Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Heuristics.Reserved.Word.Exploit/Trojan.Agent


  • This topic is locked This topic is locked
9 replies to this topic

#1 stranger12

stranger12

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 16 October 2008 - 05:35 PM

I already been trying to get rid of this infection for almost 2 days now. I have been using Verizon Internet Security Suit, Malwarebytes' Anti-Malware, and SuperAntiSpyware, but to no vail.
After that I came to your web page and followed your Preparation Guide for use before posting a HijackThis Log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:55 PM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dimo Hessenberger\Desktop\hijackthis.exe
C:\WINDOWS\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SpybotDeletingA1252] command /c del "C:\WINDOWS\CBVersion.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1588] cmd /c del "C:\WINDOWS\CBVersion.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9360] command /c del "C:\WINDOWS\Downloaded Program Files\ClockSyncInst.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5989] cmd /c del "C:\WINDOWS\Downloaded Program Files\ClockSyncInst.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2002] command /c del "C:\WINDOWS\Digital Signature 20040701.htm"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8118] cmd /c del "C:\WINDOWS\Digital Signature 20040701.htm"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9880] command /c del "C:\WINDOWS\Digital Signature 20040730.htm"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6926] cmd /c del "C:\WINDOWS\Digital Signature 20040730.htm"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2562] command /c del "C:\WINDOWS\CBVersion.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9543] cmd /c del "C:\WINDOWS\CBVersion.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7420] command /c del "C:\WINDOWS\Downloaded Program Files\ClockSyncInst.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4729] cmd /c del "C:\WINDOWS\Downloaded Program Files\ClockSyncInst.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9451] command /c del "C:\WINDOWS\Digital Signature 20040701.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4656] cmd /c del "C:\WINDOWS\Digital Signature 20040701.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4111] command /c del "C:\WINDOWS\Digital Signature 20040730.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2036] cmd /c del "C:\WINDOWS\Digital Signature 20040730.htm"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1215804904187
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196029264328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196029218718
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 12449 bytes

BC AdBot (Login to Remove)

 


#2 stranger12

stranger12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 17 October 2008 - 10:01 PM

I ran a few more scans in both normal and safe mode.
Spybot - Search & Destroy identified the trojan as Smitfraud-C.gp concealed as svchost.exe. Neither of the tools that I have used was able to completely remove the trojan.
Everytime the trojan comes back, and when I open a web browser the svchost.exe tries to connect to the internet, but fortunately my firewall blockes it.
I have attached a new HijackThis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:58, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\hijackthis.exe
C:\WINDOWS\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1215804904187
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196029264328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196029218718
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 11756 bytes


Edit 1: I included a Kaspersky scan that I just finished.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 18, 2008 12:31:51
Records in database: 1320761
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 116947
Threat name: 16
Infected objects: 35
Suspicious objects: 0
Duration of the scan: 01:24:35


File name / Threat name / Threats count
c:\windows\system32\lka726_81.dll/c:\windows\system32\lka726_81.dll Infected: Trojan-Downloader.Win32.Agent.ajwx 1
c:\windows\system32\atlcom56_285.dll/c:\windows\system32\atlcom56_285.dll Infected: Trojan-GameThief.Win32.WOW.ceq 1
svchost.exe\svchost.exe/svchost.exe\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cep 1
C:\WINDOWS\svchost.exe/C:\WINDOWS\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cep 1
C:\AddIn\Old\FlashGet1-40.exe Infected: not-a-virus:AdWare.Win32.Cydoor 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.Cydoor 2
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ae 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.h 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bu 1
C:\Documents and Settings\Dimo Hessenberger\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49104 Infected: Trojan.Win32.Emgr.al 1
C:\Documents and Settings\Dimo Hessenberger\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Dimo Hessenberger\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\WINDOWS\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cep 1
C:\WINDOWS\system32\atlcom486_777.dll Infected: Trojan-GameThief.Win32.WOW.ceu 1
C:\WINDOWS\system32\atlcom56_285.dll Infected: Trojan-GameThief.Win32.WOW.ceq 1
C:\WINDOWS\system32\atlsystem120639.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem128354.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem255557.exe Infected: Trojan-GameThief.Win32.WOW.ceu 1
C:\WINDOWS\system32\atlsystem292153.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem344643.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem588722.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem605784.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem67795.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem794130.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem8360.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem84460.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem95299.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem98479.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\Lka726_81.dll Infected: Trojan-Downloader.Win32.Agent.ajwx 1
D:\backup-20040927-222657-935.dll Infected: not-a-virus:AdWare.Win32.SpeedDelivery.a 1
D:\City of Heroes\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\Downloads\sdsetup.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.dq 1
D:\System Volume Information\_restore{6A61906A-795A-4A3F-BE42-8248930FF123}\RP99\A0020380.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

The selected area was scanned.


Edit 2: I ran RSIT and included the info and log txt files.

info.txt logfile of random's system information tool 1.04 2008-10-18 20:43:55

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S /R
-->"C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF5F498-7FB5-11D6-9963-00A0C92C4EC3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced Registry Optimizer-->"C:\Program Files\Advanced Registry Optimizer\unins000.exe"
AGEIA PhysX v6.12.02-->MsiExec.exe /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
BOClean-->C:\WINDOWS\UNBOC.EXE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
City of Villains/City of Heroes (remove only)-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative Modem Blaster PCI DI5633-->C:\Program Files\UIU\CXT1059\HXFSETUP.EXE -U -IVEN_14F1&DEV_1059&SUBSYS_1059148D
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6-->C:\Program Files\Download Manager\uninst.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Entropia Universe-->D:\Entropia Universe\Uninstall.exe
EVE-ONLINE (remove only)-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
FaxTalk Communicator 4.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FaxTalk Communicator\Uninst.isu" -c"C:\Program Files\FaxTalk Communicator\FTUnInUt.dll"
FlashGet 1.9.2.1028-->C:\PROGRA~1\FlashGet\uninst.exe
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Gallery Remote-->"C:\Program Files\Gallery Remote\UninstallerData\Uninstall gallery_remote.exe"
Gogglebox TV-->MsiExec.exe /I{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}
Guild Wars-->"D:\Guild Wars\Gw.exe" -uninstall
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Hellgate: London-->MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HeroStats-->D:\City of Heroes\HeroStats\Uninstall.exe
HexDump extension for Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\HEXDUM~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\HEXDUM~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Documents and Settings\Dimo Hessenberger\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 6.1-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HydraIRC-->"C:\Program Files\HydraIRC\uninstall.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -fg:\Uninst.isu
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KSignAccessToolkit v1.0-->C:\WINDOWS\system32\UnInstall_KAccess.exe
LastChaos-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}\Setup.exe" -l0x9
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
LSP Explorer Pluginfor Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Control Plugin for Ad-aware-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mids' Hero Designer-->MsiExec.exe /I{79D3DBD1-8B16-4611-9353-B24FE34CBEDF}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\Setup.EXE" -l0x9 ControlPanelAnyText
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Nic's XviD Decoder-->"C:\WINDOWS\System32\UninstXviDDec.exe"
OE Messenger Plugin for Ad-aware-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEWMES~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEWMES~1\INSTALL.LOG
PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PerformanceTest v4.0-->"C:\Program Files\PerformanceTest\unins000.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
PPSDKRedistributables-->MsiExec.exe /I{C144C566-21EF-4F8C-9667-40CF19E6AED0}
QuickLink Desktop-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QuickLink Desktop\Uninst.isu"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->D:\PROGRA~1\Rhapsody\Unwise32.exe /A D:\PROGRA~1\Rhapsody\install.log
RPS Ad Blocker-->MsiExec.exe /I{9AC29B2A-1E86-4CE8-BD05-E3429F244659}
RPS AntiFraud-->MsiExec.exe /I{6F857F57-0868-4333-801F-C6FD1C45D198}
RPS AntiSpyware-->MsiExec.exe /I{B8BD4864-420E-4E95-BBE4-DECE91A0F973}
RPS AntiVirus-->MsiExec.exe /I{769A4515-083E-4FDF-8060-1B6FA2A59D79}
RPS App Detector-->MsiExec.exe /I{CD45C967-BF03-406A-820E-8463B84D0FCD}
RPS AsRealtime-->MsiExec.exe /I{CE7496DD-84ED-4ACF-8713-7C78945C8D7F}
RPS Backup-->MsiExec.exe /I{64010327-8AE7-4D4B-A875-8A874862CD4C}
RPS Burn-->MsiExec.exe /I{92F669C7-4D0E-42A8-B7A0-768FFA19972B}
RPS Diagnostic Utility-->MsiExec.exe /I{0EAAC619-A730-4CBB-95D2-70C3ECAD1561}
RPS Firewall-->MsiExec.exe /I{386593CE-E6AF-48DE-B88A-083CB4781652}
RPS ParentalControl-->MsiExec.exe /I{0E0FF2EF-7866-45BE-99F0-475E0DE7733E}
RPS Performance Tool-->MsiExec.exe /I{8A61A0EC-D2F9-40C1-A290-73A80C2AFD68}
RPS PopupBlocker-->MsiExec.exe /I{DF204DA0-8C19-4EB2-AE78-683D2DE35B7B}
RPS Privacy Manager-->MsiExec.exe /I{3E11A4AA-09DC-414E-BE4C-1F615A235B9B}
RPS RpsCore-->MsiExec.exe /I{53BE7E78-A2E6-4986-89F3-F5C693570BD7}
RPS Security Cleanup-->MsiExec.exe /I{44629EAF-A233-4AAE-BBCC-26157DC9A40B}
RPS Zip-->MsiExec.exe /I{A1C82B18-A7B2-48EC-853D-5807C635531E}
Sacred-->C:\Program Files\Advanced Registry Optimizer\unins000.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
SigningAvatar Illustrated Dictionary-->G:\PROGRA~1\Vcom3D\SIGNIN~1\UNWISE.EXE G:\PROGRA~1\Vcom3D\SIGNIN~1\INSTALL.LOG
Skype 1.2-->"C:\Program Files\Skype\Phone\unins000.exe"
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42095863-98D1-4A49-BDF8-638DE8A5F316}\SETUP.EXE" -l0x9
SoundFont Bank Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9 /remove
SPORE™ Creature Creator Trial Edition-->"C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Star Wars® Knights of the Old Republic® II: The Sith Lords™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Star Wars®: Knights of the Old Republic ™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2-->"C:\Program Files\teamspeak2_RC2\unins000.exe"
TPP Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E258A840-7E9A-443A-B156-67102C48BF17}\Setup.exe" NotFirstInstall
True Internet Color-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\E-Color\True Internet Color\Uninst.isu" -c"C:\Program Files\E-Color\True Internet Color\TICUninstall.dll"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB Storage Adapter (TPP)-->tppun.exe TPP725
USB Storage Adapter V2 (TPP)-->tppun.exe TPP200
USB Storage Adapter V3 (TPP)-->tppun.exe TPP300
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo-->C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG
Venues™ X3D Viewer and Simulation Engine-->G:\PROGRA~1\Vcom3D\SIGNIN~1\DICTIO~2\Venues\UNWISE.EXE G:\PROGRA~1\Vcom3D\SIGNIN~1\DICTIO~2\Venues\INSTALL.LOG
Verizon Internet Security Suite-->C:\Program Files\InstallShield Installation Information\{13F8BD99-B753-4007-A060-7EAE3891756F}\setup.exe -runfromtemp -l0x0009 -removeonly
Verizon Online DSL-->"C:\WINDOWS\DSL\unins000.exe"
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon Servicepoint 1.5.20-->"C:\Program Files\Verizon\VSP\unins000.exe"
VidiotMaps Map Overlay-->C:\Program Files\InstallShield Installation Information\{C84C93B2-1987-4973-8ABB-B6D64509E26A}\setup.exe -runfromtemp -l0x0009
VidiotMaps Map Overlay-->C:\Program Files\InstallShield Installation Information\{F0AD180A-9F70-4B62-9C26-241C73CAC032}\setup.exe -runfromtemp -l0x0009
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
VisualRoute-->"C:\Program Files\VisualRoute\Uninstall.exe" "C:\Program Files\VisualRoute"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wondershare PPT to Video 4.0.0.8 Trial-->"G:\PPT to Video\unins000.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xiah-->g:\Xiah\unins000.exe

======Security center information======

AV: Verizon Internet Security Suite Anti-Virus (disabled)
FW: Verizon Internet Security Suite Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\CA\PPRT\bin
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"HellgateEnv"=G:\Hellgate London\

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Dimo Hessenberger at 2008-10-18 20:43:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (33%) free of 39 GB
Total RAM: 2944 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:49, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dimo Hessenberger\Local Settings\Temp\jkos-Dimo Hessenberger\binaries\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dimo Hessenberger\Desktop\RSIT.exe
C:\Hijackthis\Dimo Hessenberger.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1215804904187
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196029264328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196029218718
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 11823 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\PROGRA~1\FlashGet\getflash.dll [2007-06-19 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2002-11-23 631362]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2002-11-08 19968]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE [2001-10-05 118784]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-10-21 29696]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2008-02-13 2065648]
"Verizon Internet Security Suite"=C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe [2008-02-26 318704]
"-FreedomNeedsReboot"=C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe [2008-02-26 13552]
"BOC-426"=C:\PROGRA~1\Comodo\CBOClean\BOC426.exe [2008-04-10 351480]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
"Malwarebytes Anti-Malware Reboot"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-10 1253040]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe [2008-02-26 61168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe [2008-02-26 13552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallControl 4.5]
C:\Program Files\FaxTalk Communicator\FTCtrl32.exe [2003-03-20 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2008-05-16 2732032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-06-15 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2003-11-06 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe [2002-11-21 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2005-04-19 13261992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-03-29 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2008-02-13 2065648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe [2007-03-11 936960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"G:\Metin2_UK\metin2.bin"="G:\Metin2_UK\metin2.bin:*:Enabled:metin2"
"C:\Program Files\HydraIRC\HydraIRC.exe"="C:\Program Files\HydraIRC\HydraIRC.exe:*:Enabled:HydraIRC"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"G:\Hellgate London\Launcher.exe"="G:\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Downloads\utorrent.exe"="D:\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dba8a6ea-7271-11dc-b8eb-000c6e213368}]
shell\AutoRun\command - I:\PortableVault.exe


======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-10-18 20:43:32 ----D---- C:\rsit
2008-10-18 10:21:44 ----A---- C:\WINDOWS\system32\atlsystem605784.exe
2008-10-18 00:00:18 ----A---- C:\WINDOWS\svchost.exe
2008-10-17 22:38:25 ----D---- C:\Hijackthis
2008-10-17 17:21:19 ----A---- C:\WINDOWS\system32\atlsystem95299.exe
2008-10-17 16:45:48 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-17 16:45:45 ----A---- C:\rapport.txt
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\swsc.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\swreg.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\Process.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-17 16:35:47 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-10-17 16:26:44 ----A---- C:\WINDOWS\system32\atlsystem84460.exe
2008-10-17 15:56:13 ----A---- C:\WINDOWS\system32\atlsystem292153.exe
2008-10-17 15:35:36 ----A---- C:\WINDOWS\system32\atlsystem588722.exe
2008-10-16 19:44:25 ----D---- C:\WINDOWS\Sun
2008-10-16 19:44:25 ----D---- C:\Documents and Settings\Dimo Hessenberger\Application Data\Sun
2008-10-16 19:41:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-16 19:41:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-16 19:41:31 ----A---- C:\WINDOWS\system32\java.exe
2008-10-16 19:40:44 ----D---- C:\Program Files\Java
2008-10-16 19:39:50 ----D---- C:\Program Files\Common Files\Java
2008-10-16 12:04:29 ----A---- C:\WINDOWS\system32\atlsystem128354.exe
2008-10-16 10:41:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-16 10:41:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 10:30:16 ----A---- C:\WINDOWS\system32\atlsystem8360.exe
2008-10-16 07:59:42 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-16 07:30:01 ----D---- C:\SDFix
2008-10-16 07:07:31 ----A---- C:\WINDOWS\system32\atlsystem98479.exe
2008-10-15 23:44:13 ----A---- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.BAK
2008-10-15 23:24:38 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-15 23:23:13 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-15 23:23:13 ----D---- C:\Documents and Settings\Dimo Hessenberger\Application Data\SUPERAntiSpyware.com
2008-10-15 23:22:33 ----D---- C:\Program Files\CCleaner
2008-10-15 23:16:00 ----A---- C:\WINDOWS\system32\atlsystem67795.exe
2008-10-15 22:51:07 ----A---- C:\WINDOWS\system32\atlsystem120639.exe
2008-10-15 21:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 21:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 21:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 21:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 21:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 21:36:29 ----A---- C:\WINDOWS\system32\atlsystem794130.exe
2008-10-15 21:30:42 ----A---- C:\WINDOWS\system32\atlsystem344643.exe
2008-10-15 20:03:54 ----A---- C:\WINDOWS\system32\atlcom56_285.dll
2008-10-15 08:25:40 ----A---- C:\WINDOWS\system32\atlsystem255557.exe
2008-10-14 12:28:09 ----A---- C:\WINDOWS\1.ini
2008-10-14 11:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-14 09:34:31 ----A---- C:\WINDOWS\system32\atlcom486_777.dll
2008-10-14 09:32:57 ----A---- C:\WINDOWS\system32\Lka726_81.dll
2008-09-25 13:08:21 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-09-25 13:08:16 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-09-25 13:08:12 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-09-25 13:08:08 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-09-25 13:08:08 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-09-25 13:08:03 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-09-23 12:47:21 ----D---- C:\Documents and Settings\Dimo Hessenberger\Application Data\SPORE Creature Creator

======List of files/folders modified in the last 1 months======

2008-10-18 20:43:36 ----D---- C:\WINDOWS\Prefetch
2008-10-18 20:43:35 ----D---- C:\WINDOWS\TEMP
2008-10-18 20:22:51 ----D---- C:\WINDOWS
2008-10-18 10:21:44 ----AD---- C:\WINDOWS\system32
2008-10-18 00:04:03 ----A---- C:\WINDOWS\BOC426.INI
2008-10-18 00:01:57 ----SD---- C:\WINDOWS\Tasks
2008-10-18 00:00:07 ----SHD---- C:\RECYCLER
2008-10-17 23:59:46 ----A---- C:\WINDOWS\iTouch.ini
2008-10-17 23:58:20 ----D---- C:\WINDOWS\system32\drivers
2008-10-17 23:55:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-17 23:19:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-16 19:44:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-16 19:44:22 ----SHD---- C:\WINDOWS\Installer
2008-10-16 19:41:35 ----HD---- C:\Config.Msi
2008-10-16 19:40:44 ----AD---- C:\Program Files
2008-10-16 19:39:50 ----D---- C:\Program Files\Common Files
2008-10-16 13:50:28 ----A---- C:\WINDOWS\wininit.ini
2008-10-16 12:49:08 ----D---- C:\Program Files\Enigma Software Group
2008-10-15 23:26:49 ----D---- C:\WINDOWS\Debug
2008-10-15 23:26:48 ----D---- C:\WINDOWS\Minidump
2008-10-15 23:21:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 22:38:35 ----D---- C:\Program Files\Internet Explorer
2008-10-15 21:50:03 ----HD---- C:\WINDOWS\inf
2008-10-15 21:49:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 21:49:44 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 21:47:36 ----D---- C:\WINDOWS\ie7updates
2008-10-15 21:28:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 10:23:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 12:13:57 ----D---- C:\Program Files\NCSoft
2008-10-14 12:13:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-08 20:38:37 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-08 19:34:00 ----D---- C:\Documents and Settings\Dimo Hessenberger\Application Data\Move Networks
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 06:00:09 ----RASH---- C:\boot.ini
2008-10-04 06:00:09 ----A---- C:\WINDOWS\win.ini
2008-10-04 06:00:09 ----A---- C:\WINDOWS\system.ini
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-30 12:12:46 ----D---- C:\Documents and Settings\Dimo Hessenberger\Application Data\uTorrent
2008-09-25 13:08:30 ----D---- C:\WINDOWS\system32\DirectX
2008-09-25 13:04:59 ----RSD---- C:\WINDOWS\assembly
2008-09-23 12:46:47 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\System32\drivers\SSHDRV65.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-07-09 834448]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-01-13 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2002-12-10 11044]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-01-09 55296]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2002-03-21 134784]
R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctgame;Game Port; C:\WINDOWS\System32\DRIVERS\ctgame.sys [2002-12-30 12160]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-19 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-19 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2002-11-08 14156]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys [2002-11-08 23838]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidKE.Sys [2004-10-21 24671]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2002-11-08 41420]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-10-21 38691]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys [2002-11-08 70238]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2004-10-21 71535]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ac97intc;Intel® 82801DB/DBM Audio Driver Service (WDM); C:\WINDOWS\system32\drivers\ac97ich4.sys [2002-04-15 107776]
S3 ASUSHWIO;ASUSHWIO; \??\C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2006-08-11 87552]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2006-08-11 158720]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2006-08-11 536576]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2006-08-11 160768]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2006-08-11 269824]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2006-08-11 115200]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2006-08-11 317952]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL []
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2006-08-11 1170432]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2006-08-11 61952]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2006-08-11 548352]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2002-11-14 12640]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2004-10-21 54851]
S3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [2002-11-08 52238]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 TPP200;USB Storage Adapter V2 (TPP); C:\WINDOWS\System32\DRIVERS\TPP200.SYS [2001-10-05 35541]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Winachcf;Winachcf; C:\WINDOWS\system32\DRIVERS\winachcf.sys [2003-03-24 884658]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva014;XDva014; \??\C:\WINDOWS\system32\XDva014.sys []
S3 XDva092;XDva092; \??\C:\WINDOWS\system32\XDva092.sys []
S3 XDva127;XDva127; \??\C:\WINDOWS\system32\XDva127.sys []
S3 XDva132;XDva132; \??\C:\WINDOWS\system32\XDva132.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-11 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-04 495616]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2008-03-28 73464]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 download02;Remote Access; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-07-09 177416]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2007-04-10 284176]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RP_FWS;Verizon Internet Security Suite Firewall; C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe [2008-02-26 304368]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 wowsystemcode;Remote TCP/IPv6; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
R3 RPSUpdaterR;Verizon Internet Security Suite Update Service; C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe [2008-02-26 100080]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-10-16 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 Radialpoint Security Services;Verizon Internet Security Suite; C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 67824]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Edited by stranger12, 18 October 2008 - 08:13 PM.


#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:22 AM

Posted 21 October 2008 - 07:15 PM

Hello, stranger12.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 stranger12

stranger12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 October 2008 - 09:41 AM

Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 22, 2008 03:13:27
Records in database: 1333705
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 117050
Threat name: 18
Infected objects: 39
Suspicious objects: 0
Duration of the scan: 01:23:08


File name / Threat name / Threats count
c:\windows\system32\lka726_81.dll/c:\windows\system32\lka726_81.dll Infected: Trojan-Downloader.Win32.Agent.akgu 1
c:\windows\system32\atlcom56_285.dll/c:\windows\system32\atlcom56_285.dll Infected: Trojan-GameThief.Win32.WOW.ceq 1
svchost.exe\svchost.exe/svchost.exe\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cep 1
C:\WINDOWS\svchost.exe/C:\WINDOWS\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cep 1
C:\AddIn\Old\FlashGet1-40.exe Infected: not-a-virus:AdWare.Win32.Cydoor 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.Cydoor 2
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ae 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.h 1
C:\AddIn\Old\netpumper-1.10.2-setup.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bu 1
C:\Documents and Settings\All Users\Application Data\BOC426\evidence.boc Infected: Trojan-GameThief.Win32.WOW.cep 1
C:\Documents and Settings\Dimo Hessenberger\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49104 Infected: Trojan.Win32.Emgr.al 1
C:\Documents and Settings\Dimo Hessenberger\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Dimo Hessenberger\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\WINDOWS\svchost.exe Infected: Trojan-GameThief.Win32.WOW.cep 1
C:\WINDOWS\system32\atlcom486_777.dll Infected: Trojan-GameThief.Win32.WOW.ceu 1
C:\WINDOWS\system32\atlcom56_285.dll Infected: Trojan-GameThief.Win32.WOW.ceq 1
C:\WINDOWS\system32\atlsystem120639.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem128354.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem255557.exe Infected: Trojan-GameThief.Win32.WOW.ceu 1
C:\WINDOWS\system32\atlsystem292153.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem344643.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem588722.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem605784.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem607142.exe Infected: Trojan-Dropper.Win32.Small.bzv 1
C:\WINDOWS\system32\atlsystem67795.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem69500.exe Infected: Trojan-Dropper.Win32.Small.bzv 1
C:\WINDOWS\system32\atlsystem794130.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem8360.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem84460.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem95299.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\atlsystem98479.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\WINDOWS\system32\Lka726_81.dll Infected: Trojan-Downloader.Win32.Agent.akgu 1
D:\backup-20040927-222657-935.dll Infected: not-a-virus:AdWare.Win32.SpeedDelivery.a 1
D:\City of Heroes\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\Downloads\sdsetup.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.dq 1
D:\System Volume Information\_restore{6A61906A-795A-4A3F-BE42-8248930FF123}\RP99\A0020380.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
F:\World of Warcraft\WowInitcode.dat Infected: Trojan-GameThief.Win32.WOW.cgj 1

The selected area was scanned.





OTViewIT Log:

OTViewIt logfile created on: 10/21/2008 10:25:35 PM - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\Dimo Hessenberger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 12.75 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive D: | 29.35 Gb Total Space | 10.02 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 0.62 Gb Free Space | 2.11% Space Free | Partition Type: NTFS
Drive F: | 29.29 Gb Total Space | 9.82 Gb Free Space | 33.52% Space Free | Partition Type: NTFS
Drive G: | 27.09 Gb Total Space | 3.49 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIMO-87VQ2KFLAP
Current User Name: Dimo Hessenberger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/02/26 17:10:20 | 00,304,368 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
[2008/07/11 21:28:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/03/28 09:16:39 | 00,073,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\CBOClean\BOCore.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2007/07/09 12:54:08 | 00,177,416 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
[2007/04/10 14:41:48 | 00,284,176 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
[2007/03/02 12:24:42 | 00,407,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
[2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2007/03/02 12:24:52 | 00,734,736 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2002/11/23 02:15:00 | 00,631,362 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
[2008/10/21 22:22:49 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2002/11/21 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2001/10/05 12:54:28 | 00,118,784 | ---- | M] (In-System Design, Inc.) -- C:\WINDOWS\tppaldr.exe
[2006/08/11 15:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2008/02/13 13:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
[2008/02/26 17:10:40 | 00,318,704 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RPS.exe
[2008/02/26 17:10:42 | 00,100,080 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
[2008/04/10 11:08:19 | 00,351,480 | ---- | M] (COMODO) -- C:\Program Files\Comodo\CBOClean\BOC426.EXE
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/05/21 17:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/10/28 10:29:48 | 00,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
[2004/10/21 14:28:40 | 00,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
[2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/08/23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/21 22:25:03 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dimo Hessenberger\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/11 21:28:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/12/04 22:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/10/16 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/03/28 09:16:39 | 00,073,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\CBOClean\BOCore.exe -- (BOCore [Auto | Running])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/07/09 12:54:08 | 00,177,416 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi [Auto | Running])
[2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/01/03 21:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/04/10 14:41:48 | 00,284,176 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
[2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/21 17:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2007/03/02 12:24:42 | 00,407,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
[2007/03/02 12:24:52 | 00,734,736 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])
[2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2008/02/26 17:10:40 | 00,067,824 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe -- (Radialpoint Security Services [On_Demand | Stopped])
[2008/02/26 17:10:42 | 00,100,080 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe -- (RPSUpdaterR [On_Demand | Running])
[2008/02/26 17:10:20 | 00,304,368 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe -- (RP_FWS [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2002/04/15 14:31:50 | 00,107,776 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc [On_Demand | Stopped])
[2002/08/14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2007/12/05 01:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/07/20 19:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Stopped])
[2002/03/21 15:21:32 | 00,134,784 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2007/04/17 15:14:10 | 00,015,376 | ---- | M] () -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE [On_Demand | Running])
[2006/08/11 15:48:08 | 00,087,552 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\commonfx.dll -- (COMMONFX.DLL [On_Demand | Stopped])
[2007/07/09 12:01:04 | 00,834,448 | ---- | M] (Authentium, Inc.) -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP [Auto | Running])
[2006/08/11 15:48:50 | 00,158,720 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
[2006/08/11 15:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 15:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2006/08/11 15:48:12 | 00,536,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctaudfx.dll -- (CTAUDFX.DLL [On_Demand | Stopped])
[2005/11/10 18:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2006/08/11 15:48:28 | 00,160,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\cteapsfx.dll -- (CTEAPSFX.DLL [On_Demand | Stopped])
[2006/08/11 15:45:40 | 00,269,824 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
[2006/08/11 15:45:50 | 00,115,200 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
[2006/08/11 15:48:06 | 00,317,952 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
[2006/08/11 15:48:42 | 01,170,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTEXFIFX.dll -- (CTEXFIFX.DLL [On_Demand | Stopped])
[2002/12/30 11:53:36 | 00,012,160 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame [On_Demand | Running])
[2006/08/11 15:48:52 | 00,061,952 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
[2006/08/11 15:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 15:48:32 | 00,548,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctsblfx.dll -- (CTSBLFX.DLL [On_Demand | Stopped])
[2006/08/11 15:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2007/03/02 10:26:18 | 00,067,352 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
[2006/08/11 15:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Stopped])
[2006/08/11 15:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/10/19 11:11:40 | 00,010,664 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem [On_Demand | Stopped])
[2006/08/11 15:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Running])
[2006/08/11 15:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2001/08/17 14:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2006/12/28 12:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/01/19 12:46:10 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2007/01/19 12:46:10 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/10/21 20:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2002/08/14 00:00:00 | 00,013,782 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeBusDr.sys -- (IdeBusDr [Boot | Running])
[2002/08/14 00:00:00 | 00,093,594 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeChnDr.sys -- (IdeChnDr [Boot | Running])
[2002/11/14 22:15:00 | 00,012,640 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr [On_Demand | Stopped])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/10/21 14:31:06 | 00,054,851 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou [On_Demand | Stopped])
[2002/11/08 05:50:00 | 00,052,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Stopped])
[2002/11/08 05:50:00 | 00,014,156 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr [On_Demand | Running])
[2002/11/08 05:50:00 | 00,023,838 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2 [On_Demand | Running])
[2004/10/21 14:30:38 | 00,024,671 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Running])
[2002/11/08 05:50:00 | 00,041,420 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\Lhidusb.sys -- (LHidUsb [On_Demand | Running])
[2004/10/21 14:31:14 | 00,038,691 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK [On_Demand | Running])
[2002/11/08 05:50:00 | 00,070,238 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
[2004/10/21 14:30:56 | 00,071,535 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE [On_Demand | Running])
[2008/01/13 22:08:34 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2002/12/10 22:22:06 | 00,011,044 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2007/03/11 17:37:19 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2007/03/11 17:37:20 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2001/08/17 10:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
[2005/01/04 14:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])
[2006/08/11 15:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/05/16 06:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2002/08/29 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/05/16 06:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2007/09/28 12:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/04/19 11:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT [On_Demand | Running])
[2008/01/09 10:35:54 | 00,055,296 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT [Auto | Running])
[2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/06/27 02:43:00 | 00,120,320 | ---- | M] () -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65 [System | Running])
[2007/02/20 13:07:56 | 00,005,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2001/10/05 12:54:28 | 00,035,541 | ---- | M] (In-System Design, Inc.) -- C:\WINDOWS\system32\drivers\tpp200.sys -- (TPP200 [On_Demand | Stopped])
[2003/03/24 22:38:04 | 00,884,658 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf [On_Demand | Stopped])
[2002/08/29 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL]
""=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page_bak"=http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=about:blank

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=about:blank

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page_bak"=http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=about:blank

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-426"=C:\PROGRA~1\Comodo\CBOClean\BOC426.exe (COMODO)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" (Verizon)
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech Inc.)
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE (In-System Design, Inc.)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" (Verizon)
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (Verizon)
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" (Verizon)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" (Verizon)

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" (Verizon)

========== (O4) Startup Folders ==========

[2004/10/28 10:29:48 | 00,581,632 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoCDBurning"=0
"ClassicShell"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"NoDispBackgroundPage"=0
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoViewOnDrive"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktopChanges"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispAppearancePage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktopChanges"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispAppearancePage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoViewOnDrive"=0

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/06/19 22:45:50 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/06/19 22:45:50 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/06/19 22:45:50 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/06/19 22:45:50 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{04849C74-016E-4a43-8AA5-1F01DE57F4A1}: Button: Trace -- %ProgramFiles%\VisualRoute\vrie.dll [2001/09/10 15:05:00 | 00,024,576 | ---- | M] (VisualWare)
{04849C74-016E-4a43-8AA5-1F01DE57F4A1}: Menu: VisualRoute Trace -- %ProgramFiles%\VisualRoute\vrie.dll [2001/09/10 15:05:00 | 00,024,576 | ---- | M] (VisualWare)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/07/23 06:53:26 | 01,994,800 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/07/23 06:53:26 | 01,994,800 | ---- | M] (FlashGet.com)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> %ProgramFiles%\VisualRoute\vrie.dll [Trace] -> [2001/09/10 15:05:00 | 00,024,576 | ---- | M] (VisualWare)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/07/23 06:53:26 | 01,994,800 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> %ProgramFiles%\VisualRoute\vrie.dll [Trace] -> [2001/09/10 15:05:00 | 00,024,576 | ---- | M] (VisualWare)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/07/23 06:53:26 | 01,994,800 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> %ProgramFiles%\VisualRoute\vrie.dll [Trace] -> [2001/09/10 15:05:00 | 00,024,576 | ---- | M] (VisualWare)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/07/23 06:53:26 | 01,994,800 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{04849C74-016E-4a43-8AA5-1F01DE57F4A1} [HKLM] -> %ProgramFiles%\VisualRoute\vrie.dll [Trace] -> [2001/09/10 15:05:00 | 00,024,576 | ---- | M] (VisualWare)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/07/23 06:53:26 | 01,994,800 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
yahoo.com\www: https in My Computer
29 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
yahoo.com\www: https in My Computer
29 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02ECD07A-22D0-4AF0-BA0A-3F6B06086D08}: http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab -- GamesCampus Control
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15031/CTSUEng.cab -- Creative Software AutoUpdate
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab -- CDownloadCtrl Object
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}: http://catalog.update.microsoft.com/v7/sit...b?1215804904187 -- MUCatalogWebControl Class
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1196029264328 -- WUWebControl Class
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{6A060448-60F9-11D5-A6CD-0002B31F7455}: -- ExentInf Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1196029218718 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab -- Java Plug-in 1.6.0_07
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupdate.microsoft.com/CAB/...7956.7468287037 -- Reg Error: Key does not exist or could not be opened.
{AA07EBD2-EBDD-4BD6-9F8F-114BD513492C}: http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab -- NeffyLauncherCtl Class
{BB383206-6DA1-4E80-B62A-3DF950FCC697}: http://ak.imgag.com/imgag/cp/install/AxCtp2.cab -- Create & Print ActiveX Plug-in
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab -- Java Plug-in 1.3.1
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{D88C7675-7CEE-4C9A-BDD4-7A43EED7794D}: http://www.gamengame.com/KALogoutComponent.cab -- Logout Class
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su/ocx/15033/CTPID.cab -- Creative Software AutoUpdate Support Package
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
Yahoo! Chat: http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{27347B56-6A02-410B-B54D-7B9E53518BD8} (Servers: | Description: 1394 Net Adapter)
{6C11863D-77B7-408B-ADAD-79A6C0726CE3} (Servers: | Description: Broadcom NetXtreme Gigabit Ethernet)
{95F0DDF6-E2EF-4B8D-836F-B04C3840F288} (Servers: | Description: 1394 Net Adapter)
{B3C562B6-C0A6-4801-A82B-2ED87F6A5E68} (Servers: | Description: Broadcom NetXtreme Gigabit Ethernet)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2003/05/09 07:07:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTO.pat [/ş | ]
[2004/06/19 21:23:46 | 00,203,440 | ---- | M] () -- D:\AUTO.pat -- [ NTFS ]

AUTO.pst [q, | ]
[2004/06/19 21:23:46 | 00,082,092 | ---- | M] () -- D:\AUTO.pst -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba8a6ea-7271-11dc-b8eb-000c6e213368}\Shell\AutoRun\command]
""=I:\PortableVault.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/10/21 22:25:02 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dimo Hessenberger\Desktop\OTViewIt.exe
[2008/10/21 22:23:45 | 00,026,180 | ---- | C] () -- C:\WINDOWS\System32\atlsystem607142.exe
[2008/10/21 22:18:13 | 00,022,528 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2008/10/20 23:00:08 | 00,026,180 | ---- | C] () -- C:\WINDOWS\System32\atlsystem69500.exe
[2008/10/18 20:43:32 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/18 20:42:48 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\RSIT.exe
[2008/10/18 12:20:11 | 00,009,707 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\My Documents\Kaspersky Log.html
[2008/10/18 10:21:44 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem605784.exe
[2008/10/17 22:39:11 | 00,000,510 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\Hijackthis.lnk
[2008/10/17 22:38:25 | 00,000,000 | ---D | C] -- C:\Hijackthis
[2008/10/17 17:21:19 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem95299.exe
[2008/10/17 16:45:48 | 00,003,244 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/17 16:35:47 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/10/17 16:35:47 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/10/17 16:35:47 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2008/10/17 16:35:47 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2008/10/17 16:35:47 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/10/17 16:35:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/17 16:35:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2008/10/17 16:35:47 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/17 16:35:47 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2008/10/17 16:35:47 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2008/10/17 16:35:47 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/10/17 16:35:47 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/10/17 16:35:47 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/10/17 16:35:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimo Hessenberger\Desktop\SmitfraudFix
[2008/10/17 16:34:39 | 01,661,652 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\SmitfraudFix.exe
[2008/10/17 16:26:44 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem84460.exe
[2008/10/17 15:56:13 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem292153.exe
[2008/10/17 15:35:36 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem588722.exe
[2008/10/16 19:44:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/10/16 19:44:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimo Hessenberger\Application Data\Sun
[2008/10/16 19:40:44 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/10/16 19:39:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/10/16 12:04:29 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem128354.exe
[2008/10/16 10:41:49 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\Spybot - Search & Destroy.lnk
[2008/10/16 10:41:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/16 10:41:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/16 10:30:16 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem8360.exe
[2008/10/16 07:30:01 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/10/16 07:29:27 | 01,431,710 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\SDFix.exe
[2008/10/16 07:07:31 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem98479.exe
[2008/10/15 23:44:13 | 04,958,588 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.BAK
[2008/10/15 23:24:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/15 23:23:16 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/10/15 23:23:13 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/10/15 23:23:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimo Hessenberger\Application Data\SUPERAntiSpyware.com
[2008/10/15 23:22:34 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\CCleaner.lnk
[2008/10/15 23:22:33 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/15 23:16:00 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem67795.exe
[2008/10/15 22:51:07 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem120639.exe
[2008/10/15 21:36:29 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem794130.exe
[2008/10/15 21:30:42 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem344643.exe
[2008/10/15 21:25:38 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/15 20:06:03 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 20:05:30 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 20:04:56 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 20:04:55 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 20:04:55 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 20:04:54 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 20:03:54 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\atlcom56_285.dll
[2008/10/15 08:25:40 | 00,039,424 | ---- | C] () -- C:\WINDOWS\System32\atlsystem255557.exe
[2008/10/14 12:28:09 | 00,000,037 | ---- | C] () -- C:\WINDOWS\1.ini
[2008/10/14 11:55:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/10/14 09:34:31 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\atlcom486_777.dll
[2008/10/14 09:34:31 | 00,000,020 | ---- | C] () -- C:\WINDOWS\syscheck
[2008/10/14 09:32:57 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Lka726_81.dll
[2008/10/14 09:32:57 | 00,000,021 | ---- | C] () -- C:\WINDOWS\download1
[2008/10/01 12:07:35 | 06,493,122 | ---- | C] () -- C:\Documents and Settings\Dimo Hessenberger\My Documents\Entropia_Guide.pdf
[2008/09/30 12:05:18 | 00,000,522 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Entropia Universe.lnk
[2008/09/25 13:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimo Hessenberger\Local Settings\Application Data\CAPCOM
[2008/09/25 13:08:21 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2008/09/25 13:08:16 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2008/09/25 13:08:12 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2008/09/25 13:08:08 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2008/09/25 13:08:08 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2008/09/25 13:08:03 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2008/09/23 12:47:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimo Hessenberger\My Documents\My Spore Creations
[2008/09/23 12:47:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimo Hessenberger\Application Data\SPORE Creature Creator
[2008/09/23 12:46:06 | 00,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/23 12:45:41 | 00,001,806 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/23 12:44:25 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SPORE™ Creature Creator Trial Edition.lnk

========== Files - Modified Within 30 Days ==========

[36 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/21 22:25:03 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dimo Hessenberger\Desktop\OTViewIt.exe
[2008/10/21 22:23:45 | 00,026,180 | ---- | M] () -- C:\WINDOWS\System32\atlsystem607142.exe
[2008/10/21 22:23:02 | 00,010,094 | ---- | M] () -- C:\WINDOWS\BOC426.INI
[2008/10/21 22:22:50 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2008/10/21 22:22:49 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/10/21 22:22:48 | 00,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/21 22:19:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/10/21 22:16:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/21 22:16:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/21 22:13:21 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/21 22:13:21 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/21 22:13:21 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/21 22:13:20 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/21 22:13:20 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/21 22:13:20 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/21 22:13:20 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/21 22:12:49 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.CDF
[2008/10/21 22:12:49 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.BAK
[2008/10/20 23:00:09 | 00,026,180 | ---- | M] () -- C:\WINDOWS\System32\atlsystem69500.exe
[2008/10/18 20:42:49 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\RSIT.exe
[2008/10/18 12:20:11 | 00,009,707 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\My Documents\Kaspersky Log.html
[2008/10/18 10:21:44 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem605784.exe
[2008/10/17 22:39:11 | 00,000,510 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\Hijackthis.lnk
[2008/10/17 17:21:19 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem95299.exe
[2008/10/17 16:45:48 | 00,003,244 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/17 16:32:36 | 01,661,652 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\SmitfraudFix.exe
[2008/10/17 16:26:45 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem84460.exe
[2008/10/17 15:56:14 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem292153.exe
[2008/10/17 15:35:37 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem588722.exe
[2008/10/16 13:50:28 | 00,000,284 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/16 12:04:29 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem128354.exe
[2008/10/16 10:41:49 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\Spybot - Search & Destroy.lnk
[2008/10/16 10:30:16 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem8360.exe
[2008/10/16 07:30:00 | 01,431,710 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\SDFix.exe
[2008/10/16 07:07:33 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem98479.exe
[2008/10/15 23:23:16 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/10/15 23:22:34 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\Desktop\CCleaner.lnk
[2008/10/15 23:16:00 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem67795.exe
[2008/10/15 22:51:07 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem120639.exe
[2008/10/15 22:38:39 | 00,227,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 21:36:29 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem794130.exe
[2008/10/15 21:30:43 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem344643.exe
[2008/10/15 20:03:54 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\atlcom56_285.dll
[2008/10/15 20:03:54 | 00,000,020 | ---- | M] () -- C:\WINDOWS\syscheck
[2008/10/15 08:25:42 | 00,039,424 | ---- | M] () -- C:\WINDOWS\System32\atlsystem255557.exe
[2008/10/14 12:28:31 | 00,000,037 | ---- | M] () -- C:\WINDOWS\1.ini
[2008/10/14 09:34:31 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\atlcom486_777.dll
[2008/10/14 09:32:57 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\Lka726_81.dll
[2008/10/14 09:32:57 | 00,000,021 | ---- | M] () -- C:\WINDOWS\download1
[2008/10/10 08:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/10 08:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/04 06:00:09 | 00,000,787 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/04 06:00:09 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/04 06:00:09 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/01 15:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/10/01 12:07:53 | 06,493,122 | ---- | M] () -- C:\Documents and Settings\Dimo Hessenberger\My Documents\Entropia_Guide.pdf
[2008/09/30 12:05:18 | 00,000,522 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Entropia Universe.lnk
[2008/09/23 12:46:47 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/23 12:46:06 | 00,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk
[2008/09/23 12:45:41 | 00,001,806 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2008/09/23 12:44:25 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SPORE™ Creature Creator Trial Edition.lnk
< End of report >




Extras Log:

OTViewIt Extras logfile created on: 10/21/2008 10:25:35 PM - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\Dimo Hessenberger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 12.75 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive D: | 29.35 Gb Total Space | 10.02 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 0.62 Gb Free Space | 2.11% Space Free | Partition Type: NTFS
Drive F: | 29.29 Gb Total Space | 9.82 Gb Free Space | 33.52% Space Free | Partition Type: NTFS
Drive G: | 27.09 Gb Total Space | 3.49 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIMO-87VQ2KFLAP
Current User Name: Dimo Hessenberger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/04/19 16:10:34 | 13,261,992 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/12/15 12:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 13:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/23 19:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/23 19:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/23 19:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/20 22:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/20 22:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/23 20:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/20 22:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/23 19:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 01:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 01:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/23 20:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 13:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2007/12/03 09:59:21 | 00,808,448 | ---- | M] () -- G:\Metin2_UK\metin2.bin:*:Enabled:metin2
[2007/05/04 07:11:28 | 01,187,840 | ---- | M] (Hydra Productions) -- C:\Program Files\HydraIRC\HydraIRC.exe:*:Enabled:HydraIRC
[2007/07/23 06:53:26 | 01,994,800 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
[2008/04/29 08:00:08 | 06,448,448 | ---- | M] (Flagship Studios) -- G:\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London
[2008/04/13 20:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2008/04/13 20:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/08/13 15:01:25 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- D:\Downloads\utorrent.exe:*:Enabled:µTorrent
[2008/05/16 06:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 14:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Disc 2
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Logitech iTouch Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}"=LastChaos
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{0E0FF2EF-7866-45BE-99F0-475E0DE7733E}"=RPS ParentalControl
"{0EAAC619-A730-4CBB-95D2-70C3ECAD1561}"=RPS Diagnostic Utility
"{13F8BD99-B753-4007-A060-7EAE3891756F}"=Verizon Internet Security Suite
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}"=CP_CalendarTemplates1
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}"=Star Wars Jedi Knight Jedi Academy
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}"=PerfectDisk
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}"=Rhapsody Player Engine
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{2A548002-9042-4083-A270-B67473DE1073}"=SkinsHP1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}"=Star Wars®: Knights of the Old Republic ™
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}"=Logitech SetPoint
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{386593CE-E6AF-48DE-B88A-083CB4781652}"=RPS Firewall
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}"=DocumentViewer
"{3E11A4AA-09DC-414E-BE4C-1F615A235B9B}"=RPS Privacy Manager
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HYDRAVISION
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}"=RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{42095863-98D1-4A49-BDF8-638DE8A5F316}"=Sound Blaster Audigy 2
"{44629EAF-A233-4AAE-BBCC-26157DC9A40B}"=RPS Security Cleanup
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}"=CP_Panorama1Config
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{53BE7E78-A2E6-4986-89F3-F5C693570BD7}"=RPS RpsCore
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}"=cp_PosterPrintConfig
"{56F3E1FF-54FE-4384-A153-6CCABA097814}"=Creative MediaSource
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}"=Network Magic
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.75
"{587178E7-B1DF-494E-9838-FA4DD36E873C}"=ASUSUpdate
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}"=PlayNC Launcher
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}"=4300
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}"=Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{64010327-8AE7-4D4B-A875-8A874862CD4C}"=RPS Backup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6804F55C-8E8F-46B5-9DF7-428AF2D139D5}_is1"=Xiah
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{6F857F57-0868-4333-801F-C6FD1C45D198}"=RPS AntiFraud
"{7032E73F-68A0-48F9-8100-E70E79169BAE}"=AGEIA PhysX v6.12.02
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}"=CP_Package_Basic1
"{769A4515-083E-4FDF-8060-1B6FA2A59D79}"=RPS AntiVirus
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{79D3DBD1-8B16-4611-9353-B24FE34CBEDF}"=Mids' Hero Designer
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}"=Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{869C3062-4745-4949-B6C9-98AF24D89030}"=PhotoGallery
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}"=ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A61A0EC-D2F9-40C1-A290-73A80C2AFD68}"=RPS Performance Tool
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{92F669C7-4D0E-42A8-B7A0-768FFA19972B}"=RPS Burn
"{9862B19F-4CAD-4EED-920F-2F378D84393F}"=ATI Parental Control & Encoder
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}"=Intel Application Accelerator
"{9AC29B2A-1E86-4CE8-BD05-E3429F244659}"=RPS Ad Blocker
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}"=CueTour
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A1C82B18-A7B2-48EC-853D-5807C635531E}"=RPS Zip
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}"=Hellgate: London
"{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}"=Gogglebox TV
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}"=4300Trb
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}"=MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}"=CP_AtenaShokunin1Config
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}"=ViewSonic Monitor Drivers
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B8BD4864-420E-4E95-BBE4-DECE91A0F973}"=RPS AntiSpyware
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}"=cp_OnlineProjectsConfig
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{C144C566-21EF-4F8C-9667-40CF19E6AED0}"=PPSDKRedistributables
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}"=Slideshow Generator Powertoy for Windows XP
"{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}"=Authentium AntiVirus SDK - 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C84C93B2-1987-4973-8ABB-B6D64509E26A}"=VidiotMaps Map Overlay
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD45C967-BF03-406A-820E-8463B84D0FCD}"=RPS App Detector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CE7496DD-84ED-4ACF-8713-7C78945C8D7F}"=RPS AsRealtime
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}"=InstantShareDevices
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF204DA0-8C19-4EB2-AE78-683D2DE35B7B}"=RPS PopupBlocker
"{E258A840-7E9A-443A-B156-67102C48BF17}"=TPP Storage Driver Installation
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}"=PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}"=4300_Help
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}"=SPORE™ Creature Creator Trial Edition
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F0AD180A-9F70-4B62-9C26-241C73CAC032}"=VidiotMaps Map Overlay
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AdobeESD"=Adobe Download Manager 1.2 (Remove Only)
"Advanced Registry Optimizer_is1"=Advanced Registry Optimizer
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AudioConSole"=Creative Audio Console
"Bink and Smacker"=Bink and Smacker
"CBOClean"=BOClean
"CCleaner"=CCleaner (remove only)
"CoH"=City of Villains/City of Heroes (remove only)
"CXT1059"=Creative Modem Blaster PCI DI5633
"Diablo II"=Diablo II
"Download Manager"=Download Manager 2.3.6
"EVE"=EVE-ONLINE (remove only)
"FaxTalk Communicator 4.5"=FaxTalk Communicator 4.5
"FlashGet"=FlashGet 1.9.2.1028
"FlashGet(JetCar)"=FlashGet(JetCar)
"Gallery Remote"=Gallery Remote
"Guild Wars"=Guild Wars
"HeroStats"=HeroStats
"HexDump extension for Ad-aware 6"=HexDump extension for Ad-aware 6
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 6.1
"HP Imaging Device Functions"=HP Imaging Device Functions 6.1
"HP Photo & Imaging"=HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities"=HP Extended Capabilities 6.1
"HydraIRC"=HydraIRC
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"IrfanView"=IrfanView (remove only)
"JRE 1.3.1"=Java 2 Runtime Environment Standard Edition v1.3.1
"KSignAccessToolkit"=KSignAccessToolkit v1.0
"Logitech Resource Center"=Logitech Resource Center
"LSP Explorer Pluginfor Ad-aware 6"=LSP Explorer Pluginfor Ad-aware 6
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Control Plugin for Ad-aware"=Messenger Control Plugin for Ad-aware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OE Messenger Plugin for Ad-aware"=OE Messenger Plugin for Ad-aware
"PerformanceTest_is1"=PerformanceTest v4.0
"Picasa2"=Picasa 2
"Project Entropia"=Entropia Universe
"QuickLink Desktop"=QuickLink Desktop
"QuickTime"=QuickTime
"RadialpointClientGateway_is1"=Verizon Servicepoint 1.5.20
"Rhapsody"=Rhapsody
"Sacred_is1"=Sacred
"SAID"=SigningAvatar Illustrated Dictionary
"SFBM"=SoundFont Bank Manager
"Skype_is1"=Skype 1.2
"SpywareBlaster_is1"=SpywareBlaster 4.1
"Steam App 320"=Half-Life 2: Deathmatch
"TeamSpeak 2 RC2_is1"=TeamSpeak 2 RC2
"TPP200"=USB Storage Adapter V2 (TPP)
"TPP300"=USB Storage Adapter V3 (TPP)
"TPP725"=USB Storage Adapter (TPP)
"True Internet Color"=True Internet Color
"Ventrilo"=Ventrilo
"Venues™ X3D Viewer and Simulation Engine"=Venues™ X3D Viewer and Simulation Engine
"Verizon Online DSL_is1"=Verizon Online DSL
"Verizon Online Help and Support"=Verizon Online Help and Support
"VisualRoute"=VisualRoute
"WIC"=Windows Imaging Component
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wondershare PPT to Video_is1"=Wondershare PPT to Video 4.0.0.8 Trial
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"XviDDec"=Nic's XviD Decoder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}"=BioShock
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1644491937-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}"=BioShock
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2008 1:57:04 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/15/2008 1:57:07 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/16/2008 2:17:03 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/16/2008 8:13:07 AM | Computer Name = DIMO-87VQ2KFLAP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/16/2008 8:13:07 AM | Computer Name = DIMO-87VQ2KFLAP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/17/2008 1:49:04 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/18/2008 1:57:06 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/19/2008 1:57:04 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/20/2008 1:38:05 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/21/2008 2:02:03 AM | Computer Name = DIMO-87VQ2KFLAP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 10/17/2008 4:45:12 PM | Computer Name = DIMO-87VQ2KFLAP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/17/2008 4:46:20 PM | Computer Name = DIMO-87VQ2KFLAP | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31

Error - 10/17/2008 4:46:20 PM | Computer Name = DIMO-87VQ2KFLAP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/17/2008 4:46:20 PM | Computer Name = DIMO-87VQ2KFLAP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/17/2008 4:46:20 PM | Computer Name = DIMO-87VQ2KFLAP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL StarOpen Tcpip WS2IFSL

Error - 10/17/2008 5:16:17 PM | Computer Name = DIMO-87VQ2KFLAP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/17/2008 11:59:04 PM | Computer Name = DIMO-87VQ2KFLAP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi IntelIde PCIIde

Error - 10/17/2008 11:59:20 PM | Computer Name = DIMO-87VQ2KFLAP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 10/21/2008 10:17:00 PM | Computer Name = DIMO-87VQ2KFLAP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi IntelIde PCIIde

Error - 10/21/2008 10:17:14 PM | Computer Name = DIMO-87VQ2KFLAP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:22 AM

Posted 22 October 2008 - 06:42 PM

Hello, stranger12.
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 stranger12

stranger12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 October 2008 - 07:00 PM

Thanks for the advice Bill.
Formatting is what I will do then.
My firewall so far has always successfully blocked the svchost.exe from getting out.
And when I first noticed the "dial-out" attempts I changed my passwords and did not use this computer anymore.
A reformat of the OS should do the trick though, right? Well, I guess I can just do that for the moment and then do the Kaspersky scan again to make sure that none of the other HDs is infected.

Edit: Or should I reformate the whole pc?

Thanks again for the help Bill.

Edited by stranger12, 22 October 2008 - 07:08 PM.


#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:22 AM

Posted 22 October 2008 - 08:21 PM

Thanks for the advice Bill.
Formatting is what I will do then.
My firewall so far has always successfully blocked the svchost.exe from getting out.
And when I first noticed the "dial-out" attempts I changed my passwords and did not use this computer anymore.
A reformat of the OS should do the trick though, right? Well, I guess I can just do that for the moment and then do the Kaspersky scan again to make sure that none of the other HDs is infected.

Edit: Or should I reformate the whole pc?

Thanks again for the help Bill.

Reformatting the os should be sufficient. Just get an anti-virus installed before doing anything with the other disks ;)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 stranger12

stranger12
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 24 October 2008 - 08:05 AM

Hello Bill,

I did as you adviced and formated my C Drive.
And because of the previous Kaspersky Log, I also formated my D and F Drive as well.

"D:\backup-20040927-222657-935.dll Infected: not-a-virus:AdWare.Win32.SpeedDelivery.a 1
D:\City of Heroes\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
D:\Downloads\sdsetup.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.dq 1
D:\System Volume Information\_restore{6A61906A-795A-4A3F-BE42-8248930FF123}\RP99\A0020380.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
F:\World of Warcraft\WowInitcode.dat Infected: Trojan-GameThief.Win32.WOW.cgj 1"


I included a new OTViewIt, Extras, and Kaspersky Log.

OtViewIT Log:
OTViewIt logfile created on: 10/24/2008 8:51:38 AM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Game\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 29.82 Gb Free Space | 77.79% Space Free | Partition Type: NTFS
Drive D: | 29.35 Gb Total Space | 29.29 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 0.63 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive F: | 29.29 Gb Total Space | 29.23 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive G: | 27.09 Gb Total Space | 9.33 Gb Free Space | 34.42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN001
Current User Name: Game
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/23 22:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MsMpEng.exe
[2008/10/01 09:08:06 | 00,359,664 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
[2008/09/23 22:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/23 12:35:48 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/08/11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2008/04/10 11:08:19 | 00,351,480 | ---- | M] (COMODO) -- C:\Program Files\Comodo\CBOClean\BOC426.EXE
[2006/12/22 18:47:04 | 00,794,688 | R--- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe
[2003/02/21 16:57:22 | 00,098,304 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BacsTray.exe
[2008/09/16 20:14:46 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2005/12/15 11:18:50 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/10/23 19:09:00 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2008/10/23 17:04:49 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2005/12/15 11:57:34 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2007/02/05 15:08:48 | 02,286,592 | ---- | M] () -- C:\Program Files\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
[2008/03/28 09:16:39 | 00,073,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\CBOClean\BOCore.exe
[2008/10/23 19:09:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/04/28 07:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2001/08/18 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/28 07:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
[2008/08/23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/08/23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/23 21:24:05 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Game\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/23 12:35:48 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/09/23 22:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/09/23 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/03/28 09:16:39 | 00,073,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\CBOClean\BOCore.exe -- (BOCore [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/23 19:09:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/04/28 07:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
[2008/04/28 07:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])
[2005/03/14 12:05:02 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2008/10/01 09:08:56 | 00,096,496 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe -- (Radialpoint Security Services [On_Demand | Stopped])
[2008/10/01 09:08:06 | 00,359,664 | ---- | M] (Verizon) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe -- (RP_FWS [Auto | Running])
[2001/08/18 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/09/23 23:09:07 | 03,331,072 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/07/20 18:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
[2003/02/17 13:22:24 | 00,170,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2001/08/17 12:11:26 | 00,054,271 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX [On_Demand | Stopped])
[2001/08/17 12:11:30 | 00,026,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCM4E5.SYS -- (BCM44X2 [On_Demand | Stopped])
[2002/09/10 09:45:50 | 00,041,728 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
[2003/02/05 12:22:32 | 00,050,816 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp [On_Demand | Stopped])
[2007/04/17 15:14:10 | 00,015,376 | ---- | M] () -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE [On_Demand | Running])
[2006/08/11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2005/11/10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2002/12/30 10:53:36 | 00,012,160 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame [On_Demand | Running])
[2006/08/11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/04/25 06:38:22 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
[2006/08/11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2006/08/11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/08/11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Running])
[2006/08/11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/21 19:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2005/10/21 19:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2005/10/22 07:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/06/26 14:23:14 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1 [Boot | Running])
[2008/09/08 13:35:58 | 00,196,368 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2006/08/11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2001/08/18 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/01/26 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/04/19 11:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT [On_Demand | Running])
[2008/04/24 14:02:36 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT [Auto | Running])
[2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/02/20 14:07:56 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} (HKLM) -- C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll (Verizon)
{724d43a9-0d85-11d4-9908-00400523e39a} (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{724d43a0-0d85-11d4-9908-00400523e39a}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"bacstray"=BacsTray.exe (Broadcom Corporation)
"BOC-426"=C:\PROGRA~1\Comodo\CBOClean\BOC426.exe (COMODO)
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for ViewSonic\traybar.exe" (Chicony)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (Verizon)
"Windows Defender"="c:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Customize Menu: File not found
Fill Forms: File not found
RoboForm Toolbar: File not found
Save Forms: File not found

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Customize Menu: File not found
Fill Forms: File not found
RoboForm Toolbar: File not found
Save Forms: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Button: Fill Forms -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Menu: Fill Forms -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Button: Save -- File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Menu: Save Forms -- File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: Button: RoboForm -- File not found
{724d43aa-0d85-11d4-9908-00400523e39a}: Menu: RoboForm Toolbar -- File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1224780059549 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1224780051877 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{513C7DAA-0B9F-4E2F-BFFC-6DBF8FD7ADA0} (Servers: | Description: 1394 Net Adapter)
{DAC42125-1217-4BBF-8C75-5E65F6D8DC21} (Servers: | Description: 1394 Net Adapter)
{F1E185AC-8A9D-4906-B2A1-FC65E5CE7A51} (Servers: | Description: Broadcom NetXtreme Gigabit Ethernet)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- c:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/10/23 07:46:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/24 07:23:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2008/10/23 21:24:03 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Game\Desktop\OTViewIt.exe
[2008/10/23 20:59:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Local Settings\Application Data\Adobe
[2008/10/23 19:12:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Malwarebytes
[2008/10/23 19:12:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/23 19:12:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/23 19:12:11 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/23 19:12:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/23 19:12:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/23 19:11:28 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Game\My Documents\mbam-setup.exe
[2008/10/23 19:09:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/10/23 19:08:56 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/10/23 19:07:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Sun
[2008/10/23 19:03:36 | 00,000,539 | ---- | C] () -- C:\Documents and Settings\Game\Desktop\WoW.lnk
[2008/10/23 18:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/23 18:57:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/23 18:55:23 | 19,694,8676 | ---- | C] () -- C:\Documents and Settings\Game\My Documents\XP-8.432-071101a-054437C-ATI.zip
[2008/10/23 18:25:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\My Documents\488
[2008/10/23 18:25:15 | 31,996,750 | ---- | C] () -- C:\Documents and Settings\Game\My Documents\488.zip
[2008/10/23 17:25:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Windows Search
[2008/10/23 17:24:49 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2008/10/23 17:24:49 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2008/10/23 17:24:49 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2008/10/23 17:24:48 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2008/10/23 17:24:48 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2008/10/23 17:24:47 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2008/10/23 17:24:47 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2008/10/23 17:24:47 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2008/10/23 17:24:46 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2008/10/23 17:24:46 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2008/10/23 17:24:45 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2008/10/23 17:24:45 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2008/10/23 17:24:45 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2008/10/23 17:24:44 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2008/10/23 17:24:44 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2008/10/23 17:24:43 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2008/10/23 17:24:43 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2008/10/23 17:24:42 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2008/10/23 17:24:42 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2008/10/23 17:24:42 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2008/10/23 17:24:41 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2008/10/23 17:24:41 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2008/10/23 17:24:40 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/10/23 17:24:40 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2008/10/23 17:24:39 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2008/10/23 17:24:39 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2008/10/23 17:24:38 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/10/23 17:24:38 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2008/10/23 17:24:38 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2008/10/23 17:24:37 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2008/10/23 17:24:37 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2008/10/23 17:24:37 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2008/10/23 17:24:36 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2008/10/23 17:24:36 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2008/10/23 17:24:35 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2008/10/23 17:24:35 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2008/10/23 17:24:25 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2008/10/23 17:24:25 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2008/10/23 17:24:24 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/10/23 17:24:24 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/10/23 17:24:24 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/10/23 17:24:24 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2008/10/23 17:24:23 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/10/23 17:24:23 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2008/10/23 17:24:23 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2008/10/23 17:24:22 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2008/10/23 17:24:22 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2008/10/23 17:24:21 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2008/10/23 17:24:18 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/10/23 17:24:18 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2008/10/23 17:24:18 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2008/10/23 17:24:17 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/10/23 17:24:17 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/10/23 17:24:16 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2008/10/23 17:24:16 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2008/10/23 17:24:16 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2008/10/23 17:24:15 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/10/23 17:24:14 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2008/10/23 17:21:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2008/10/23 17:21:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2008/10/23 17:20:58 | 00,305,672 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Game\My Documents\dxwebsetup.exe
[2008/10/23 17:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/10/23 17:05:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\My Documents\My RoboForm Data
[2008/10/23 17:04:50 | 00,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2008/10/23 17:04:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/10/23 17:04:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/23 16:44:58 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2008/10/23 16:44:13 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2008/10/23 16:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/10/23 16:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/10/23 16:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Desktop\Adobe Reader 9 Installer
[2008/10/23 16:41:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/10/23 16:41:06 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/10/23 16:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/23 16:38:29 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Media Player.lnk
[2008/10/23 16:38:29 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2008/10/23 16:38:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/23 16:36:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Adobe
[2008/10/23 16:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Macromedia
[2008/10/23 16:34:46 | 02,387,480 | ---- | C] () -- C:\Documents and Settings\Game\My Documents\adobe-svg-viewer.exe
[2008/10/23 16:33:33 | 02,940,520 | ---- | C] (Siber Systems) -- C:\Documents and Settings\Game\My Documents\roboform.exe
[2008/10/23 16:08:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Local Settings\Application Data\IsolatedStorage
[2008/10/23 16:07:13 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Game\Local Settings\Application Data\fusioncache.dat
[2008/10/23 15:53:20 | 00,000,000 | ---D | C] -- C:\bin
[2008/10/23 15:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/10/23 15:52:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2008/10/23 15:47:36 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/10/23 15:47:36 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/23 15:46:04 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2008/10/23 15:27:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/10/23 15:27:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Local Settings\Application Data\ApplicationHistory
[2008/10/23 15:16:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008/10/23 15:16:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Windows Desktop Search
[2008/10/23 15:15:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/10/23 15:15:34 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2008/10/23 15:15:05 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2008/10/23 15:15:05 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2008/10/23 15:15:05 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/10/23 15:14:56 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/10/23 15:14:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/10/23 15:13:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/23 15:13:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/10/23 15:13:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/10/23 15:11:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2008/10/23 15:00:37 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/10/23 14:54:43 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2008/10/23 14:50:30 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/10/23 14:49:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/10/23 14:48:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/10/23 14:48:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/10/23 14:48:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/10/23 14:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/10/23 14:34:04 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/23 14:33:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/23 14:33:53 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/23 14:33:53 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/23 14:33:52 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/23 14:33:51 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/23 14:33:38 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/23 14:33:33 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2008/10/23 14:33:30 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/23 14:33:24 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/23 14:30:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/23 14:22:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/23 14:22:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2008/10/23 14:22:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/23 14:22:56 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2008/10/23 14:22:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/23 14:17:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/10/23 14:12:16 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2008/10/23 14:12:15 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/10/23 14:12:14 | 02,450,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvcore.dll
[2008/10/23 14:12:14 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2008/10/23 14:12:14 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2008/10/23 14:12:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2008/10/23 14:12:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[2008/10/23 14:12:13 | 08,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2008/10/23 14:12:13 | 01,329,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMSPDMOE.dll
[2008/10/23 14:12:13 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/10/23 14:12:13 | 00,603,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMSPDMOD.dll
[2008/10/23 14:12:13 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/10/23 14:12:13 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/10/23 14:12:13 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/10/23 14:12:13 | 00,314,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2008/10/23 14:12:13 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2008/10/23 14:12:13 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/10/23 14:12:13 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2008/10/23 14:12:13 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2008/10/23 14:12:13 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/10/23 14:12:13 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/10/23 14:12:13 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/10/23 14:12:13 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2008/10/23 14:12:13 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2008/10/23 14:12:13 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2008/10/23 14:12:13 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/10/23 14:12:13 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/10/23 14:12:13 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/10/23 14:12:13 | 00,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/10/23 14:12:13 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2008/10/23 14:12:13 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/10/23 14:12:13 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/10/23 14:12:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2008/10/23 14:12:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2008/10/23 14:12:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2008/10/23 14:12:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2008/10/23 14:12:13 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/10/23 14:12:13 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2008/10/23 14:12:13 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll
[2008/10/23 14:12:13 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/10/23 14:12:13 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/10/23 14:12:13 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/10/23 14:12:12 | 10,834,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2008/10/23 14:12:12 | 00,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMNetMgr.dll
[2008/10/23 14:12:12 | 00,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2008/10/23 14:12:12 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll
[2008/10/23 14:12:12 | 00,157,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2008/10/23 14:12:12 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmps.dll
[2008/10/23 14:12:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmlog.dll
[2008/10/23 14:12:12 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/10/23 14:12:12 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/10/23 14:12:11 | 01,117,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMADMOE.dll
[2008/10/23 14:12:11 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMADMOD.dll
[2008/10/23 14:12:11 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/10/23 14:12:11 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/10/23 14:12:11 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/10/23 14:12:11 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/10/23 14:12:11 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/10/23 14:12:11 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/10/23 14:12:11 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/10/23 14:12:11 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/10/23 14:12:11 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/10/23 14:12:11 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/10/23 14:12:11 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/10/23 14:12:11 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/10/23 14:12:09 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/10/23 14:12:09 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2008/10/23 14:12:09 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/10/23 14:12:09 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/10/23 14:12:07 | 00,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2008/10/23 14:12:07 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2008/10/23 14:12:07 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/10/23 14:12:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/10/23 14:12:07 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/10/23 14:12:07 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/10/23 14:12:07 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/10/23 14:12:07 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/10/23 14:12:07 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/10/23 14:12:07 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/10/23 14:12:07 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/10/23 14:12:07 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/10/23 14:12:07 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/10/23 14:12:07 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/10/23 14:12:06 | 00,246,814 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2008/10/23 14:12:04 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/10/23 14:12:04 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/10/23 14:12:04 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/10/23 14:12:03 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2008/10/23 14:12:02 | 01,669,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2008/10/23 14:12:02 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/10/23 14:12:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/10/23 14:12:01 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/10/23 14:12:01 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/10/23 14:12:01 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/10/23 14:12:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/10/23 14:12:00 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/10/23 14:11:59 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/10/23 14:11:59 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/10/23 14:11:59 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/10/23 14:11:59 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/10/23 14:11:59 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/10/23 14:11:59 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/10/23 14:11:59 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/10/23 14:11:59 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/10/23 14:11:59 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/10/23 14:11:59 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/10/23 14:11:59 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/10/23 14:11:59 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/10/23 14:11:59 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/10/23 14:11:59 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/10/23 14:11:59 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/10/23 14:11:59 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/10/23 14:11:59 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/10/23 14:11:59 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/10/23 14:11:59 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/10/23 14:11:59 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/10/23 14:11:58 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/10/23 14:11:57 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/10/23 14:11:56 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2008/10/23 14:11:56 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2008/10/23 14:11:56 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/10/23 14:11:56 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2008/10/23 14:11:56 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/10/23 14:11:55 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/10/23 14:11:55 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/10/23 14:11:55 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/10/23 14:11:55 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/23 14:11:55 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/10/23 14:11:54 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/10/23 14:11:54 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/23 14:11:54 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswmdm.dll
[2008/10/23 14:11:53 | 00,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscp.dll
[2008/10/23 14:11:53 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsp.dll
[2008/10/23 14:11:53 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/10/23 14:11:53 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/10/23 14:11:53 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2008/10/23 14:11:53 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2008/10/23 14:11:52 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll
[2008/10/23 14:11:49 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2008/10/23 14:11:49 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2008/10/23 14:11:47 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/10/23 14:11:47 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2008/10/23 14:11:47 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2008/10/23 14:11:47 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2008/10/23 14:11:47 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2008/10/23 14:11:47 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/10/23 14:11:47 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2008/10/23 14:11:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MPG4DMOD.dll
[2008/10/23 14:11:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MP4SDMOD.dll
[2008/10/23 14:11:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MP43DMOD.dll
[2008/10/23 14:11:47 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/10/23 14:11:47 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/10/23 14:11:46 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/10/23 14:11:46 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/10/23 14:11:46 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/10/23 14:11:46 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/10/23 14:11:45 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2008/10/23 14:11:44 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/10/23 14:11:44 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2008/10/23 14:11:43 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\LAPRXY.dll
[2008/10/23 14:11:40 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/10/23 14:11:40 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/10/23 14:11:40 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/10/23 14:11:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/10/23 14:11:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/10/23 14:11:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/10/23 14:11:40 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/10/23 14:11:36 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/10/23 14:11:36 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/10/23 14:11:36 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/10/23 14:11:31 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2008/10/23 14:11:31 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/10/23 14:11:31 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/10/23 14:11:31 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/10/23 14:11:31 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/10/23 14:11:31 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/10/23 14:11:31 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/10/23 14:11:31 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/10/23 14:11:31 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/10/23 14:11:31 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/10/23 14:11:30 | 00,991,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll
[2008/10/23 14:11:30 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/10/23 14:11:30 | 00,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll
[2008/10/23 14:11:30 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/10/23 14:11:30 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll
[2008/10/23 14:11:30 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/10/23 14:11:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/10/23 14:11:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/10/23 14:11:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/10/23 14:11:30 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/10/23 14:11:29 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/10/23 14:11:29 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/10/23 14:11:29 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/10/23 14:11:29 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/10/23 14:11:28 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/10/23 14:11:28 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2008/10/23 14:11:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/10/23 14:11:28 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/10/23 14:11:28 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/10/23 14:11:28 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/10/23 14:11:27 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/10/23 14:11:27 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/10/23 14:11:27 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/10/23 14:11:27 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/10/23 14:11:27 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/10/23 14:11:27 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/10/23 14:11:26 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll
[2008/10/23 14:11:26 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cewmdm.dll
[2008/10/23 14:11:26 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/10/23 14:11:26 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/10/23 14:11:25 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/10/23 14:11:23 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/10/23 14:11:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2008/10/23 13:59:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2008/10/23 13:59:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2008/10/23 13:35:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Local Settings\Application Data\Identities
[2008/10/23 13:33:49 | 16,721,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/23 13:31:36 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/10/23 13:23:12 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/23 13:22:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2008/10/23 13:22:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2008/10/23 13:20:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/10/23 13:17:57 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2008/10/23 13:16:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/23 13:16:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/10/23 13:13:48 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2008/10/23 13:13:48 | 00,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2008/10/23 13:13:48 | 00,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/10/23 12:58:30 | 06,854,432 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/23 12:58:30 | 00,329,504 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/23 12:58:30 | 00,079,988 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/23 12:58:30 | 00,023,564 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/23 12:52:15 | 00,196,368 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/23 12:52:14 | 00,112,144 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys
[2008/10/23 12:51:40 | 00,048,384 | ---- | C] (Radialpoint, Inc.) -- C:\WINDOWS\System32\drivers\rp_pkt32.sys
[2008/10/23 12:51:23 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2008/10/23 12:51:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2008/10/23 12:51:09 | 00,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2008/10/23 12:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/23 12:43:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/23 12:43:17 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2008/10/23 12:43:17 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winhttp.dll
[2008/10/23 12:43:17 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/10/23 12:43:17 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/10/23 12:43:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/10/23 12:42:58 | 00,271,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/10/23 12:42:58 | 00,030,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/10/23 12:41:18 | 00,549,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/10/23 12:41:18 | 00,325,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/10/23 12:41:18 | 00,216,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/10/23 12:41:18 | 00,043,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/10/23 12:41:18 | 00,034,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/10/23 12:41:18 | 00,033,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/10/23 12:41:18 | 00,025,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/10/23 12:41:18 | 00,025,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/10/23 12:41:18 | 00,020,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/10/23 12:40:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/10/23 12:33:15 | 00,012,980 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2008/10/23 11:33:23 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll
[2008/10/23 11:33:23 | 00,001,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\quotes
[2008/10/23 11:33:22 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2008/10/23 11:33:22 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/10/23 11:16:35 | 00,013,428 | ---- | C] () -- C:\WINDOWS\System32\baspStat.mib
[2008/10/23 11:16:35 | 00,010,481 | ---- | C] () -- C:\WINDOWS\System32\baspConfig.mib
[2008/10/23 11:16:35 | 00,002,603 | ---- | C] () -- C:\WINDOWS\System32\baspTrap.mib
[2008/10/23 11:16:34 | 00,009,104 | ---- | C] () -- C:\WINDOWS\System32\adaptinfo.mib
[2008/10/23 11:16:07 | 00,009,361 | ---- | C] () -- C:\WINDOWS\System32\drivers\bcm42xhw.vxd
[2008/10/23 10:28:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Local Settings\Application Data\TouchStoneSoftware
[2008/10/23 10:03:45 | 01,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx
[2008/10/23 10:03:45 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2008/10/23 10:03:45 | 00,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll
[2008/10/23 10:03:44 | 01,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2008/10/23 09:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Leadertech
[2008/10/23 09:54:09 | 00,000,000 | ---D | C] -- C:\Program Files\viewsonic
[2008/10/23 09:53:28 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/10/23 09:50:51 | 00,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for ViewSonic
[2008/10/23 09:46:21 | 00,017,808 | ---- | C] () -- C:\Documents and Settings\Game\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/23 09:46:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Local Settings\Application Data\ATI
[2008/10/23 09:46:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\ATI
[2008/10/23 09:41:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2008/10/23 09:38:54 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/10/23 09:38:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/10/23 09:37:32 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/10/23 09:37:30 | 00,014,696 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2008/10/23 09:37:28 | 00,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2008/10/23 09:37:26 | 00,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/10/23 09:37:25 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/10/23 09:37:24 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/10/23 09:37:24 | 00,176,918 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/23 09:37:22 | 01,311,202 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2008/10/23 09:37:22 | 00,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2008/10/23 09:37:22 | 00,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2008/10/23 09:37:22 | 00,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2008/10/23 09:37:22 | 00,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2008/10/23 09:37:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2008/10/23 09:19:19 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsock32.dlb
[2008/10/23 09:19:11 | 00,205,560 | ---- | C] (COMODO) -- C:\WINDOWS\UNBOC.EXE
[2008/10/23 09:19:10 | 00,212,728 | ---- | C] (COMODO) -- C:\WINDOWS\CMDLIC.DLL
[2008/10/23 09:19:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BOC426
[2008/10/23 09:19:00 | 00,008,284 | ---- | C] () -- C:\WINDOWS\BOC426.INI
[2008/10/23 09:18:57 | 00,000,000 | ---D | C] -- C:\Program Files\Comodo
[2008/10/23 09:18:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2008/10/23 09:16:35 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 09:16:35 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 09:16:35 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 09:16:35 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 09:16:35 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 09:16:35 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/23 09:16:35 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/23 09:16:24 | 04,958,588 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.BAK
[2008/10/23 09:05:39 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2008/10/23 09:05:38 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/23 09:05:38 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/23 09:05:34 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/23 09:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/23 09:04:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/23 09:03:21 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/10/23 09:03:21 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/10/23 09:02:42 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2008/10/23 09:02:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults
[2008/10/23 09:02:39 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/10/23 09:02:38 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/10/23 09:02:37 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/10/23 09:02:36 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/10/23 09:02:35 | 04,958,588 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.CDF
[2008/10/23 09:02:34 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/10/23 09:02:32 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/10/23 09:02:31 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/10/23 09:02:30 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/10/23 09:02:18 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/10/23 09:02:17 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/10/23 09:02:16 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/10/23 09:02:07 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/10/23 09:02:07 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/10/23 09:02:07 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/10/23 09:02:07 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2008/10/23 09:02:07 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/10/23 09:02:07 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/10/23 09:02:07 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/10/23 09:02:07 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/10/23 09:02:07 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/10/23 09:02:07 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2008/10/23 09:02:07 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv
[2008/10/23 09:02:07 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2008/10/23 09:02:03 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/10/23 09:02:03 | 00,086,016 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/10/23 09:02:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Creative
[2008/10/23 09:01:54 | 00,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/10/23 09:01:54 | 00,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\INRES.DLL
[2008/10/23 09:01:54 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/10/23 09:01:54 | 00,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/10/23 09:01:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Data
[2008/10/23 09:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2008/10/23 09:00:09 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2008/10/23 09:00:06 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2008/10/23 08:59:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2008/10/23 08:59:33 | 00,001,200 | ---- | C] () -- C:\Documents and Settings\Game\Desktop\'Earthsim'.lnk
[2008/10/23 08:59:33 | 00,000,000 | ---D | C] -- C:\ATI
[2008/10/23 08:55:15 | 03,172,552 | -H-- | C] () -- C:\Documents and Settings\Game\Local Settings\Application Data\IconCache.db
[2008/10/23 08:54:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2008/10/23 08:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Verizon
[2008/10/23 08:53:52 | 00,000,000 | ---D | C] -- C:\Program Files\Verizon
[2008/10/23 08:53:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2008/10/23 08:53:27 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/10/23 08:50:16 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/10/23 08:50:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Application Data\Identities
[2008/10/23 08:50:09 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/10/23 08:50:08 | 00,000,075 | -HS- | C] () -- C:\Documents and Settings\Game\My Documents\desktop.ini
[2008/10/23 08:50:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Game\My Documents\My Pictures
[2008/10/23 08:50:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Game\My Documents\My Music
[2008/10/23 08:50:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Game\Application Data\desktop.ini
[2008/10/23 08:50:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Game\Local Settings\Application Data\Microsoft
[2008/10/23 08:50:04 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Game\Start Menu\Programs\Startup\desktop.ini
[2008/10/23 08:50:04 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Game\Application Data\Microsoft
[2008/10/23 08:48:55 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/10/23 07:49:22 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2008/10/23 07:48:35 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/23 07:48:28 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2008/10/23 07:48:28 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2008/10/23 07:48:28 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2008/10/23 07:48:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2008/10/23 07:48:27 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2008/10/23 07:48:27 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2008/10/23 07:48:27 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/10/23 07:48:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/10/23 07:48:27 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2008/10/23 07:48:26 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2008/10/23 07:48:26 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/10/23 07:48:26 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2008/10/23 07:48:26 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2008/10/23 07:48:25 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2008/10/23 07:48:25 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2008/10/23 07:48:25 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2008/10/23 07:48:24 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2008/10/23 07:48:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/10/23 07:48:23 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/10/23 07:48:23 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/10/23 07:48:23 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/10/23 07:48:23 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/10/23 07:48:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/10/23 07:48:22 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/10/23 07:48:22 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/10/23 07:48:22 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/10/23 07:48:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/10/23 07:48:21 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2008/10/23 07:48:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/10/23 07:48:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/10/23 07:48:20 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/10/23 07:48:19 | 00,431,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsvc.dll
[2008/10/23 07:48:19 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/10/23 07:48:19 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/10/23 07:48:19 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/10/23 07:48:19 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/10/23 07:48:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/10/23 07:48:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2008/10/23 07:48:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/10/23 07:48:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/10/23 07:48:18 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/10/23 07:48:18 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/10/23 07:48:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/10/23 07:48:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/10/23 07:48:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/10/23 07:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/10/23 07:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/10/23 07:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/10/23 07:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/10/23 07:48:18 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/10/23 07:48:16 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2008/10/23 07:48:16 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/10/23 07:48:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/10/23 07:48:15 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/10/23 07:48:15 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/10/23 07:48:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2008/10/23 07:48:14 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2008/10/23 07:48:14 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/10/23 07:48:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/10/23 07:48:13 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2008/10/23 07:48:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/10/23 07:48:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/10/23 07:48:12 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/10/23 07:48:12 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/10/23 07:48:12 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/10/23 07:48:12 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/10/23 07:48:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/10/23 07:48:11 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/10/23 07:48:11 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/10/23 07:48:11 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2008/10/23 07:48:11 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2008/10/23 07:48:11 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2008/10/23 07:48:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2008/10/23 07:48:10 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2008/10/23 07:48:10 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2008/10/23 07:48:10 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2008/10/23 07:48:10 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2008/10/23 07:48:09 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/10/23 07:48:08 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2008/10/23 07:48:07 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2008/10/23 07:48:05 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2008/10/23 07:48:05 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2008/10/23 07:48:01 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/10/23 07:48:01 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/10/23 07:48:01 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2008/10/23 07:48:00 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/10/23 07:48:00 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2008/10/23 07:47:59 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/10/23 07:47:59 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2008/10/23 07:47:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2008/10/23 07:47:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2008/10/23 07:47:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/10/23 07:47:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2008/10/23 07:47:58 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2008/10/23 07:47:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2008/10/23 07:47:58 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2008/10/23 07:47:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2008/10/23 07:47:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2008/10/23 07:47:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2008/10/23 07:47:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2008/10/23 07:47:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2008/10/23 07:47:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2008/10/23 07:47:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2008/10/23 07:47:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2008/10/23 07:47:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2008/10/23 07:47:57 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2008/10/23 07:47:56 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/10/23 07:47:56 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2008/10/23 07:47:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2008/10/23 07:47:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2008/10/23 07:47:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2008/10/23 07:47:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2008/10/23 07:47:56 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2008/10/23 07:47:56 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2008/10/23 07:47:55 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2008/10/23 07:47:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2008/10/23 07:47:54 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2008/10/23 07:47:54 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2008/10/23 07:47:54 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2008/10/23 07:47:54 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2008/10/23 07:47:54 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2008/10/23 07:47:54 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2008/10/23 07:47:54 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2008/10/23 07:47:54 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/10/23 07:47:54 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2008/10/23 07:47:53 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2008/10/23 07:47:53 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2008/10/23 07:47:53 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2008/10/23 07:47:53 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2008/10/23 07:47:53 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2008/10/23 07:47:53 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2008/10/23 07:47:53 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2008/10/23 07:47:53 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/10/23 07:47:53 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2008/10/23 07:47:53 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2008/10/23 07:47:53 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2008/10/23 07:47:52 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/10/23 07:47:52 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2008/10/23 07:47:52 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2008/10/23 07:47:52 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2008/10/23 07:47:52 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2008/10/23 07:47:52 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2008/10/23 07:47:52 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2008/10/23 07:47:52 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2008/10/23 07:47:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2008/10/23 07:47:52 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2008/10/23 07:47:48 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2008/10/23 07:47:44 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/10/23 07:47:41 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/10/23 07:47:40 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/10/23 07:47:40 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2008/10/23 07:47:39 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2008/10/23 07:47:39 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2008/10/23 07:47:38 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2008/10/23 07:47:38 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2008/10/23 07:47:37 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/10/23 07:47:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/10/23 07:47:37 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2008/10/23 07:47:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/10/23 07:47:36 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/10/23 07:47:36 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/10/23 07:47:36 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/10/23 07:47:36 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/10/23 07:47:35 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2008/10/23 07:47:33 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2008/10/23 07:47:32 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2008/10/23 07:47:32 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/10/23 07:47:31 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2008/10/23 07:47:31 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2008/10/23 07:47:31 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2008/10/23 07:47:30 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/10/23 07:47:30 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/10/23 07:47:29 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2008/10/23 07:47:29 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2008/10/23 07:47:29 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/10/23 07:47:29 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/10/23 07:47:29 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/10/23 07:47:29 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/10/23 07:47:28 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2008/10/23 07:47:28 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/10/23 07:47:28 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/10/23 07:47:28 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/10/23 07:47:28 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/10/23 07:47:27 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/10/23 07:47:27 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2008/10/23 07:47:27 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/10/23 07:47:27 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2008/10/23 07:47:26 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2008/10/23 07:47:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2008/10/23 07:47:26 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2008/10/23 07:47:25 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2008/10/23 07:47:25 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2008/10/23 07:47:25 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/10/23 07:47:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/10/23 07:47:24 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2008/10/23 07:47:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2008/10/23 07:47:21 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2008/10/23 07:47:21 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2008/10/23 07:47:17 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2008/10/23 07:47:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/10/23 07:47:16 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2008/10/23 07:47:16 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2008/10/23 07:47:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2008/10/23 07:47:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2008/10/23 07:47:13 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2008/10/23 07:47:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2008/10/23 07:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2008/10/23 07:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2008/10/23 07:46:53 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/10/23 07:46:53 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/10/23 07:46:53 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/10/23 07:46:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/10/23 07:46:53 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/10/23 07:46:53 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/10/23 07:46:51 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2008/10/23 07:46:51 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/23 07:46:51 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/23 07:46:50 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2008/10/23 07:46:44 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/23 07:46:43 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/10/23 07:45:59 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/10/23 07:45:59 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/10/23 07:45:39 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2008/10/23 07:45:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/10/23 07:45:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2008/10/23 07:45:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2008/10/23 07:45:28 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2008/10/23 07:45:24 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/10/23 07:45:24 | 00,319,551 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2008/10/23 07:45:24 | 00,163,906 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2008/10/23 07:45:24 | 00,110,657 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2008/10/23 07:45:23 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2008/10/23 07:45:11 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2008/10/23 07:45:11 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2008/10/23 07:45:11 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2008/10/23 07:45:11 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2008/10/23 07:45:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2008/10/23 07:45:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2008/10/23 07:45:10 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2008/10/23 07:45:10 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2008/10/23 07:45:09 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2008/10/23 07:45:09 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2008/10/23 07:45:08 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/10/23 07:45:08 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/10/23 07:45:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2008/10/23 07:45:08 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/10/23 07:45:03 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2008/10/23 07:45:03 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2008/10/23 07:45:03 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/10/23 07:45:03 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/10/23 07:45:03 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2008/10/23 07:45:03 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2008/10/23 07:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2008/10/23 07:45:02 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/10/23 07:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2008/10/23 07:45:01 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/10/23 07:45:01 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/10/23 07:45:01 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/10/23 07:45:01 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/10/23 07:45:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/10/23 07:45:01 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/10/23 07:45:01 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/10/23 07:45:01 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2008/10/23 07:44:59 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2008/10/23 07:44:59 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2008/10/23 07:44:59 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2008/10/23 07:44:59 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2008/10/23 07:44:58 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/10/23 07:44:58 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/10/23 07:44:58 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2008/10/23 07:44:58 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/10/23 07:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2008/10/23 07:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2008/10/23 07:44:57 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/10/23 07:44:57 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/10/23 07:44:54 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/10/23 07:44:54 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/10/23 07:44:54 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/10/23 07:44:54 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/10/23 07:44:54 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/10/23 07:44:54 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2008/10/23 07:44:53 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/10/23 07:44:53 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/10/23 07:44:53 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/10/23 07:44:53 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/10/23 07:44:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/10/23 07:44:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2008/10/23 07:44:52 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2008/10/23 07:44:52 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2008/10/23 07:44:52 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2008/10/23 07:44:52 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2008/10/23 07:44:52 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2008/10/23 07:44:52 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2008/10/23 07:44:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2008/10/23 07:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2008/10/23 07:44:49 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2008/10/23 07:44:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2008/10/23 07:44:47 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2008/10/23 07:44:46 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/10/23 07:44:46 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/10/23 07:44:27 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/23 07:44:17 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/10/23 07:44:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/10/23 07:44:16 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/10/23 07:44:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/10/23 07:44:04 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/10/23 07:44:04 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/10/23 07:43:59 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2008/10/23 07:43:54 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/10/23 07:43:54 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/10/23 07:43:54 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/10/23 07:43:53 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/10/23 07:43:53 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/10/23 07:43:53 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/10/23 07:43:53 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/10/23 07:43:53 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/10/23 07:43:53 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/10/23 07:43:53 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/10/23 07:43:53 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/10/23 07:43:53 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/10/23 07:43:53 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/10/23 07:43:53 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/10/23 07:43:53 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/10/23 07:43:53 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/10/23 07:43:53 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/10/23 07:43:52 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/10/23 07:43:52 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/10/23 07:43:52 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/10/23 07:43:52 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/10/23 07:43:52 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/10/23 07:43:52 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/10/23 07:43:52 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/10/23 07:43:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/10/23 07:43:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2008/10/23 07:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2008/10/23 07:43:46 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/10/23 07:43:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/10/23 07:43:45 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2008/10/23 07:43:45 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2008/10/23 07:43:45 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/10/23 07:43:45 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2008/10/23 07:43:45 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2008/10/23 07:43:45 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2008/10/23 07:43:45 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2008/10/23 07:43:45 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2008/10/23 07:43:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2008/10/23 07:43:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2008/10/23 07:43:44 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/10/23 07:43:44 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2008/10/23 07:43:44 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2008/10/23 07:43:43 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/10/23 07:43:41 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/10/23 07:43:41 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/10/23 07:43:41 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/10/23 07:43:41 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/10/23 07:43:41 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/10/23 07:43:41 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/10/23 07:43:41 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/10/23 07:43:41 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/10/23 07:43:41 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/10/23 07:43:41 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/10/23 07:43:41 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/10/23 07:43:40 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/10/23 07:43:40 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2008/10/23 07:43:40 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2008/10/23 07:43:40 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/10/23 07:43:40 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/10/23 07:43:40 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2008/10/23 07:43:40 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/10/23 07:43:39 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/10/23 07:43:39 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/10/23 07:43:39 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2008/10/23 07:43:39 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/10/23 07:43:39 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2008/10/23 07:43:39 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/10/23 07:43:39 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2008/10/23 07:43:39 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/10/23 07:43:39 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2008/10/23 07:43:38 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/10/23 07:43:38 | 01,712,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/10/23 07:43:38 | 01,712,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/10/23 07:43:38 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2008/10/23 07:43:38 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/10/23 07:43:38 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2008/10/23 07:43:38 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2008/10/23 07:43:38 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2008/10/23 07:43:38 | 00,053,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/10/23 07:43:38 | 00,053,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/10/23 07:43:38 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/10/23 07:43:38 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2008/10/23 07:43:38 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/10/23 07:43:38 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2008/10/23 07:43:38 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2008/10/23 07:43:38 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2008/10/23 07:43:37 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008/10/23 07:43:37 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2008/10/23 07:43:37 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/10/23 07:43:37 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2008/10/23 07:43:37 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2008/10/23 07:43:37 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2008/10/23 07:43:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2008/10/23 07:43:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2008/10/23 07:43:37 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/10/23 07:43:37 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2008/10/23 07:43:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2008/10/23 07:43:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/10/23 07:43:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2008/10/23 07:43:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/10/23 07:43:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2008/10/23 07:43:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2008/10/23 07:43:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2008/10/23 07:43:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2008/10/23 07:43:37 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2008/10/23 07:43:37 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2008/10/23 07:43:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2008/10/23 07:43:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2008/10/23 07:43:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2008/10/23 07:43:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2008/10/23 07:43:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2008/10/23 07:43:37 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2008/10/23 07:43:37 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/10/23 07:43:37 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2008/10/23 07:43:37 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2008/10/23 07:43:37 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2008/10/23 07:43:37 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/10/23 07:43:36 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2008/10/23 07:43:36 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/10/23 07:43:36 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/10/23 07:43:36 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/10/23 07:43:36 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2008/10/23 07:43:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2008/10/23 07:43:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2008/10/23 07:43:36 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2008/10/23 07:43:36 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2008/10/23 07:43:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2008/10/23 07:43:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2008/10/23 07:43:36 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2008/10/23 07:43:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2008/10/23 07:43:35 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2008/10/23 07:43:35 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2008/10/23 07:43:35 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/10/23 07:43:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2008/10/23 07:43:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2008/10/23 07:43:35 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/10/23 07:43:35 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/10/23 07:43:34 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/10/23 07:43:34 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/10/23 07:43:34 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/10/23 07:43:34 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2008/10/23 07:43:34 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/10/23 07:43:34 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/10/23 07:43:34 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/10/23 07:43:34 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/10/23 07:43:34 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/10/23 07:43:34 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/10/23 07:43:34 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/10/23 07:43:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/10/23 07:43:33 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/10/23 07:43:33 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/10/23 07:43:33 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/10/23 07:43:33 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/10/23 07:43:33 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2008/10/23 07:43:29 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2008/10/23 07:43:29 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2008/10/23 07:43:29 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2008/10/23 07:43:28 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2008/10/23 07:43:28 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2008/10/23 07:43:28 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2008/10/23 07:43:28 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2008/10/23 07:43:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2008/10/23 07:43:28 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2008/10/23 07:43:28 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2008/10/23 07:43:28 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2008/10/23 07:43:28 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2008/10/23 07:43:27 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2008/10/23 07:43:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2008/10/23 07:43:26 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2008/10/23 07:43:26 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2008/10/23 07:43:25 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2008/10/23 07:43:25 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/10/23 07:43:25 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2008/10/23 07:43:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/10/23 07:43:25 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/10/23 07:43:20 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/10/23 07:43:20 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/10/23 03:30:19 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2008/10/23 03:30:00 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2008/10/23 03:29:58 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/10/23 03:29:38 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/10/23 03:29:18 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2008/10/23 03:28:57 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2008/10/23 03:28:00 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/23 03:27:56 | 00,494,700 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/23 03:27:55 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/23 03:27:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2008/10/23 03:27:54 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2008/10/23 03:27:54 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2008/10/23 03:27:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2008/10/23 03:27:54 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2008/10/23 03:27:53 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2008/10/23 03:27:53 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2008/10/23 03:27:53 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2008/10/23 03:27:53 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2008/10/23 03:27:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2008/10/23 03:27:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2008/10/23 03:27:52 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/10/23 03:27:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2008/10/23 03:27:50 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2008/10/23 03:27:50 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2008/10/23 03:27:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2008/10/23 03:27:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2008/10/23 03:27:50 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2008/10/23 03:27:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2008/10/23 03:27:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2008/10/23 03:27:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2008/10/23 03:27:47 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2008/10/23 03:27:47 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2008/10/23 03:27:47 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2008/10/23 03:27:47 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2008/10/23 03:27:47 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2008/10/23 03:27:47 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2008/10/23 03:27:47 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2008/10/23 03:27:47 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2008/10/23 03:27:47 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2008/10/23 03:27:47 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2008/10/23 03:27:47 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2008/10/23 03:27:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2008/10/23 03:27:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2008/10/23 03:27:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2008/10/23 03:27:46 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2008/10/23 03:27:46 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2008/10/23 03:27:46 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2008/10/23 03:27:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2008/10/23 03:27:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2008/10/23 03:27:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2008/10/23 03:27:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2008/10/23 03:27:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2008/10/23 03:27:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2008/10/23 03:27:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2008/10/23 03:27:45 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2008/10/23 03:27:45 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2008/10/23 03:27:45 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2008/10/23 03:27:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2008/10/23 03:27:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2008/10/23 03:27:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2008/10/23 03:27:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2008/10/23 03:27:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2008/10/23 03:27:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2008/10/23 03:27:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2008/10/23 03:27:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2008/10/23 03:27:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2008/10/23 03:27:44 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2008/10/23 03:27:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2008/10/23 03:27:44 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2008/10/23 03:27:44 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2008/10/23 03:27:44 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2008/10/23 03:27:44 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2008/10/23 03:27:44 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2008/10/23 03:27:44 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2008/10/23 03:27:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2008/10/23 03:27:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2008/10/23 03:27:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2008/10/23 03:27:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2008/10/23 03:27:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2008/10/23 03:27:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2008/10/23 03:27:42 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2008/10/23 03:27:42 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/10/23 03:27:42 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/10/23 03:27:42 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv
[2008/10/23 03:27:42 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2008/10/23 03:27:42 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/10/23 03:27:42 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/10/23 03:27:42 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/10/23 03:27:42 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2008/10/23 03:27:42 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv
[2008/10/23 03:27:42 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2008/10/23 03:27:41 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll
[2008/10/23 03:27:41 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2008/10/23 03:27:41 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll
[2008/10/23 03:27:41 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2008/10/23 03:27:41 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv
[2008/10/23 03:27:41 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2008/10/23 03:27:41 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2008/10/23 03:27:41 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv
[2008/10/23 03:27:41 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2008/10/23 03:27:41 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv
[2008/10/23 03:27:41 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2008/10/23 03:27:41 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll
[2008/10/23 03:27:41 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2008/10/23 03:27:41 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll
[2008/10/23 03:27:41 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2008/10/23 03:27:41 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll
[2008/10/23 03:27:41 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2008/10/23 03:27:41 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll
[2008/10/23 03:27:41 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2008/10/23 03:27:41 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll
[2008/10/23 03:27:41 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2008/10/23 03:27:41 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv
[2008/10/23 03:27:41 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2008/10/23 03:27:41 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv
[2008/10/23 03:27:41 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2008/10/23 03:27:41 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv
[2008/10/23 03:27:41 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2008/10/23 03:27:41 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv
[2008/10/23 03:27:41 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2008/10/23 03:27:41 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv
[2008/10/23 03:27:41 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2008/10/23 03:27:41 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk
[2008/10/23 03:27:41 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2008/10/23 03:27:40 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2008/10/23 03:27:40 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2008/10/23 03:27:40 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2008/10/23 03:27:40 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2008/10/23 03:27:40 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2008/10/23 03:27:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/10/23 03:27:40 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2008/10/23 03:27:40 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2008/10/23 03:27:40 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2008/10/23 03:27:40 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2008/10/23 03:27:40 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/10/23 03:27:32 | 00,000,130 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/10/23 03:27:32 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/10/23 03:27:32 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/10/23 03:27:31 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/10/23 03:27:31 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/10/23 03:27:31 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/10/23 03:27:30 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/10/23 03:27:30 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/10/23 03:27:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2008/10/23 03:27:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2008/10/23 03:27:16 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/10/23 03:27:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/10/23 03:27:02 | 00,101,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/23 03:26:14 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2008/10/23 03:26:11 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/10/23 03:23:32 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/10/23 03:23:32 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2008/10/23 03:23:32 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/10/23 03:23:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/10/23 03:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2008/10/03 13:41:15 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/24 08:49:32 | 06,854,432 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/24 07:35:24 | 00,329,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/24 07:26:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/24 02:04:03 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/10/23 21:24:05 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Game\Desktop\OTViewIt.exe
[2008/10/23 21:13:54 | 00,008,284 | ---- | M] () -- C:\WINDOWS\BOC426.INI
[2008/10/23 21:10:46 | 00,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/23 21:09:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/23 21:09:37 | 00,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/10/23 21:08:33 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 21:08:33 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 21:08:33 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 21:08:33 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 21:08:33 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000006-00001102-00000004-10021102}.rfx
[2008/10/23 21:08:33 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/23 21:08:33 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/23 21:08:32 | 00,079,988 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/23 21:08:32 | 00,023,564 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/23 21:07:51 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.CDF
[2008/10/23 21:07:51 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000006-00001102-00000004-10021102}.BAK
[2008/10/23 19:12:14 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/23 19:11:39 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Game\My Documents\mbam-setup.exe
[2008/10/23 19:03:36 | 00,000,539 | ---- | M] () -- C:\Documents and Settings\Game\Desktop\WoW.lnk
[2008/10/23 18:57:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/23 18:55:53 | 03,172,552 | -H-- | M] () -- C:\Documents and Settings\Game\Local Settings\Application Data\IconCache.db
[2008/10/23 18:55:30 | 19,694,8676 | ---- | M] () -- C:\Documents and Settings\Game\My Documents\XP-8.432-071101a-054437C-ATI.zip
[2008/10/23 18:25:17 | 31,996,750 | ---- | M] () -- C:\Documents and Settings\Game\My Documents\488.zip
[2008/10/23 17:21:04 | 00,305,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Game\My Documents\dxwebsetup.exe
[2008/10/23 16:44:58 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2008/10/23 16:44:13 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2008/10/23 16:38:29 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Media Player.lnk
[2008/10/23 16:34:54 | 02,387,480 | ---- | M] () -- C:\Documents and Settings\Game\My Documents\adobe-svg-viewer.exe
[2008/10/23 16:33:45 | 02,940,520 | ---- | M] (Siber Systems) -- C:\Documents and Settings\Game\My Documents\roboform.exe
[2008/10/23 16:07:13 | 00,000,127 | ---- | M] () -- C:\Documents and Settings\Game\Local Settings\Application Data\fusioncache.dat
[2008/10/23 16:05:54 | 00,101,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/23 16:03:10 | 00,017,808 | ---- | M] () -- C:\Documents and Settings\Game\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/23 15:54:30 | 00,000,588 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/23 15:28:23 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/23 15:26:58 | 00,494,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/23 15:26:58 | 00,426,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/23 15:26:58 | 00,070,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/23 15:14:46 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/23 15:14:46 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/23 15:13:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/10/23 14:57:35 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\Game\My Documents\desktop.ini
[2008/10/23 14:32:10 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/10/23 14:17:42 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/23 13:23:20 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/23 13:18:55 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/23 12:51:09 | 00,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2008/10/23 12:33:14 | 00,012,980 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/10/23 10:08:41 | 00,000,130 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/10/23 09:55:38 | 00,000,102 | ---- | M] () -- C:\WINDOWS\VSWizard.ini
[2008/10/23 09:05:38 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/23 09:05:38 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/23 09:02:03 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/10/23 09:02:03 | 00,086,016 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/10/23 08:59:33 | 00,001,200 | ---- | M] () -- C:\Documents and Settings\Game\Desktop\'Earthsim'.lnk
[2008/10/23 08:50:15 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2008/10/23 07:49:22 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2008/10/23 07:48:35 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/10/23 07:46:58 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Game\Start Menu\Programs\Startup\desktop.ini
[2008/10/23 07:46:58 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/10/23 07:46:53 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/10/23 07:46:53 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/10/23 07:46:53 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/23 07:46:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/10/23 07:46:53 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/23 07:46:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/10/23 07:46:50 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2008/10/23 07:46:44 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/23 07:44:27 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/23 07:44:16 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/10/23 07:44:16 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/10/23 03:27:52 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/23 03:27:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Game\Application Data\desktop.ini
[2008/10/23 03:27:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 12:19:42 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >



Extras Log:
OTViewIt Extras logfile created on: 10/24/2008 8:51:38 AM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Game\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 29.82 Gb Free Space | 77.79% Space Free | Partition Type: NTFS
Drive D: | 29.35 Gb Total Space | 29.29 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 0.63 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive F: | 29.29 Gb Total Space | 29.23 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive G: | 27.09 Gb Total Space | 9.33 Gb Free Space | 34.42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN001
Current User Name: Game
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/12/15 11:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 12:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/23 18:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/23 18:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/23 18:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/20 21:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/20 21:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/23 19:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/20 21:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/23 18:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2005/09/16 00:29:38 | 00,421,888 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2005/09/16 00:34:18 | 00,733,184 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/23 19:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 12:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
File not found -- F:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility
[2008/04/13 20:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{17A022E1-4C3A-4052-A078-F41CA231BDAF}"=RPS Ad Blocker
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}"=CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{1F8640AF-F0BB-C185-C0C7-A618C9D8CC5F}"=Catalyst Control Center Graphics Light
"{203418ED-0264-4882-BD3C-FA51E1BA2F51}"=RPS Backup
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}"=PerfectDisk
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{29931C9B-6DCE-B152-575B-837D698E08E3}"=ccc-core-static
"{2A548002-9042-4083-A270-B67473DE1073}"=SkinsHP1
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{37E48C2C-1ABD-4218-9AB2-F08D578F53BB}"=RPS App Detector
"{3C586119-257A-B324-F6D7-8C14A8E63A8F}"=Catalyst Control Center Graphics Full Existing
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}"=DocumentViewer
"{3E363410-6618-DE74-FA07-6DACC0248608}"=Skins
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HYDRAVISION
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}"=RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}"=BACS
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}"=CP_Panorama1Config
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{4F087AEB-84C2-40C3-5CD7-91AD81E6EC99}"=Catalyst Control Center Graphics Full New
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54431C40-499C-435A-9562-BFB07F715D1C}"=RPS AntiFraud
"{54F0998F-73C8-4b51-8286-FE903C231BED}"=cp_PosterPrintConfig
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}"=Adobe Media Player
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}"=4300
"{63F91D28-9E2D-4394-ABF2-172A5893F21E}"=RPS ParentalControl
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{67D9DFAD-A19A-4A03-908C-CF21498661D9}"=RPS AntiVirus
"{681AF127-DB87-4A0F-BF7C-067C5C4EF2D3}"=RPS PopupBlocker
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7291295B-4A8B-41D6-A775-D824FBBB0680}"=RPS AntiSpyware
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{750DFF5E-C559-11D4-A441-00B0D0436EE7}"=Broadcom Management Programs
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}"=CP_Package_Basic1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}"=Sonic_PrimoSDK
"{7A22B382-FA54-FA71-FE3D-5ADD12D02234}"=Catalyst Control Center Graphics Previews Common
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{869C3062-4745-4949-B6C9-98AF24D89030}"=PhotoGallery
"{89A24AC0-5D2C-46C1-87B9-14CB3DEDAA55}"=RPS CRT
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}"=ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{9862B19F-4CAD-4EED-920F-2F378D84393F}"=ATI Parental Control & Encoder
"{9947F6B8-D72C-4C24-8422-FDFBFD45EFBA}"=RPS Security Cleanup
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}"=CueTour
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}"=4300Trb
"{A9B86A6B-3D26-43E3-BD68-630CB380CCA3}"=Verizon Internet Security Suite
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}"=MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}"=CP_AtenaShokunin1Config
"{B4FEA924-630D-11D4-B78E-005004566E4D}"=ViewSonic Monitor Drivers
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}"=cp_OnlineProjectsConfig
"{BD3AFD15-119D-4132-BC5A-86DFD93A52FF}"=RPS Diagnostic Utility
"{BF422939-232D-A68C-B57A-367C2804AA00}"=Catalyst Control Center Core Implementation
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{C33F3EF6-3625-4FE5-BCBA-41361C99AF1D}"=Camera Assistant Software for ViewSonic
"{C44064AC-1026-461A-8EE3-EB62BA54C8A7}"=RPS Ksdk
"{C4988CCF-AD1D-4D5A-BFE5-30EC6AA78733}"=RPS Burn
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE177DFA-B1C8-BB04-8284-E1CB240CC9DD}"=ccc-core-preinstall
"{CF7C4842-3370-B6C0-287D-674FD99AEBB2}"=CCC Help English
"{D182265E-6E3A-469B-A972-D215B7A38916}"=RPS Firewall
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}"=InstantShareDevices
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}"=PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E67C44E1-E5E0-470B-A6A6-BDE53A8A1A70}"=RPS Privacy Manager
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}"=4300_Help
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}"=HP Software Update
"{F3A807CB-6039-4246-B175-DFE8ABE3E7C8}"=RPS Performance Tool
"{F438BC30-413F-4C1D-850E-8C64A105A2AE}"=RPS Zip
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{F62DFC11-8A61-D19B-1A68-BAE51C35BC43}"=ccc-utility
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FB5B20CD-3871-46EC-B504-2851E5C75A9E}"=RPS RpsCore
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"AI RoboForm"=AI RoboForm (All Users)
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AudioConSole"=Creative Audio Console
"CBOClean"=BOClean
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"HP Document Viewer"=HP Document Viewer 6.1
"HP Imaging Device Functions"=HP Imaging Device Functions 6.1
"HP Photo & Imaging"=HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities"=HP Extended Capabilities 6.1
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}"=Broadcom Advanced Control Suite
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1"=Verizon Servicepoint 1.5.22
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2008 8:54:21 AM | Computer Name = MAIN001 | Source = MsiInstaller | ID = 10000
Description =

Error - 10/23/2008 8:59:05 AM | Computer Name = MAIN001 | Source = MsiInstaller | ID = 10005
Description = Product: Windows Defender -- Windows Defender requires Windows XP
Service Pack 2. To view a list of all installation requirements, visit the Microsoft
website: http://go.microsoft.com/fwlink/?LinkId=63848

Error - 10/23/2008 3:16:12 PM | Computer Name = MAIN001 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 10/23/2008 4:36:17 PM | Computer Name = MAIN001 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module flash6.ocx, version 6.0.88.0, fault address 0x0004efd6.

Error - 10/23/2008 7:17:23 PM | Computer Name = MAIN001 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4005.0, P3 unspecified, P4
1.45.1012.0, P5 fad95e89-c336-4acb-a477-3ab508748214, P6 NIL, P7 NIL, P8 NIL, P9
NIL, P10 NIL.

Error - 10/23/2008 7:17:41 PM | Computer Name = MAIN001 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.4005.0, P3 unspecified, P4
1.45.1012.0, P5 018f1877-1e02-41ee-ae8a-405f9951d062, P6 NIL, P7 NIL, P8 NIL, P9
NIL, P10 NIL.

[ System Events ]
Error - 10/23/2008 11:53:12 AM | Computer Name = MAIN001 | Source = b57w2k | ID = 327699
Description = Broadcom NetXtreme Gigabit Ethernet: This driver does not support
this device. Upgrade to the latest driver.

Error - 10/23/2008 12:15:03 PM | Computer Name = MAIN001 | Source = BCM44X2 | ID = 5005
Description = BCM 4412 10/100 Ethernet Network Adapter : Has encountered an internal
error and has failed.

Error - 10/23/2008 12:15:25 PM | Computer Name = MAIN001 | Source = BCM42XX | ID = 5005
Description = Broadcom 4211 iLine10™ Network Adapter : Has encountered an internal
error and has failed.

Error - 10/23/2008 12:15:46 PM | Computer Name = MAIN001 | Source = bcm4sbxp | ID = 5005
Description = MSI/Broadcom 440x 10/100 Integrated Controller : Has encountered an
internal error and has failed.

Error - 10/23/2008 12:16:08 PM | Computer Name = MAIN001 | Source = b57w2k | ID = 327699
Description = Broadcom NetXtreme Gigabit Ethernet: This driver does not support
this device. Upgrade to the latest driver.

Error - 10/23/2008 12:16:22 PM | Computer Name = MAIN001 | Source = BCM42XX | ID = 5005
Description = BCM 4410 iLine32™ Network Adapter : Has encountered an internal
error and has failed.

Error - 10/23/2008 12:26:45 PM | Computer Name = MAIN001 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 10/23/2008 4:04:10 PM | Computer Name = MAIN001 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/23/2008 4:09:47 PM | Computer Name = MAIN001 | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.

Error - 10/23/2008 5:40:45 PM | Computer Name = MAIN001 | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.


< End of report >




Kaspersky Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 24, 2008 11:13:06
Records in database: 1341937
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 62805
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:53:27

No malware has been detected. The scan area is clean.

The selected area was scanned.


I hope that all the trojans have been taken care of now.
Thanks again for your help in this matter Bill.

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:22 AM

Posted 24 October 2008 - 09:40 PM

Hello, stranger12.
Yep, they look pretty much gone. Let's get rid of the stuff still flagged by Kaspersky.

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    D:\backup-20040927-222657-935.dll
    D:\Downloads\sdsetup.exe
    F:\World of Warcraft\WowInitcode.dat
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:22 AM

Posted 26 October 2008 - 09:49 PM

Hello, stranger12.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users