/04 10:05:55 | 000,029,184 | ---- | C] (TWX Corp.) -- C:\WINDOWS\System32\reader_s.exe
[2010/03/04 10:05:55 | 000,029,184 | ---- | C] (TWX Corp.) -- C:\WINDOWS\system32\config\systemprofile\reader_s.exe
[2010/03/11 00:52:57 | 000,000,271 | ---- | M] () -- C:\WINDOWS\System32\_VOIDiurwtnmbie.dat
[2010/03/11 00:53:02 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\rmlaif.sys
[2010/03/04 10:23:47 | 000,000,098 | ---- | M] () -- C:\guyseg8se4v108.bat
[2010/03/04 10:22:42 | 000,249,856 | ---- | M] (-) -- C:\WINDOWS\System32\2376322.exe
[2010/03/04 10:22:15 | 000,059,392 | ---- | M] () -- C:\WINDOWS\System32\09661913.exe
[2010/03/04 10:22:15 | 000,000,122 | ---- | M] () -- C:\WINDOWS\System32\202656.BAT
[2010/03/04 10:22:05 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\sad\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/04 10:22:01 | 000,033,792 | ---- | M] (Andreas Hausladen) -- C:\WINDOWS\System32\3479578.exe
[2010/03/04 10:20:04 | 000,029,184 | ---- | M] (TWX Corp.) -- C:\WINDOWS\System32\reader_s.exe
[2010/03/04 10:20:04 | 000,029,184 | ---- | M] (TWX Corp.) -- C:\Documents and Settings\sad\reader_s.exe
[2010/03/04 10:08:01 | 000,000,120 | ---- | M] () -- C:\WINDOWS\System32\209625.BAT
[2010/03/04 10:07:58 | 000,059,392 | ---- | M] () -- C:\WINDOWS\System32\6051992.exe
[2010/03/04 10:07:58 | 000,036,865 | ---- | M] () -- C:\WINDOWS\System32\mszdltsg.dll
[2010/03/04 10:07:56 | 000,000,001 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/04 10:07:45 | 000,033,792 | ---- | M] (Andreas Hausladen) -- C:\WINDOWS\System32\8807642.exe
[2010/03/04 10:07:31 | 000,000,118 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_.mkv
[2010/03/04 10:07:31 | 000,000,118 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_.mkv
[2010/03/04 10:07:30 | 000,958,976 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,958,976 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,958,976 | -HS- | M] () -- C:\WINDOWS\System32\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,025,214 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:07:30 | 000,025,214 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:07:30 | 000,025,214 | -HS- | M] () -- C:\WINDOWS\System32\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:06:12 | 000,033,792 | ---- | M] () -- C:\WINDOWS\System32\_VOIDptyvcfwtke.dll
[2010/03/04 10:06:11 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\_VOIDdibcroqnue.dll
[2010/03/04 10:05:57 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\_VOIDrpuwappalk.dll
[2010/03/04 10:05:55 | 000,029,184 | ---- | M] (TWX Corp.) -- C:\WINDOWS\system32\config\systemprofile\reader_s.exe
[2010/03/04 10:23:47 | 000,000,098 | ---- | C] () -- C:\guyseg8se4v108.bat
[2010/03/04 10:22:15 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\09661913.exe
[2010/03/04 10:22:15 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\202656.BAT
[2010/03/04 10:22:05 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\sad\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/04 10:20:01 | 000,042,544 | ---- | C] () -- C:\Documents and Settings\sad\SyncMan.exe
[2010/03/04 10:08:01 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\209625.BAT
[2010/03/04 10:07:58 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\6051992.exe
[2010/03/04 10:07:58 | 000,036,865 | ---- | C] () -- C:\WINDOWS\System32\mszdltsg.dll
[2010/03/04 10:07:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdh asd
[2010/03/04 10:07:31 | 000,000,118 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_.mkv
[2010/03/04 10:07:31 | 000,000,118 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_.mkv
[2010/03/04 10:07:30 | 000,958,976 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,958,976 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,958,976 | -HS- | C] () -- C:\WINDOWS\System32\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.avi
[2010/03/04 10:07:30 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:07:30 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:07:30 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\System32\2af1cff1-8e9f-4e3a-b899-8e428d2f3946_24.ico
[2010/03/04 10:06:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\_VOIDdibcroqnue.dll
[2010/03/04 10:06:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\_VOIDptyvcfwtke.dll
[2010/03/04 10:05:57 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\_VOIDrpuwappalk.dll
[2010/03/04 10:05:57 | 000,000,271 | ---- | C] () -- C:\WINDOWS\System32\_VOIDiurwtnmbie.dat
[2010/03/04 10:05:50 | 000,053,552 | ---- | C] () -- C:\WINDOWS\System32\SyncMan.exe
[2010/03/04 10:05:50 | 000,042,544 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\SyncMan.exe


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into windows.

Log in or Sign up

Active virus attacked my pc and now i can`t log into my pc.

Roti66 Inactive Thread Starter

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active virus attacked my pc and now i can`t log into my pc.

Roti66 Inactive Thread Starter

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

Roti66 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches