• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Random websites opening in tabs in Firefox. Possible remnant from removed w32.unruy!?

C

Corran

New member
I got infected on the 17th. Thanks to Desktop Armor I caught it immediately and after quite a few steps I managed to remove it all, or so I thought...

Background: a file called dloa4.dll appeared in my system32 directory and according to VirusTotal is was w32.unruy!gen2 / backdoor.tidserv!gen5 (depending on the vendor).

It was a pretty nasty piece of work which managed to infect Desktop Armor (of all things). It placed a copy with the same .exe but with a space behind the name.

Anyway, I thought I removed it all. PrevX keeps saying cmenu.exe is still infected even though I uninstalled it and downloaded a new version from the original website (http://www.msfn.org/board/topic/47645-cmenu/). Before all this happenend PrevX never found any faults with cmenu.

So even though no other scanners (Malwarebytes' Anti-Malware, SUPERAntiSpyware, Symantec's online scan) can find anything I am getting tabs opened in Firefox without me doing anything.

It doesn't happen very often (less than once per hour) and I can't really find a common theme. I'm usually just reading a webpage and all of a sudden a new tab will open with a random website, which often gets replaced by a different one before even showing anything. One of the sites opened was a clickstill.org URL (which is an unsafe website according to Google).

I hope it's possible to find out what's causing this. My DDS log is below.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 17:04:35.75 on di 21-09-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3184 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Desktop Armor\DesktopArmor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Desktop Armor\DesktopArmor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\DL\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.babylon.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Desktop Armor] c:\program files\desktop armor\DesktopArmor.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-system: ShellState = 2400000038080000000000000000000000000000010000000d0000000000000000000000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F}
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260588341656
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260491978250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: cbXPhFUK - cbXPhFUK.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMcdBrp
IFEO: notepad.exe - c:\program files\notepad2\Notepad2.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\administrator\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\administrator\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\administrator\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionNone", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrl", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionCtrlShift", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAlt", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltShift", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionShift", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.ActionAltCtrl", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationNone", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrl", "1");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationCtrlShift", "1");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAlt", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltShift", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationShift", "2");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.LocationAltCtrl", "0");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.contextmenuoption", true);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.country2Search", 80);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.hotkeySelectionToggles", false);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.searchoption", false);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.historyoption", true);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.history", "googlebar");
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.maxHistCnt", 10);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.savelastoption", false);
c:\program files\mozilla firefox\defaults\pref\googlebar.js - user_pref("googlebar.hidemenuoption", false);

============= SERVICES / DRIVERS ===============

R0 iastor75;iastor75;c:\windows\system32\drivers\iaStor75.sys [2007-7-27 304920]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-3-2 30320]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2007-8-7 131840]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [2007-8-7 4608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-7-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 67656]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-9-18 73216]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-9-18 24400]
S1 c58da826;c58da826;c:\windows\system32\drivers\c58da826.sys --> c:\windows\system32\drivers\c58da826.sys [?]
S2 axjpawva;Microsoft IntelliPoint Filter Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 csiscanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-3-2 6405168]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2010-9-10 2320712]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1c9acbca60618c;Google Updateservice (gupdate1c9acbca60618c);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]
S4 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]

=============== Created Last 30 ================

2010-09-21 11:23:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-21 05:55:15 10208 ----a-w- c:\windows\system32\oodbs.lor
2010-09-20 12:55:24 42 ----a-w- c:\windows\oodjobd.INI
2010-09-20 12:48:01 0 d-----w- c:\program files\OO Software
2010-09-18 20:11:08 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-18 20:11:07 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-09-17 04:54:55 685972 ----a-w- c:\windows\umcat_01.db
2010-09-12 12:50:01 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-11 14:20:47 0 d-----w- c:\docume~1\admini~1\applic~1\Chime
2010-09-11 14:20:41 0 d-----w- c:\program files\Microsoft XNA
2010-09-10 11:02:08 1556808 ----a-w- c:\windows\system32\ooscrsav.scr
2010-09-10 11:01:14 275272 ----a-w- c:\windows\system32\oodbs.exe
2010-09-10 10:59:50 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-09-10 10:59:26 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-09-09 19:28:18 0 d-----w- c:\docume~1\admini~1\applic~1\Mumble
2010-09-09 19:28:08 0 d-----w- c:\program files\Mumble
2010-08-28 01:59:06 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-28 01:59:06 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-28 01:59:06 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-28 01:59:05 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-28 01:59:05 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-28 01:59:05 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-28 01:59:05 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-28 01:59:05 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

==================== Find3M ====================

2010-09-21 11:23:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-20 01:09:39 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-19 22:56:56 137976 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-18 20:11:08 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-09-17 04:25:27 10760 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-26 17:47:34 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-26 17:47:32 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 14:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 15:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2008-08-19 08:17:32 8 --sh--r- c:\windows\system32\21847BA199.sys
2009-12-21 14:57:29 1994 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:05:53.06 ===============
 
You must log in or register to reply here.
Back
Top