Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plaguing Trojan(s)/Hijackers attached to svchost.exe.


  • This topic is locked This topic is locked
19 replies to this topic

#1 moliere

moliere

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 21 October 2008 - 01:49 PM

Hello, I thought I'd post my problem here as I've been seeking advice for a few days.
I'd great appreciate some help in removing a hijacker/trojan or infection of the file: svchost.exe.

I assume there is something wrong because:
-there are several processes and they eat up far more memory than usual
-my computer is unusually slow
-mozilla firefox has stopped working completely (if it opens, it automatically closes)
-several applications stopped working

Also I thought I'd note that (recently) whenever I start up a game that I regularly play, it warns me that my computer is infected by a "Trojan.PSW.O.juki.33056."
I'm not sure whether this has anything to do with my problem, though I should mention that the game stopped functioning correctly at the same time that all of this started.

I completed all the steps, but the infection is recurrent and I can't seem to get to the bottom of this.

If there is any other information I can supply you with, please let me know!

Here is a recent HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:20 AM, on 10/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\ProtectService\ProtectService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [instal] D:\install\install.exe
O4 - HKLM\..\Run: [Jrgypooo] C:\Program Files\Qaqbrhk\Nrbzk.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) -
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D2139-C3D0-4A58-B0A5-E03A6CAE8053}: NameServer = 128.242.126.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Program Files\ProtectService\ProtectService.exe

--
End of file - 9764 bytes

BC AdBot (Login to Remove)

 


m

#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 25 October 2008 - 12:11 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 moliere

moliere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 25 October 2008 - 03:16 PM

Thank you very much for your response.
Since posting the thread, I've only installed the following programs (as directed by the log-posting guide):
-Ad-Aware
-Malwarebyte's Anti-Malware
-Spybot S&D

Another person using the computer installed something called Prevx1.. I'm not certain what it is, it seems to be a trial version malware blocker or something.

I won't uninstall anything unless directed to do so.

Here is the OTviewit.txt log:

OTViewIt logfile created on: 10/25/2008 1:08:22 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 186.86 Mb Available Physical Memory | 36.64% Memory free
1.65 Gb Paging File | 0.33 Gb Available in Paging File | 19.96% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 23.70 Gb Free Space | 33.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZEN-EIR2CVHVA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/10/20 21:08:13 | 00,880,696 | ---- | M] (Prevx) -- C:\Program Files\PrevxCSI\prevxcsi.exe
[2007/03/27 11:17:20 | 00,139,264 | ---- | M] (Prevx) -- C:\Program Files\Prevx1\PXAgent.exe
[2008/09/15 10:42:51 | 00,012,032 | RHS- | M] () -- C:\Program Files\ProtectService\ProtectService.exe
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2008/10/24 20:20:44 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/10/17 23:55:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/08/22 22:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/10/20 21:08:13 | 00,880,696 | ---- | M] (Prevx) -- C:\Program Files\PrevxCSI\prevxcsi.exe -- (CSIScanner [Auto | Running])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/06/16 12:43:37 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
File not found -- -- (msfwsvc [Auto | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/03/27 11:17:20 | 00,139,264 | ---- | M] (Prevx) -- C:\Program Files\Prevx1\PXAgent.exe -- (PREVXAgent [Auto | Running])
[2005/08/02 14:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2008/09/15 10:42:51 | 00,012,032 | RHS- | M] () -- C:\Program Files\ProtectService\ProtectService.exe -- (Shell Hardware Detection (ShellHWDetection) [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/05/31 01:55:19 | 00,024,304 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2006/05/31 01:58:14 | 00,087,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2006/05/31 01:56:56 | 00,016,352 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
[2006/05/31 01:56:31 | 00,036,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/03 09:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2002/06/23 14:31:20 | 00,045,568 | R--- | M] (D-Link Corporation ) -- C:\WINDOWS\system32\drivers\DLKRTS.SYS -- (DLKRTS [On_Demand | Running])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/08/02 17:19:25 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2005/01/23 11:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2004/08/03 22:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2006/09/12 02:06:08 | 00,081,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv [Auto | Running])
[2006/09/12 02:06:06 | 00,105,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR [System | Running])
[2004/08/03 22:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 14:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2007/03/26 16:22:58 | 00,290,816 | ---- | M] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\system32\drivers\pxfsf.sys -- (PrevxDriver [Boot | Running])
[2007/03/26 16:23:02 | 00,101,120 | ---- | M] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\system32\drivers\PxEmu.sys -- (PREVXEmulator [On_Demand | Stopped])
[2007/03/26 16:23:00 | 00,019,200 | ---- | M] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\system32\drivers\pxtdi.sys -- (PREVXTdi [System | Running])
[2003/07/16 13:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/10/20 21:08:13 | 00,025,400 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxark.sys -- (pxark [Boot | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/12/15 11:19:36 | 00,013,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\PxRD.sys -- (PXRDDriver [System | Running])
[2004/07/29 16:29:58 | 00,211,072 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Stopped])
[2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/11/18 11:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/09/02 02:19:08 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} (HKLM) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx\pxbho.dll (Prevx Ltd.)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"instal"=D:\install\install.exe File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Jrgypooo"=C:\Program Files\Qaqbrhk\Nrbzk.exe File not found
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" (Prevx)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()
"WinPatrol"=C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ()
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File not found
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun (Octoshape ApS)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ()
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File not found
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun (Octoshape ApS)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2000/01/21 01:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
File not found -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [2007/03/14 03:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> [2007/03/14 03:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> [2007/03/14 03:43:41 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{0EC4C9E3-EC6A-11CF-8E3B-444553540000}: -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}: -- Microsoft Data Collection Control
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}: http://moneycentral.msn.com/cabs/pmupd806.exe -- MSN Money Charting
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://scan.safety.live.com/resource/downl...lscbase5059.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{AECD14A8-F662-11D1-A395-00805F535788}: -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1CFB8E23-62FC-4B40-8203-360A522FCBB7} (Servers: | Description: D-Link DFE-530TX+ PCI Adapter)
{817D2139-C3D0-4A58-B0A5-E03A6CAE8053} (Servers: 128.242.126.95 | Description: Belkin 802.11g Wireless Card)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
dimsntfy: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/07/30 17:19:15 | 00,000,050 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[691 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/25 13:07:00 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/24 03:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BitTorrent Downloads
[2008/10/22 18:43:38 | 00,095,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/22 07:02:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2008/10/22 05:42:44 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2008/10/21 15:53:58 | 00,022,528 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2008/10/21 00:29:16 | 00,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/20 22:40:56 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 21:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/20 21:08:13 | 00,025,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxark.sys
[2008/10/20 21:08:12 | 00,000,000 | ---D | C] -- C:\Program Files\PrevxCSI
[2008/10/20 21:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
[2008/10/20 20:53:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Prevx
[2008/10/20 20:53:38 | 00,101,120 | ---- | C] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\System32\drivers\PxEmu.sys
[2008/10/20 20:53:37 | 00,019,200 | ---- | C] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\System32\drivers\pxtdi.sys
[2008/10/20 20:53:37 | 00,007,680 | ---- | C] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\System32\pxinst.dll
[2008/10/20 20:53:33 | 00,290,816 | ---- | C] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\System32\drivers\pxfsf.sys
[2008/10/20 20:53:22 | 00,008,192 | ---- | C] (Prevx Limited, http://www.prevx1.com/) -- C:\WINDOWS\System32\drivers\pxcom.sys
[2008/10/20 20:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
[2008/10/20 20:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx1
[2008/10/20 20:52:05 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\PxRD.sys
[2008/10/20 19:47:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2008/10/18 14:28:57 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/18 14:27:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/10/18 00:19:06 | 00,000,039 | ---- | C] () -- C:\WINDOWS\1.ini
[2008/10/17 23:56:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 23:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2008/10/17 13:39:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/17 13:39:35 | 00,000,020 | ---- | C] () -- C:\WINDOWS\syscheck
[2008/10/14 11:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
[2008/10/08 09:53:47 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/08 09:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2008/10/07 22:54:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/07 22:17:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/07 22:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/07 22:17:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/07 22:05:27 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/07 22:05:27 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/07 22:05:27 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/10/07 22:05:27 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/10/07 22:05:27 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/10/07 22:05:27 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/07 22:05:27 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/10/07 22:05:27 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/10/07 22:05:27 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/10/07 22:05:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/07 22:05:27 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/07 22:05:27 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/07 22:05:27 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/10/07 22:05:27 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/10/07 22:05:26 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/10/07 22:05:26 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/07 22:05:26 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/10/07 22:05:26 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/07 22:05:26 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/10/07 22:05:26 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/07 22:05:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/10/07 22:05:26 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/07 22:05:26 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/07 22:05:26 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/10/07 22:05:26 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/10/07 22:05:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/10/07 22:05:26 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/07 22:05:25 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/10/07 22:05:24 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiagn.dll
[2008/10/07 22:05:24 | 00,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2008/10/07 22:05:24 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2008/10/07 22:05:23 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2008/10/07 22:05:23 | 00,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2psvc.dll
[2008/10/07 22:05:23 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgraph.dll
[2008/10/07 22:05:23 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2008/10/07 22:05:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbeio.dll
[2008/10/07 22:05:23 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/10/07 22:05:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2008/10/07 22:05:22 | 04,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2008/10/07 22:05:22 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2008/10/07 22:05:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2008/10/07 22:05:21 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/10/07 22:05:21 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb041b.dll
[2008/10/07 22:05:21 | 00,732,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb0424.dll
[2008/10/07 22:05:21 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2008/10/07 22:05:21 | 00,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlqp20.dll
[2008/10/07 22:05:21 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb041b.dll
[2008/10/07 22:05:21 | 00,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2008/10/07 22:05:21 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra041b.dll
[2008/10/07 22:05:21 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra0424.dll
[2008/10/07 22:05:21 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime
[2008/10/07 22:05:21 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqldb20.dll
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2008/10/07 22:05:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2008/10/07 22:05:20 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb0424.dll
[2008/10/07 22:05:20 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2008/10/07 22:05:18 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/10/07 22:05:13 | 00,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2008/10/07 22:05:13 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2008/10/07 22:05:12 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2008/10/07 22:05:12 | 00,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2008/10/07 22:05:12 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/10/07 22:05:12 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentctl.dll
[2008/10/07 22:05:12 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/10/07 22:05:12 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2008/10/07 22:05:12 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2008/10/07 22:05:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040c.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0407.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0816.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0413.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0410.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0c0a.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0416.dll
[2008/10/07 22:05:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041d.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0414.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040b.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0409.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0406.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/10/07 22:05:12 | 00,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/10/07 22:05:11 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2008/10/07 22:05:11 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2008/10/07 22:05:11 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2008/10/07 22:05:11 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2008/10/07 22:05:11 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2008/10/07 22:05:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2008/10/07 22:05:11 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/10/07 22:05:11 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2008/10/07 22:05:11 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2008/10/07 22:05:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2008/10/07 22:05:11 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2008/10/07 22:05:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/10/07 22:05:11 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/10/07 22:05:11 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/10/07 22:05:10 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2008/10/07 22:05:10 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2008/10/07 22:05:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2008/10/07 22:05:09 | 03,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2008/10/07 22:05:09 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/10/07 22:05:09 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/10/07 22:05:09 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2008/10/07 22:05:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2008/10/07 22:05:09 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2008/10/07 22:05:09 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/10/07 22:05:09 | 00,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2008/10/07 22:05:09 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/10/07 22:05:09 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2008/10/07 22:05:09 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2008/10/07 22:05:09 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2008/10/07 22:05:09 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/10/07 22:05:08 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/07 22:05:08 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/07 22:05:08 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/10/07 22:05:08 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2008/10/07 22:05:08 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/10/07 22:05:08 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/10/07 22:05:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nppagent.exe
[2008/10/07 22:05:08 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2008/10/07 22:05:07 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2008/10/07 22:05:07 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/10/07 22:05:07 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/10/07 22:05:07 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2008/10/07 22:05:07 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2008/10/07 22:05:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2008/10/07 22:05:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2008/10/07 22:05:07 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/10/07 22:05:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/07 22:05:04 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2008/10/07 22:05:04 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2008/10/07 22:05:04 | 00,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2008/10/07 22:05:04 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2008/10/07 22:05:04 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2008/10/07 22:05:04 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2008/10/07 22:05:04 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2008/10/07 22:05:04 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2008/10/07 22:05:04 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2008/10/07 22:05:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2008/10/07 22:05:03 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/10/07 22:05:02 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2008/10/07 22:05:02 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2008/10/07 22:05:02 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsetup.dll
[2008/10/07 22:05:02 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2008/10/07 22:05:02 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2008/10/07 22:05:02 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imsinsnt.dll
[2008/10/07 22:05:02 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcstp.dll
[2008/10/07 22:05:01 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2008/10/07 22:05:00 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/10/07 22:05:00 | 00,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2008/10/07 22:05:00 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\guitrn.dll
[2008/10/07 22:05:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2008/10/07 22:05:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2008/10/07 22:04:59 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnt.dll
[2008/10/07 22:04:59 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\script.dll
[2008/10/07 22:04:59 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migism.dll
[2008/10/07 22:04:59 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsldp.dll
[2008/10/07 22:04:59 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmod.dll
[2008/10/07 22:04:59 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migload.exe
[2008/10/07 22:04:59 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2008/10/07 22:04:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2008/10/07 22:04:57 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2008/10/07 22:04:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2008/10/07 22:04:56 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdosys.dll
[2008/10/07 22:04:56 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmgr.dll
[2008/10/07 22:04:56 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2008/10/07 22:04:56 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\capesnpn.dll
[2008/10/07 22:04:56 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cic.dll
[2008/10/07 22:04:56 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2008/10/07 22:04:55 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmdial32.dll
[2008/10/07 22:04:55 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2008/10/07 22:04:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2008/10/07 22:04:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2008/10/07 22:04:55 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2008/10/07 22:04:54 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2008/10/07 22:04:54 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmsp.dll
[2008/10/07 22:04:54 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2008/10/07 22:04:53 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2008/10/07 22:04:52 | 00,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpmon.dll
[2008/10/07 22:04:52 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\daxctle.ocx
[2008/10/07 22:04:52 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\datime.dll
[2008/10/07 22:04:52 | 00,123,904 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgui.dll
[2008/10/07 22:04:52 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/10/07 22:04:51 | 01,501,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskcopy.dll
[2008/10/07 22:04:51 | 00,273,920 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdlgs.dll
[2008/10/07 22:04:51 | 00,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdskmgr.dll
[2008/10/07 22:04:51 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2008/10/07 22:04:51 | 00,045,083 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dispex.dll
[2008/10/07 22:04:50 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2008/10/07 22:04:50 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2008/10/07 22:04:50 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2008/10/07 22:04:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2008/10/07 22:04:49 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2008/10/07 22:04:48 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2008/10/07 22:04:48 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsquery.dll
[2008/10/07 22:04:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2008/10/07 22:04:48 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dskquoui.dll
[2008/10/07 22:04:48 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprop.dll
[2008/10/07 22:04:47 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2008/10/07 22:04:47 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2008/10/07 22:04:47 | 00,382,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontext.dll
[2008/10/07 22:04:47 | 00,380,957 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expsrv.dll
[2008/10/07 22:04:47 | 00,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filemgmt.dll
[2008/10/07 22:04:47 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/07 22:04:47 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2008/10/07 22:04:47 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\els.dll
[2008/10/07 22:04:47 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exts.dll
[2008/10/07 22:04:47 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2008/10/07 22:04:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\forcedos.exe
[2008/10/07 22:04:45 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323msp.dll
[2008/10/07 22:04:45 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2008/10/07 22:04:45 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2008/10/07 22:04:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\help.exe
[2008/10/07 22:04:44 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/07 22:04:44 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2008/10/07 22:04:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\initpki.dll
[2008/10/07 22:04:44 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\input.dll
[2008/10/07 22:04:43 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2008/10/07 22:04:43 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsmsnap.dll
[2008/10/07 22:04:43 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsecsnp.dll
[2008/10/07 22:04:43 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprtrmgr.dll
[2008/10/07 22:04:43 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2008/10/07 22:04:43 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipmontr.dll
[2008/10/07 22:04:43 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2008/10/07 22:04:43 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxwan.dll
[2008/10/07 22:04:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/10/07 22:04:42 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keymgr.dll
[2008/10/07 22:04:42 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/10/07 22:04:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec.dll
[2008/10/07 22:04:41 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2008/10/07 22:04:41 | 00,399,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmrt.dll
[2008/10/07 22:04:41 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localsec.dll
[2008/10/07 22:04:41 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2008/10/07 22:04:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/10/07 22:04:39 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2008/10/07 22:04:39 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mprdim.dll
[2008/10/07 22:04:38 | 00,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2008/10/07 22:04:38 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2008/10/07 22:04:38 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2008/10/07 22:04:38 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2008/10/07 22:04:38 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdart.dll
[2008/10/07 22:04:37 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2008/10/07 22:04:37 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimsg.dll
[2008/10/07 22:04:37 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msihnd.dll
[2008/10/07 22:04:37 | 00,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msieftp.dll
[2008/10/07 22:04:37 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiexec.exe
[2008/10/07 22:04:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msisip.dll
[2008/10/07 22:04:36 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnsspc.dll
[2008/10/07 22:04:36 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjint40.dll
[2008/10/07 22:04:36 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msorcl32.dll
[2008/10/07 22:04:35 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msutb.dll
[2008/10/07 22:04:34 | 01,428,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2008/10/07 22:04:34 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/10/07 22:04:33 | 00,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml2.dll
[2008/10/07 22:04:33 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml.dll
[2008/10/07 22:04:33 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/10/07 22:04:32 | 01,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/07 22:04:32 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 22:04:32 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2008/10/07 22:04:32 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nddeapir.exe
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2008/10/07 22:04:31 | 00,875,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netplwiz.dll
[2008/10/07 22:04:30 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsmgr.dll
[2008/10/07 22:04:30 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmssvc.dll
[2008/10/07 22:04:30 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\objsel.dll
[2008/10/07 22:04:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsdba.dll
[2008/10/07 22:04:30 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ocmanage.dll
[2008/10/07 22:04:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntvdmd.dll
[2008/10/07 22:04:29 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcjt32.dll
[2008/10/07 22:04:28 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbctrac.dll
[2008/10/07 22:04:28 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2008/10/07 22:04:28 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olepro32.dll
[2008/10/07 22:04:28 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli32.dll
[2008/10/07 22:04:27 | 00,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\photowiz.dll
[2008/10/07 22:04:27 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfnet.dll
[2008/10/07 22:04:26 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2008/10/07 22:04:26 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/10/07 22:04:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/10/07 22:04:26 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/10/07 22:04:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/10/07 22:04:26 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/10/07 22:04:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/10/07 22:04:26 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2008/10/07 22:04:25 | 00,397,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwizc.dll
[2008/10/07 22:04:25 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2008/10/07 22:04:24 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2008/10/07 22:04:24 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2008/10/07 22:04:24 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sccsccp.dll
[2008/10/07 22:04:24 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvpsp.dll
[2008/10/07 22:04:22 | 01,497,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2008/10/07 22:04:21 | 08,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2008/10/07 22:04:21 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2008/10/07 22:04:21 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2008/10/07 22:04:20 | 00,363,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smlogcfg.dll
[2008/10/07 22:04:20 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsnap.dll
[2008/10/07 22:04:20 | 00,180,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlunirl.dll
[2008/10/07 22:04:20 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2008/10/07 22:04:20 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sort.exe
[2008/10/07 22:04:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdole2.tlb
[2008/10/07 22:04:18 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi3.dll
[2008/10/07 22:04:18 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2008/10/07 22:04:18 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termmgr.dll
[2008/10/07 22:04:18 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmon.ocx
[2008/10/07 22:04:18 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncui.dll
[2008/10/07 22:04:16 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/07 22:04:16 | 00,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnpui.dll
[2008/10/07 22:04:16 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2008/10/07 22:04:15 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2008/10/07 22:04:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.dll
[2008/10/07 22:04:14 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wavemsp.dll
[2008/10/07 22:04:13 | 00,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winntbbu.dll
[2008/10/07 22:04:13 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2008/10/07 22:04:13 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2008/10/07 22:04:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winver.exe
[2008/10/07 22:04:11 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2008/10/07 22:04:11 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2008/10/07 22:04:10 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/10/07 22:04:10 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/10/07 22:04:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/10/07 22:04:09 | 00,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/10/07 22:04:09 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/10/07 22:04:09 | 00,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/10/07 22:04:09 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/10/07 22:04:09 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/10/07 22:04:09 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/10/07 22:04:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/10/07 22:04:09 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/10/07 22:04:09 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/10/07 22:04:09 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/10/07 22:04:09 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/10/07 22:04:09 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cacls.exe
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/10/07 22:04:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/10/07 22:04:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/10/07 22:04:08 | 00,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/10/07 22:04:08 | 00,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2008/10/07 22:04:08 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/10/07 22:04:08 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/10/07 22:04:08 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/10/07 22:04:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/10/07 22:04:07 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/10/07 22:04:07 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/10/07 22:04:07 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2008/10/07 22:04:07 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/10/07 22:04:07 | 00,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/10/07 22:04:07 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2008/10/07 22:04:07 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/10/07 22:04:07 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/10/07 22:04:07 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/10/07 22:04:07 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/10/07 22:04:07 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/10/07 22:04:07 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/10/07 22:04:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/10/07 22:04:07 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/10/07 22:04:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecnv32.dll
[2008/10/07 22:04:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/10/07 22:04:06 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\untfs.dll
[2008/10/07 22:04:06 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/10/07 22:04:06 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winspool.drv
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2008/10/07 22:04:05 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/10/07 22:04:05 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/10/07 22:04:04 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/10/07 22:04:04 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/07 22:04:04 | 00,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/10/07 22:04:04 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/10/07 22:04:04 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/10/07 22:04:04 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/10/07 22:04:04 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/07 22:04:04 | 00,134,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/10/07 22:04:04 | 00,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/10/07 22:04:04 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/10/07 22:04:04 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/10/07 22:04:04 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/10/07 22:04:04 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/10/07 22:04:04 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/10/07 22:04:04 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/10/07 22:04:04 | 00,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/10/07 22:04:04 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/10/07 22:04:04 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/10/07 22:04:04 | 00,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/10/07 22:04:04 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/10/07 22:04:04 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/10/07 22:04:04 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/10/07 22:04:04 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/10/07 22:04:04 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/10/07 22:04:04 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2008/10/07 22:04:04 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/10/07 22:04:04 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/10/07 22:04:04 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/10/07 22:04:04 | 00,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2008/10/07 22:04:04 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fips.sys
[2008/10/07 22:04:04 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/10/07 22:04:04 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/10/07 22:04:04 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/10/07 22:04:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/10/07 22:04:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/10/07 22:04:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/10/07 22:04:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/10/07 22:04:04 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/10/07 22:04:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/10/07 22:04:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/10/07 22:04:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/10/07 22:04:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/10/07 22:04:04 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/10/07 22:04:04 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/10/07 22:04:04 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/10/07 22:04:04 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/10/07 22:04:04 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2008/10/07 22:04:04 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/10/07 22:04:04 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/10/07 22:04:04 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2008/10/07 22:04:03 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/10/07 22:04:03 | 00,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/10/07 22:04:03 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/10/07 22:04:03 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/10/07 22:04:03 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/10/07 22:04:03 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/10/07 22:04:03 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/10/07 22:04:03 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/07 22:04:02 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/10/07 22:04:02 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/10/07 22:04:02 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/10/07 22:04:02 | 00,119,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/10/07 22:04:02 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/10/07 22:04:02 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/10/07 22:04:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/10/07 22:04:02 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/10/07 22:04:02 | 00,064,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/10/07 22:04:02 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/10/07 22:04:02 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/10/07 22:04:02 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/10/07 22:04:02 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/10/07 22:04:02 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/10/07 22:04:02 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/10/07 22:04:02 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/10/07 22:04:02 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/10/07 22:04:02 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\partmgr.sys
[2008/10/07 22:04:02 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/10/07 22:04:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/10/07 22:04:02 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/10/07 22:04:02 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2008/10/07 22:04:02 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/10/07 22:04:02 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2008/10/07 22:04:01 | 00,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys
[2008/10/07 22:04:01 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2008/10/07 22:04:01 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/10/07 22:04:01 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd.sys
[2008/10/07 22:04:01 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/10/07 22:04:01 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/10/07 22:04:01 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2008/10/07 22:04:01 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2008/10/07 22:04:01 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/07 22:04:00 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/10/07 22:04:00 | 00,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/10/07 22:04:00 | 00,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2008/10/07 22:04:00 | 00,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008/10/07 22:04:00 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wanarp.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/10/07 22:04:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys
[2008/10/07 22:04:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2008/10/07 22:04:00 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[691 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/25 08:46:03 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2008/10/25 08:45:40 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Live Messenger.lnk
[2008/10/24 20:20:44 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/10/24 18:31:51 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/24 18:30:47 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/24 18:30:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/24 18:30:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/22 18:43:39 | 00,095,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/21 15:40:35 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/21 11:54:07 | 00,000,039 | ---- | M] () -- C:\WINDOWS\1.ini
[2008/10/21 00:29:16 | 00,000,085 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 22:40:56 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 21:08:13 | 00,025,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxark.sys
[2008/10/20 20:51:51 | 00,077,312 | ---- | M] () -- C:\WINDOWS\ua2.dll
[2008/10/19 22:54:24 | 00,878,080 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable
[2008/10/19 21:27:36 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/10/17 23:56:13 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 13:39:37 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/17 13:39:35 | 00,000,020 | ---- | M] () -- C:\WINDOWS\syscheck
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 03:11:37 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 03:04:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/14 12:36:08 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/12 13:14:17 | 02,516,992 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\My Documents\Thumbs.db:encryptable
[2008/10/11 00:36:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 22:57:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/07 22:57:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/07 22:29:36 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >



Here is the Extras.txt log:

OTViewIt Extras logfile created on: 10/25/2008 1:08:22 PM - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 186.86 Mb Available Physical Memory | 36.64% Memory free
1.65 Gb Paging File | 0.33 Gb Available in Paging File | 19.96% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 23.70 Gb Free Space | 33.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZEN-EIR2CVHVA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 00:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
File not found -- C:\WoS\Souls.exe:*:Enabled:Well of Souls
File not found -- C:\WoS\MIX\Mix.exe:*:Enabled:MIX
[2006/10/10 10:53:46 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2004/08/04 00:56:48 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2004/08/04 00:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
File not found -- C:\Documents and Settings\Owner\Desktop\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Documents and Settings\Owner\Desktop\WoW-2.0.0.5991-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader
File not found -- C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader
[2005/03/15 00:00:00 | 01,646,592 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/09/07 16:01:54 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Documents and Settings\Owner\Desktop\utorrent.exe:*:Enabled:µTorrent
[2007/06/01 19:59:01 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne
[2007/06/01 19:59:02 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[2007/06/01 19:36:56 | 00,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\World Editor.exe:*:Enabled:Warcraft III World Editor
File not found -- C:\Program Files\AsiaSoft\Common\KongRun.exe:*:Enabled:KongKong Online
[2008/10/08 22:41:48 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client
[2008/10/02 21:39:18 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory
[2007/04/27 14:17:26 | 00,050,736 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2007/09/24 18:50:42 | 00,081,920 | ---- | M] (Valve) -- C:\Program Files\Steam\steamapps\punkintended@aol.com\half-life\hl.exe:*:Enabled:Half-Life Launcher
[2008/08/22 22:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
[2008/06/10 23:23:50 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\steamapps\punkintended@aol.com\counter-strike source\hl2.exe:*:Enabled:hl2
File not found -- C:\Souls.exe:*:Enabled:Well of Souls
File not found -- C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek
[2005/04/17 15:08:10 | 03,112,960 | ---- | M] () -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek
File not found -- C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????
[2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
File not found -- C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2004/08/04 00:56:55 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing
[2008/01/15 03:22:48 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\Hamachi\hamachi.exe:*:Disabled:Hamachi Client
[2008/06/26 17:01:35 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III
[2008/05/22 06:59:46 | 00,156,944 | ---- | M] (Octoshape ApS) -- C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Documents and Settings\Owner\Desktop\wowclient-downloader.exe:*:Enabled:wowclient-downloader
[2008/10/14 12:34:30 | 02,421,392 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft
[2008/02/06 18:37:52 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/08/04 00:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/08/04 00:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/08/04 00:56:43 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/06 18:37:52 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Professional
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700"=Canon iP1700
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}"=Sony ACID XPress 5.0a
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1C1B6919-00D6-4A9C-B993-1EF82F956530}"=Microsoft Protection Service
"{1D2A3EDF-47E0-4E78-A32F-25E68FDC2E4B}"=Bubble Struggle 1.2
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{22C1B575-C746-46F2-80A3-EE9612AF5FAA}"=Guitar Pro 4 Demo
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36235A3F-92C7-4F90-84E7-3697C59AD369}"=Sony ACID 4.0f
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HydraVision
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}"=BACS
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}"=Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}"=RGSS-RTP Standard
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}"=Power Tab Editor 1.7
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}"=QuickTime
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{850C4C12-57E2-43E4-B66B-B08B120C55F3}"=FireBurner
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}"=Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}"=Ulead GIF Animator 5 Trial
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}"=Macromedia Flash 8 Video Encoder
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}"=Google Gears
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}"=iTunes
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}"=B57Inst
"{BEBDCB3E-D936-4C8D-86ED-11845A05B47A}"=XLink Kai Evolution 7
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}"=WinZip 11.1
"{CF59708F-60F4-11D5-866A-00A0D2183227}"=On2 VP3 Video for Windows Codec
"{D3943D0B-C281-4BF7-9FFB-2A4497986BF9}"=Memory Key Boot Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}"=Apple Mobile Device Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}"=ATI Catalyst Control Center
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1"=WC3Banlist
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"AARONS CLIKER_is1"=Aarons Cliker Version 2.89
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"AIM_6"=AIM 6
"All ATI Software"=ATI - Software Uninstall Utility
"AOL Instant Messenger"=AOL Instant Messenger
"ATI Display Driver"=ATI Display Driver
"AV Voice Changer Software DIAMOND 5.5"=AV Voice Changer Software DIAMOND 5.5
"BitTorrent"=BitTorrent 5.0.9
"BroadJump Client Foundation"=BroadJump Client Foundation
"BSPlayer1"=BSPlayer
"Collab"=Collab
"Croc 2"=Croc 2
"dBpoweramp Music Converter"=dBpoweramp Music Converter
"Easy GIF Animator_is1"=Easy GIF Animator 3.5
"Easy-WebPrint"=Easy-WebPrint
"ExtractNow_is1"=ExtractNow
"EZ Mp3 Recorder"=EZ Mp3 Recorder
"Fraps"=Fraps
"Frets on Fire"=Frets On Fire
"GoogleVideoViewer"=Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
"Guitar Pro 5_is1"=Guitar Pro 5.2
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"Internet Explorer Secure Plug-in"=Internet Explorer Secure Plug-in
"Internet-based TOEFL_is1"=Internet-based TOEFL
"IrfanView"=IrfanView (remove only)
"KongKong Online (English)"=KongKong Online (English)
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2006a"=MSN Money Investment Toolbox
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PCSI"=Prevx CSI
"Prevx1"=Prevx1
"Protected Music Converter_is1"=Protected Music Converter 1.0.0.4
"RealPlayer 6.0"=RealPlayer
"Security Messenger"=Security Messenger
"Snood_is1"=Snood for Windows version 3.52-W
"Softdiv MP3 to WAV Converter_is1"=Softdiv MP3 to WAV Converter 3.0
"SopCast"=SopCast 1.1.2
"Soulseek"=SoulSeek Client 156c
"Steam App 10"=Counter-Strike
"Steam App 80"=Condition Zero
"StepMania"=StepMania (remove only)
"Stop Motion Pro v4_is1"=Stop Motion Pro v4
"Stop Motion Pro v5 Trial_is1"=Stop Motion Pro v5 Trial
"SystemRequirementsLab"=System Requirements Lab
"TabIt for Windows_is1"=TabIt version 2.01 (Trial)
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1"=TeamSpeak 2 Server RC2
"ViewpointMediaPlayer"=Viewpoint Media Player
"Vintage Vocoder 1.03 Build 1"=Vintage Vocoder 1.03 Build 1
"VLC media player"=VideoLAN VLC media player 0.8.6b
"Winamp"=Winamp (remove only)
"Windows Live Safety Scanner"=Windows Live Safety Scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinPcapInst"=WinPcap 3.1
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD"=XviD MPEG-4 Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"I-Doser v4"=I-Doser v4
"Octoshape Streaming Services"=Octoshape Streaming Services
"Steam App 220"=Half-Life 2
"Steam App 240"=Counter-Strike: Source
"Steam App 80"=Condition Zero
"uTorrent"=µTorrent
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"I-Doser v4"=I-Doser v4
"Octoshape Streaming Services"=Octoshape Streaming Services
"Steam App 220"=Half-Life 2
"Steam App 240"=Counter-Strike: Source
"Steam App 80"=Condition Zero
"uTorrent"=µTorrent
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/10/2006 10:33:40 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 8/10/2006 10:34:08 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 8/10/2006 10:34:08 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 8/10/2006 10:34:26 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 8/10/2006 10:35:00 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 8/10/2006 10:35:00 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 8/10/2006 10:35:03 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 8/10/2006 10:38:16 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 8/10/2006 10:38:16 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 8/10/2006 10:38:20 AM | Computer Name = MAZEN-EIR2CVHVA | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

[ Application Events ]
Error - 10/20/2008 9:12:35 PM | Computer Name = MAZEN-EIR2CVHVA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/20/2008 9:12:55 PM | Computer Name = MAZEN-EIR2CVHVA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/20/2008 9:13:20 PM | Computer Name = MAZEN-EIR2CVHVA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/20/2008 9:13:26 PM | Computer Name = MAZEN-EIR2CVHVA | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: This operation returned because the timeout period expired.

Error - 10/20/2008 9:13:35 PM | Computer Name = MAZEN-EIR2CVHVA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/20/2008 10:51:43 PM | Computer Name = MAZEN-EIR2CVHVA | Source = MsiInstaller | ID = 1013
Description = Product: Prevx 2.0 Agent -- Installation terminated. Prevx2 appears
to have been previously installed or is awaiting a reboot. Either run the Prevx2
uninstall or reboot before attempting to install Prevx2

Error - 10/20/2008 10:51:54 PM | Computer Name = MAZEN-EIR2CVHVA | Source = MsiInstaller | ID = 1013
Description = Product: Prevx 2.0 Agent -- Installation terminated. Prevx2 appears
to have been previously installed or is awaiting a reboot. Either run the Prevx2
uninstall or reboot before attempting to install Prevx2

Error - 10/21/2008 3:47:42 AM | Computer Name = MAZEN-EIR2CVHVA | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/21/2008 3:47:43 AM | Computer Name = MAZEN-EIR2CVHVA | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 10/24/2008 10:42:57 AM | Computer Name = MAZEN-EIR2CVHVA | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.3.25, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

[ System Events ]
Error - 10/20/2008 7:47:42 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection (ShellHWDetection) service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 10/20/2008 9:22:42 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 10/20/2008 9:22:42 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 10/20/2008 9:22:42 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7000
Description = The OneCare Firewall service failed to start due to the following
error: %%3

Error - 10/20/2008 9:52:37 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/20/2008 9:52:38 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/20/2008 9:52:49 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection (ShellHWDetection) service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 10/20/2008 11:42:29 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 10/20/2008 11:42:29 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 10/20/2008 11:42:29 PM | Computer Name = MAZEN-EIR2CVHVA | Source = Service Control Manager | ID = 7000
Description = The OneCare Firewall service failed to start due to the following
error: %%3


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 25 October 2008 - 03:31 PM

Hello moliere.

Since you already have Avast! as your antivirus, please uninstall Prevx.

What makes you suspect a trojan is attached to svchost? Many legit processes will also run under it. We can check with Process Explorer later to see what is running under it exactly.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Update Java to Version 6 Update 10
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java, Java SE Runtime Environment (JRE) 6 Update 10 from this page. Follow the prompts and select the appropriate settings for your machine (most likely "Windows"). Click on the "Required File" jre-6u10-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.

Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


Please post back with:
-the MalwareBytes log
-a new OTViewIt log (only OTViewIt.txt)

With Regards,
The Panda

#5 moliere

moliere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 25 October 2008 - 04:03 PM

Well, my Avast! is expired. I can't update my trial version of Avast! because it doesn't appear on my uninstall list.
Are there any others you recommend or is there another way to uninstall it?


EDIT: Actually I found an uninstall utility from the developers of Avast!.. so I think I'll just do that when the scan finishes.

(I uninstalled bittorrent, uninstalled/updated my Java, and the Malwarebyte quick scan is running right now..)

Edited by moliere, 25 October 2008 - 04:11 PM.


#6 moliere

moliere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 25 October 2008 - 04:24 PM

Here is the Malwarebyte log:

Malwarebytes' Anti-Malware 1.28
Database version: 1166
Windows 5.1.2600 Service Pack 2

10/25/2008 2:12:19 PM
mbam-log-2008-10-25 (14-12-16).txt

Scan type: Quick Scan
Objects scanned: 61560
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.



Here is the new OTviewit.txt log:

OTViewIt logfile created on: 10/25/2008 2:21:54 PM - Run 2
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 167.89 Mb Available Physical Memory | 32.92% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 24.11 Gb Free Space | 33.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZEN-EIR2CVHVA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2001/10/18 13:37:22 | 00,483,394 | ---- | M] (BroadJump, Inc.) -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007/05/14 15:22:22 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/01/10 15:27:36 | 00,385,024 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/01/15 03:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/05/11 09:45:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/10/25 13:48:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/10/17 23:55:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/09/15 10:42:51 | 00,012,032 | RHS- | M] () -- C:\Program Files\ProtectService\ProtectService.exe
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2004/08/04 00:56:57 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 00:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2004/08/04 00:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/08/22 22:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/25 14:21:51 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe

========== (O23) Win32 Services ==========

[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/06/16 12:43:37 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
File not found -- -- (msfwsvc [Auto | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/08/02 14:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2008/09/15 10:42:51 | 00,012,032 | RHS- | M] () -- C:\Program Files\ProtectService\ProtectService.exe -- (Shell Hardware Detection (ShellHWDetection) [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/05/31 01:55:19 | 00,024,304 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2006/05/31 01:58:14 | 00,087,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2006/05/31 01:56:56 | 00,016,352 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
[2006/05/31 01:56:31 | 00,036,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/03 09:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2002/06/23 14:31:20 | 00,045,568 | R--- | M] (D-Link Corporation ) -- C:\WINDOWS\system32\drivers\DLKRTS.SYS -- (DLKRTS [On_Demand | Running])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/08/02 17:19:25 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2005/01/23 11:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2004/08/03 22:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2006/09/12 02:06:08 | 00,081,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv [Auto | Running])
[2006/09/12 02:06:06 | 00,105,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR [System | Running])
[2004/08/03 22:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 14:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/07/16 13:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/07/29 16:29:58 | 00,211,072 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Stopped])
[2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/11/18 11:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/09/02 02:19:08 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"instal"=D:\install\install.exe File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Jrgypooo"=C:\Program Files\Qaqbrhk\Nrbzk.exe File not found
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()
"WinPatrol"=C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File not found
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File not found
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2000/01/21 01:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
File not found -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{0EC4C9E3-EC6A-11CF-8E3B-444553540000}: -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}: -- Microsoft Data Collection Control
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}: http://moneycentral.msn.com/cabs/pmupd806.exe -- MSN Money Charting
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://scan.safety.live.com/resource/downl...lscbase5059.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{AECD14A8-F662-11D1-A395-00805F535788}: -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1CFB8E23-62FC-4B40-8203-360A522FCBB7} (Servers: | Description: D-Link DFE-530TX+ PCI Adapter)
{817D2139-C3D0-4A58-B0A5-E03A6CAE8053} (Servers: 128.242.126.95 | Description: Belkin 802.11g Wireless Card)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
dimsntfy: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/07/30 17:19:15 | 00,000,050 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[694 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/25 14:16:27 | 00,022,528 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2008/10/25 14:08:09 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:49:25 | 27,462,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:44:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/25 13:07:00 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/24 03:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BitTorrent Downloads
[2008/10/22 18:43:38 | 00,095,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/22 07:02:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2008/10/22 05:42:44 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2008/10/21 00:29:16 | 00,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/20 22:40:56 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 21:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/20 21:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
[2008/10/20 19:47:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2008/10/18 14:27:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/10/18 00:19:06 | 00,000,039 | ---- | C] () -- C:\WINDOWS\1.ini
[2008/10/17 23:56:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 23:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2008/10/17 13:39:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/17 13:39:35 | 00,000,020 | ---- | C] () -- C:\WINDOWS\syscheck
[2008/10/14 11:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
[2008/10/08 09:53:47 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/08 09:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2008/10/07 22:54:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/07 22:17:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/07 22:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/07 22:17:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/07 22:05:27 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/07 22:05:27 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/07 22:05:27 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/10/07 22:05:27 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/10/07 22:05:27 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/10/07 22:05:27 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/07 22:05:27 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/10/07 22:05:27 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/10/07 22:05:27 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/10/07 22:05:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/07 22:05:27 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/07 22:05:27 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/07 22:05:27 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/10/07 22:05:27 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/10/07 22:05:26 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/10/07 22:05:26 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/07 22:05:26 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/10/07 22:05:26 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/07 22:05:26 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/10/07 22:05:26 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/07 22:05:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/10/07 22:05:26 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/07 22:05:26 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/07 22:05:26 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/10/07 22:05:26 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/10/07 22:05:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/10/07 22:05:26 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/07 22:05:25 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/10/07 22:05:24 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiagn.dll
[2008/10/07 22:05:24 | 00,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2008/10/07 22:05:24 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2008/10/07 22:05:23 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2008/10/07 22:05:23 | 00,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2psvc.dll
[2008/10/07 22:05:23 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgraph.dll
[2008/10/07 22:05:23 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2008/10/07 22:05:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbeio.dll
[2008/10/07 22:05:23 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/10/07 22:05:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2008/10/07 22:05:22 | 04,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2008/10/07 22:05:22 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2008/10/07 22:05:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2008/10/07 22:05:21 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/10/07 22:05:21 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb041b.dll
[2008/10/07 22:05:21 | 00,732,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb0424.dll
[2008/10/07 22:05:21 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2008/10/07 22:05:21 | 00,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlqp20.dll
[2008/10/07 22:05:21 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb041b.dll
[2008/10/07 22:05:21 | 00,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2008/10/07 22:05:21 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra041b.dll
[2008/10/07 22:05:21 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra0424.dll
[2008/10/07 22:05:21 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime
[2008/10/07 22:05:21 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqldb20.dll
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2008/10/07 22:05:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2008/10/07 22:05:20 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb0424.dll
[2008/10/07 22:05:20 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2008/10/07 22:05:18 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/10/07 22:05:13 | 00,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2008/10/07 22:05:13 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2008/10/07 22:05:12 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2008/10/07 22:05:12 | 00,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2008/10/07 22:05:12 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/10/07 22:05:12 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentctl.dll
[2008/10/07 22:05:12 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/10/07 22:05:12 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2008/10/07 22:05:12 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2008/10/07 22:05:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040c.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0407.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0816.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0413.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0410.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0c0a.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0416.dll
[2008/10/07 22:05:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041d.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0414.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040b.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0409.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0406.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/10/07 22:05:12 | 00,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/10/07 22:05:11 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2008/10/07 22:05:11 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2008/10/07 22:05:11 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2008/10/07 22:05:11 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2008/10/07 22:05:11 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2008/10/07 22:05:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2008/10/07 22:05:11 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/10/07 22:05:11 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2008/10/07 22:05:11 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2008/10/07 22:05:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2008/10/07 22:05:11 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2008/10/07 22:05:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/10/07 22:05:11 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/10/07 22:05:11 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/10/07 22:05:10 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2008/10/07 22:05:10 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2008/10/07 22:05:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2008/10/07 22:05:09 | 03,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2008/10/07 22:05:09 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/10/07 22:05:09 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/10/07 22:05:09 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2008/10/07 22:05:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2008/10/07 22:05:09 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2008/10/07 22:05:09 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/10/07 22:05:09 | 00,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2008/10/07 22:05:09 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/10/07 22:05:09 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2008/10/07 22:05:09 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2008/10/07 22:05:09 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2008/10/07 22:05:09 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/10/07 22:05:08 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/07 22:05:08 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/07 22:05:08 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/10/07 22:05:08 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2008/10/07 22:05:08 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/10/07 22:05:08 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/10/07 22:05:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nppagent.exe
[2008/10/07 22:05:08 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2008/10/07 22:05:07 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2008/10/07 22:05:07 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/10/07 22:05:07 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/10/07 22:05:07 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2008/10/07 22:05:07 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2008/10/07 22:05:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2008/10/07 22:05:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2008/10/07 22:05:07 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/10/07 22:05:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/07 22:05:04 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2008/10/07 22:05:04 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2008/10/07 22:05:04 | 00,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2008/10/07 22:05:04 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2008/10/07 22:05:04 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2008/10/07 22:05:04 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2008/10/07 22:05:04 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2008/10/07 22:05:04 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2008/10/07 22:05:04 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2008/10/07 22:05:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2008/10/07 22:05:03 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/10/07 22:05:02 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2008/10/07 22:05:02 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2008/10/07 22:05:02 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsetup.dll
[2008/10/07 22:05:02 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2008/10/07 22:05:02 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2008/10/07 22:05:02 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imsinsnt.dll
[2008/10/07 22:05:02 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcstp.dll
[2008/10/07 22:05:01 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2008/10/07 22:05:00 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/10/07 22:05:00 | 00,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2008/10/07 22:05:00 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\guitrn.dll
[2008/10/07 22:05:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2008/10/07 22:05:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2008/10/07 22:04:59 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnt.dll
[2008/10/07 22:04:59 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\script.dll
[2008/10/07 22:04:59 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migism.dll
[2008/10/07 22:04:59 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsldp.dll
[2008/10/07 22:04:59 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmod.dll
[2008/10/07 22:04:59 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migload.exe
[2008/10/07 22:04:59 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2008/10/07 22:04:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2008/10/07 22:04:57 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2008/10/07 22:04:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2008/10/07 22:04:56 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdosys.dll
[2008/10/07 22:04:56 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmgr.dll
[2008/10/07 22:04:56 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2008/10/07 22:04:56 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\capesnpn.dll
[2008/10/07 22:04:56 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cic.dll
[2008/10/07 22:04:56 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2008/10/07 22:04:55 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmdial32.dll
[2008/10/07 22:04:55 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2008/10/07 22:04:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2008/10/07 22:04:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2008/10/07 22:04:55 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2008/10/07 22:04:54 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2008/10/07 22:04:54 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmsp.dll
[2008/10/07 22:04:54 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2008/10/07 22:04:53 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2008/10/07 22:04:52 | 00,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpmon.dll
[2008/10/07 22:04:52 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\daxctle.ocx
[2008/10/07 22:04:52 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\datime.dll
[2008/10/07 22:04:52 | 00,123,904 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgui.dll
[2008/10/07 22:04:52 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/10/07 22:04:51 | 01,501,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskcopy.dll
[2008/10/07 22:04:51 | 00,273,920 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdlgs.dll
[2008/10/07 22:04:51 | 00,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdskmgr.dll
[2008/10/07 22:04:51 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2008/10/07 22:04:51 | 00,045,083 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dispex.dll
[2008/10/07 22:04:50 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2008/10/07 22:04:50 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2008/10/07 22:04:50 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2008/10/07 22:04:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2008/10/07 22:04:49 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2008/10/07 22:04:48 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2008/10/07 22:04:48 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsquery.dll
[2008/10/07 22:04:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2008/10/07 22:04:48 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dskquoui.dll
[2008/10/07 22:04:48 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprop.dll
[2008/10/07 22:04:47 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2008/10/07 22:04:47 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2008/10/07 22:04:47 | 00,382,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontext.dll
[2008/10/07 22:04:47 | 00,380,957 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expsrv.dll
[2008/10/07 22:04:47 | 00,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filemgmt.dll
[2008/10/07 22:04:47 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/07 22:04:47 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2008/10/07 22:04:47 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\els.dll
[2008/10/07 22:04:47 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exts.dll
[2008/10/07 22:04:47 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2008/10/07 22:04:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\forcedos.exe
[2008/10/07 22:04:45 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323msp.dll
[2008/10/07 22:04:45 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2008/10/07 22:04:45 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2008/10/07 22:04:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\help.exe
[2008/10/07 22:04:44 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/07 22:04:44 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2008/10/07 22:04:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\initpki.dll
[2008/10/07 22:04:44 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\input.dll
[2008/10/07 22:04:43 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2008/10/07 22:04:43 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsmsnap.dll
[2008/10/07 22:04:43 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsecsnp.dll
[2008/10/07 22:04:43 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprtrmgr.dll
[2008/10/07 22:04:43 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2008/10/07 22:04:43 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipmontr.dll
[2008/10/07 22:04:43 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2008/10/07 22:04:43 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxwan.dll
[2008/10/07 22:04:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/10/07 22:04:42 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keymgr.dll
[2008/10/07 22:04:42 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/10/07 22:04:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec.dll
[2008/10/07 22:04:41 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2008/10/07 22:04:41 | 00,399,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmrt.dll
[2008/10/07 22:04:41 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localsec.dll
[2008/10/07 22:04:41 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2008/10/07 22:04:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/10/07 22:04:39 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2008/10/07 22:04:39 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mprdim.dll
[2008/10/07 22:04:38 | 00,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2008/10/07 22:04:38 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2008/10/07 22:04:38 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2008/10/07 22:04:38 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2008/10/07 22:04:38 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdart.dll
[2008/10/07 22:04:37 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2008/10/07 22:04:37 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimsg.dll
[2008/10/07 22:04:37 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msihnd.dll
[2008/10/07 22:04:37 | 00,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msieftp.dll
[2008/10/07 22:04:37 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiexec.exe
[2008/10/07 22:04:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msisip.dll
[2008/10/07 22:04:36 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnsspc.dll
[2008/10/07 22:04:36 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjint40.dll
[2008/10/07 22:04:36 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msorcl32.dll
[2008/10/07 22:04:35 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msutb.dll
[2008/10/07 22:04:34 | 01,428,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2008/10/07 22:04:34 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/10/07 22:04:33 | 00,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml2.dll
[2008/10/07 22:04:33 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml.dll
[2008/10/07 22:04:33 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/10/07 22:04:32 | 01,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/07 22:04:32 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 22:04:32 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2008/10/07 22:04:32 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nddeapir.exe
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2008/10/07 22:04:31 | 00,875,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netplwiz.dll
[2008/10/07 22:04:30 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsmgr.dll
[2008/10/07 22:04:30 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmssvc.dll
[2008/10/07 22:04:30 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\objsel.dll
[2008/10/07 22:04:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsdba.dll
[2008/10/07 22:04:30 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ocmanage.dll
[2008/10/07 22:04:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntvdmd.dll
[2008/10/07 22:04:29 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcjt32.dll
[2008/10/07 22:04:28 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbctrac.dll
[2008/10/07 22:04:28 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2008/10/07 22:04:28 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olepro32.dll
[2008/10/07 22:04:28 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli32.dll
[2008/10/07 22:04:27 | 00,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\photowiz.dll
[2008/10/07 22:04:27 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfnet.dll
[2008/10/07 22:04:26 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2008/10/07 22:04:26 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/10/07 22:04:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/10/07 22:04:26 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/10/07 22:04:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/10/07 22:04:26 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/10/07 22:04:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/10/07 22:04:26 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2008/10/07 22:04:25 | 00,397,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwizc.dll
[2008/10/07 22:04:25 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2008/10/07 22:04:24 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2008/10/07 22:04:24 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2008/10/07 22:04:24 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sccsccp.dll
[2008/10/07 22:04:24 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvpsp.dll
[2008/10/07 22:04:22 | 01,497,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2008/10/07 22:04:21 | 08,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2008/10/07 22:04:21 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2008/10/07 22:04:21 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2008/10/07 22:04:20 | 00,363,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smlogcfg.dll
[2008/10/07 22:04:20 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsnap.dll
[2008/10/07 22:04:20 | 00,180,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlunirl.dll
[2008/10/07 22:04:20 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2008/10/07 22:04:20 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sort.exe
[2008/10/07 22:04:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdole2.tlb
[2008/10/07 22:04:18 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi3.dll
[2008/10/07 22:04:18 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2008/10/07 22:04:18 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termmgr.dll
[2008/10/07 22:04:18 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmon.ocx
[2008/10/07 22:04:18 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncui.dll
[2008/10/07 22:04:16 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/07 22:04:16 | 00,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnpui.dll
[2008/10/07 22:04:16 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2008/10/07 22:04:15 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2008/10/07 22:04:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.dll
[2008/10/07 22:04:14 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wavemsp.dll
[2008/10/07 22:04:13 | 00,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winntbbu.dll
[2008/10/07 22:04:13 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2008/10/07 22:04:13 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2008/10/07 22:04:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winver.exe
[2008/10/07 22:04:11 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2008/10/07 22:04:11 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2008/10/07 22:04:10 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/10/07 22:04:10 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/10/07 22:04:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/10/07 22:04:09 | 00,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/10/07 22:04:09 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/10/07 22:04:09 | 00,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/10/07 22:04:09 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/10/07 22:04:09 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/10/07 22:04:09 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/10/07 22:04:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/10/07 22:04:09 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/10/07 22:04:09 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/10/07 22:04:09 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/10/07 22:04:09 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/10/07 22:04:09 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cacls.exe
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/10/07 22:04:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/10/07 22:04:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/10/07 22:04:08 | 00,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/10/07 22:04:08 | 00,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2008/10/07 22:04:08 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/10/07 22:04:08 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/10/07 22:04:08 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/10/07 22:04:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/10/07 22:04:07 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/10/07 22:04:07 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/10/07 22:04:07 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2008/10/07 22:04:07 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/10/07 22:04:07 | 00,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/10/07 22:04:07 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2008/10/07 22:04:07 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/10/07 22:04:07 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/10/07 22:04:07 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/10/07 22:04:07 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/10/07 22:04:07 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/10/07 22:04:07 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/10/07 22:04:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/10/07 22:04:07 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/10/07 22:04:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecnv32.dll
[2008/10/07 22:04:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/10/07 22:04:06 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\untfs.dll
[2008/10/07 22:04:06 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/10/07 22:04:06 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winspool.drv
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2008/10/07 22:04:05 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/10/07 22:04:05 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/10/07 22:04:04 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/10/07 22:04:04 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/07 22:04:04 | 00,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/10/07 22:04:04 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/10/07 22:04:04 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/10/07 22:04:04 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/10/07 22:04:04 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/07 22:04:04 | 00,134,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/10/07 22:04:04 | 00,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/10/07 22:04:04 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/10/07 22:04:04 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/10/07 22:04:04 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/10/07 22:04:04 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/10/07 22:04:04 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/10/07 22:04:04 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/10/07 22:04:04 | 00,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/10/07 22:04:04 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/10/07 22:04:04 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/10/07 22:04:04 | 00,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/10/07 22:04:04 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/10/07 22:04:04 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/10/07 22:04:04 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/10/07 22:04:04 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/10/07 22:04:04 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/10/07 22:04:04 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2008/10/07 22:04:04 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/10/07 22:04:04 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/10/07 22:04:04 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/10/07 22:04:04 | 00,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2008/10/07 22:04:04 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fips.sys
[2008/10/07 22:04:04 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/10/07 22:04:04 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/10/07 22:04:04 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/10/07 22:04:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/10/07 22:04:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/10/07 22:04:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/10/07 22:04:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/10/07 22:04:04 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/10/07 22:04:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/10/07 22:04:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/10/07 22:04:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/10/07 22:04:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/10/07 22:04:04 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/10/07 22:04:04 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/10/07 22:04:04 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/10/07 22:04:04 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/10/07 22:04:04 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2008/10/07 22:04:04 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/10/07 22:04:04 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/10/07 22:04:04 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2008/10/07 22:04:03 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/10/07 22:04:03 | 00,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/10/07 22:04:03 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/10/07 22:04:03 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/10/07 22:04:03 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/10/07 22:04:03 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/10/07 22:04:03 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/10/07 22:04:03 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/07 22:04:02 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/10/07 22:04:02 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/10/07 22:04:02 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/10/07 22:04:02 | 00,119,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/10/07 22:04:02 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/10/07 22:04:02 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/10/07 22:04:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/10/07 22:04:02 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/10/07 22:04:02 | 00,064,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/10/07 22:04:02 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/10/07 22:04:02 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/10/07 22:04:02 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/10/07 22:04:02 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/10/07 22:04:02 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/10/07 22:04:02 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/10/07 22:04:02 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/10/07 22:04:02 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/10/07 22:04:02 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\partmgr.sys
[2008/10/07 22:04:02 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/10/07 22:04:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/10/07 22:04:02 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/10/07 22:04:02 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2008/10/07 22:04:02 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/10/07 22:04:02 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2008/10/07 22:04:01 | 00,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys
[2008/10/07 22:04:01 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2008/10/07 22:04:01 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/10/07 22:04:01 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd.sys
[2008/10/07 22:04:01 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/10/07 22:04:01 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/10/07 22:04:01 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2008/10/07 22:04:01 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2008/10/07 22:04:01 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/07 22:04:00 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/10/07 22:04:00 | 00,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/10/07 22:04:00 | 00,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2008/10/07 22:04:00 | 00,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008/10/07 22:04:00 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wanarp.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/10/07 22:04:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys
[2008/10/07 22:04:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2008/10/07 22:04:00 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[694 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/25 14:22:37 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/10/25 14:15:28 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/25 14:15:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/25 14:14:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/25 14:14:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/25 14:08:10 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:50:00 | 27,462,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/25 08:46:03 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2008/10/25 08:45:40 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Live Messenger.lnk
[2008/10/22 18:43:39 | 00,095,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/21 15:40:35 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/21 11:54:07 | 00,000,039 | ---- | M] () -- C:\WINDOWS\1.ini
[2008/10/21 00:29:16 | 00,000,085 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 22:40:56 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 20:51:51 | 00,077,312 | ---- | M] () -- C:\WINDOWS\ua2.dll
[2008/10/19 22:54:24 | 00,878,080 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable
[2008/10/19 21:27:36 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/10/17 23:56:13 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 13:39:37 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/17 13:39:35 | 00,000,020 | ---- | M] () -- C:\WINDOWS\syscheck
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 03:11:37 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 03:04:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/14 12:36:08 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/12 13:14:17 | 02,516,992 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\My Documents\Thumbs.db:encryptable
[2008/10/11 00:36:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 22:57:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/07 22:57:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/07 22:29:36 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 25 October 2008 - 06:19 PM

Hello moliere.

Looks like a bad svchost rather than something bad running under a legit one.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable SpyBot's TeaTimer:
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Re-run scan with MalwareBytes Anti-Malware
Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Jrgypooo"=-
    "instal"=-
    
    :processes
    C:\WINDOWS\svchost.exe
    
    :files
    C:\Program Files\Qaqbrhk
    C:\WINDOWS\syscheck
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\1.ini
    
    
    :commands
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

Please post back with:
-the OTMoveIt log
-the GMER log
-a new OTViewIt log

With Regards,
The Panda

#8 moliere

moliere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 26 October 2008 - 04:51 AM

Thank you very very much for your assistance, Panda! [:

Because I am very forgetful and naive, I had restarted my computer after using OTMoveIt3..
I thought that it would have saved a log, but I see that it hasn't.
If there's any way to recover any type of log, please let me know. I gravely apologize for this!

However, here is my new Malwarebyte log:

Malwarebytes' Anti-Malware 1.28
Database version: 1166
Windows 5.1.2600 Service Pack 2

10/26/2008 2:05:01 AM
mbam-log-2008-10-26 (02-05-01).txt

Scan type: Quick Scan
Objects scanned: 61874
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.


Here is the gmer.txt log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-26 02:38:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF876E0D0]
SSDT sptd.sys ZwEnumerateKey [0xF8773FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8774340]
SSDT sptd.sys ZwOpenKey [0xF876E0B0]
SSDT sptd.sys ZwQueryKey [0xF8774418]
SSDT sptd.sys ZwQueryValueKey [0xF8774298]
SSDT sptd.sys ZwSetValueKey [0xF87744AA]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F7BD162C 5 Bytes JMP 832144E0

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\svchost.exe[2500] C:\WINDOWS\svchost.exe section is writeable [0x00401000, 0x500C, 0xE0000020]
.CRT C:\WINDOWS\svchost.exe[2500] C:\WINDOWS\svchost.exe unknown last section [0x00407000, 0x4, 0xC0000040]
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3692] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F878506C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8785018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F87A79AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F878506C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F876EAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F876EC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F876EB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F876F748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F876F61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F878429A] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02002070] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [020020B0] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02002030] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02002000] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02004C50] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 833D51E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{1CFB8E23-62FC-4B40-8203-360A522FCBB7} 82D7D1E8

AttachedDevice \Driver\Tcpip \Device\Ip msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 8320D790
Device \Driver\usbuhci \Device\USBPDO-1 8320D790
Device \Driver\usbuhci \Device\USBPDO-2 8320D790
Device \Driver\usbehci \Device\USBPDO-3 8320F790

AttachedDevice \Driver\Tcpip \Device\Tcp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8336B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8336B1E8
Device \Driver\Cdrom \Device\CdRom0 8311C1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 833D61E8
Device \Driver\atapi \Device\Ide\IdePort0 833D61E8
Device \Driver\atapi \Device\Ide\IdePort1 833D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 833D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8336B1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82D7D1E8
Device \Driver\NetBT \Device\NetbiosSmb 82D7D1E8

AttachedDevice \Driver\Tcpip \Device\Udp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 8320D790
Device \Driver\usbuhci \Device\USBFDO-1 8320D790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82DD2790
Device \Driver\usbuhci \Device\USBFDO-2 8320D790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82DD2790
Device \Driver\usbehci \Device\USBFDO-3 8320F790
Device \Driver\Ftdisk \Device\FtControl 8336B1E8
Device \FileSystem\Fastfat \Fat 82FFC318
Device \FileSystem\Fastfat \Fat ED4B01F9

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 831A51E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\.aswcs@ aswsfile
Reg HKLM\SOFTWARE\Classes\.aswcs@Content Type application/avast-aswcs
Reg HKLM\SOFTWARE\Classes\.asws@ aswsfile
Reg HKLM\SOFTWARE\Classes\.asws@Content Type application/avast-asws
Reg HKLM\SOFTWARE\Classes\.csk@ cskfile
Reg HKLM\SOFTWARE\Classes\.csk@Content Type application/copernic-csk
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer@ ActiveSkin4.Skin.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer@ ActiveSkin4.SkinLabel.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\aswcsfile@ avast! Compressed Skin
Reg HKLM\SOFTWARE\Classes\aswcsfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\aswcsfile@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell@
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open@
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open\command@ "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe" "%1"
Reg HKLM\SOFTWARE\Classes\aswsfile@ avast! Skin
Reg HKLM\SOFTWARE\Classes\aswsfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\aswsfile@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\aswsfile\shell
Reg HKLM\SOFTWARE\Classes\aswsfile\shell@
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open@
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open\command@ "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe" "%1"
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner@ sbScanner Class
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CLSID
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CLSID@ {7BFC2BD7-0937-41EA-8872-CE3B27E08F84}
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CurVer
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CurVer@ AvAScr.sbScanner.1
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1@ sbScanner Class
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1\CLSID@ {7BFC2BD7-0937-41EA-8872-CE3B27E08F84}
Reg HKLM\SOFTWARE\Classes\avast\ShellEx
Reg HKLM\SOFTWARE\Classes\avast\ShellEx\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\avast\ShellEx\ContextMenuHandlers@ {472083B0-C522-11CF-8763-00608CC02F24}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F3013FB-6322-A5F7-F30F-1EDA7CA4292B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F3013FB-6322-A5F7-F30F-1EDA7CA4292B}@iaoepfgplppapbnhlc 0x63 0x61 0x70 0x6B ...

---- EOF - GMER 1.0.14 ----


Here is a new OTViewIt.log:

OTViewIt logfile created on: 10/26/2008 2:49:07 AM - Run 3
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 154.41 Mb Available Physical Memory | 30.28% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 24.07 Gb Free Space | 33.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZEN-EIR2CVHVA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2001/10/18 13:37:22 | 00,483,394 | ---- | M] (BroadJump, Inc.) -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/01/15 03:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/05/11 09:45:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/10/25 13:48:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/17 23:55:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/09/15 10:42:51 | 00,012,032 | RHS- | M] () -- C:\Program Files\ProtectService\ProtectService.exe
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/08/22 22:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/26 02:23:49 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/06/16 12:43:37 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
File not found -- -- (msfwsvc [Auto | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/08/02 14:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2008/09/15 10:42:51 | 00,012,032 | RHS- | M] () -- C:\Program Files\ProtectService\ProtectService.exe -- (Shell Hardware Detection (ShellHWDetection) [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/05/31 01:55:19 | 00,024,304 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2006/05/31 01:58:14 | 00,087,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2006/05/31 01:56:56 | 00,016,352 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
[2006/05/31 01:56:31 | 00,036,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/03 09:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2002/06/23 14:31:20 | 00,045,568 | R--- | M] (D-Link Corporation ) -- C:\WINDOWS\system32\drivers\DLKRTS.SYS -- (DLKRTS [On_Demand | Running])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/10/26 02:17:16 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2007/08/02 17:19:25 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2005/01/23 11:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2004/08/03 22:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2006/09/12 02:06:08 | 00,081,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv [Auto | Running])
[2006/09/12 02:06:06 | 00,105,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR [System | Running])
[2004/08/03 22:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 14:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/07/16 13:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/07/29 16:29:58 | 00,211,072 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Stopped])
[2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/11/18 11:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/09/02 02:19:08 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()
"WinPatrol"=C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File not found
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 File not found
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2000/01/21 01:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
File not found -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{0EC4C9E3-EC6A-11CF-8E3B-444553540000}: -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}: -- Microsoft Data Collection Control
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}: http://moneycentral.msn.com/cabs/pmupd806.exe -- MSN Money Charting
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://scan.safety.live.com/resource/downl...lscbase5059.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{AECD14A8-F662-11D1-A395-00805F535788}: -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1CFB8E23-62FC-4B40-8203-360A522FCBB7} (Servers: | Description: D-Link DFE-530TX+ PCI Adapter)
{817D2139-C3D0-4A58-B0A5-E03A6CAE8053} (Servers: 128.242.126.95 | Description: Belkin 802.11g Wireless Card)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
dimsntfy: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/07/30 17:19:15 | 00,000,050 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[694 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/26 02:17:18 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/26 02:17:16 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/26 02:17:16 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/26 02:17:16 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/26 02:17:16 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/26 02:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2008/10/26 02:16:28 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2008/10/26 02:11:07 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/26 02:08:10 | 00,022,528 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2008/10/25 14:08:09 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:49:25 | 27,462,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:44:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/25 13:07:00 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/24 03:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BitTorrent Downloads
[2008/10/22 18:43:38 | 00,095,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/22 07:02:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2008/10/22 05:42:44 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2008/10/21 00:29:16 | 00,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/20 22:40:56 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 21:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/20 21:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
[2008/10/20 19:47:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2008/10/18 14:27:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/10/17 23:56:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 23:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2008/10/17 13:39:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/14 11:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
[2008/10/08 09:53:47 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/08 09:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2008/10/07 22:54:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/07 22:17:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/07 22:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/07 22:17:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/07 22:05:27 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/07 22:05:27 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/07 22:05:27 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/10/07 22:05:27 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/10/07 22:05:27 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/10/07 22:05:27 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/07 22:05:27 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/10/07 22:05:27 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/10/07 22:05:27 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/10/07 22:05:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/07 22:05:27 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/07 22:05:27 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/07 22:05:27 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/10/07 22:05:27 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/10/07 22:05:26 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/10/07 22:05:26 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/07 22:05:26 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/10/07 22:05:26 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/07 22:05:26 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/10/07 22:05:26 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/07 22:05:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/10/07 22:05:26 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/07 22:05:26 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/07 22:05:26 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/10/07 22:05:26 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/10/07 22:05:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/10/07 22:05:26 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/07 22:05:25 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/10/07 22:05:24 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiagn.dll
[2008/10/07 22:05:24 | 00,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2008/10/07 22:05:24 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2008/10/07 22:05:23 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2008/10/07 22:05:23 | 00,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2psvc.dll
[2008/10/07 22:05:23 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgraph.dll
[2008/10/07 22:05:23 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2008/10/07 22:05:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbeio.dll
[2008/10/07 22:05:23 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/10/07 22:05:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2008/10/07 22:05:22 | 04,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2008/10/07 22:05:22 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2008/10/07 22:05:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2008/10/07 22:05:21 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/10/07 22:05:21 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb041b.dll
[2008/10/07 22:05:21 | 00,732,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb0424.dll
[2008/10/07 22:05:21 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2008/10/07 22:05:21 | 00,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlqp20.dll
[2008/10/07 22:05:21 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb041b.dll
[2008/10/07 22:05:21 | 00,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2008/10/07 22:05:21 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra041b.dll
[2008/10/07 22:05:21 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra0424.dll
[2008/10/07 22:05:21 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime
[2008/10/07 22:05:21 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqldb20.dll
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2008/10/07 22:05:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2008/10/07 22:05:20 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb0424.dll
[2008/10/07 22:05:20 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2008/10/07 22:05:18 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/10/07 22:05:13 | 00,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2008/10/07 22:05:13 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2008/10/07 22:05:12 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2008/10/07 22:05:12 | 00,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2008/10/07 22:05:12 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/10/07 22:05:12 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentctl.dll
[2008/10/07 22:05:12 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/10/07 22:05:12 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2008/10/07 22:05:12 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2008/10/07 22:05:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040c.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0407.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0816.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0413.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0410.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0c0a.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0416.dll
[2008/10/07 22:05:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041d.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0414.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040b.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0409.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0406.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/10/07 22:05:12 | 00,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/10/07 22:05:11 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2008/10/07 22:05:11 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2008/10/07 22:05:11 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2008/10/07 22:05:11 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2008/10/07 22:05:11 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2008/10/07 22:05:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2008/10/07 22:05:11 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/10/07 22:05:11 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2008/10/07 22:05:11 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2008/10/07 22:05:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2008/10/07 22:05:11 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2008/10/07 22:05:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/10/07 22:05:11 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/10/07 22:05:11 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/10/07 22:05:10 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2008/10/07 22:05:10 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2008/10/07 22:05:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2008/10/07 22:05:09 | 03,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2008/10/07 22:05:09 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/10/07 22:05:09 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/10/07 22:05:09 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2008/10/07 22:05:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2008/10/07 22:05:09 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2008/10/07 22:05:09 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/10/07 22:05:09 | 00,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2008/10/07 22:05:09 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/10/07 22:05:09 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2008/10/07 22:05:09 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2008/10/07 22:05:09 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2008/10/07 22:05:09 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/10/07 22:05:08 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/07 22:05:08 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/07 22:05:08 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/10/07 22:05:08 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2008/10/07 22:05:08 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/10/07 22:05:08 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/10/07 22:05:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nppagent.exe
[2008/10/07 22:05:08 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2008/10/07 22:05:07 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2008/10/07 22:05:07 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/10/07 22:05:07 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/10/07 22:05:07 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2008/10/07 22:05:07 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2008/10/07 22:05:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2008/10/07 22:05:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2008/10/07 22:05:07 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/10/07 22:05:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/07 22:05:04 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2008/10/07 22:05:04 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2008/10/07 22:05:04 | 00,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2008/10/07 22:05:04 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2008/10/07 22:05:04 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2008/10/07 22:05:04 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2008/10/07 22:05:04 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2008/10/07 22:05:04 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2008/10/07 22:05:04 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2008/10/07 22:05:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2008/10/07 22:05:03 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/10/07 22:05:02 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2008/10/07 22:05:02 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2008/10/07 22:05:02 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsetup.dll
[2008/10/07 22:05:02 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2008/10/07 22:05:02 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2008/10/07 22:05:02 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imsinsnt.dll
[2008/10/07 22:05:02 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcstp.dll
[2008/10/07 22:05:01 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2008/10/07 22:05:00 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/10/07 22:05:00 | 00,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2008/10/07 22:05:00 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\guitrn.dll
[2008/10/07 22:05:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2008/10/07 22:05:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2008/10/07 22:04:59 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnt.dll
[2008/10/07 22:04:59 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\script.dll
[2008/10/07 22:04:59 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migism.dll
[2008/10/07 22:04:59 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsldp.dll
[2008/10/07 22:04:59 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmod.dll
[2008/10/07 22:04:59 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migload.exe
[2008/10/07 22:04:59 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2008/10/07 22:04:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2008/10/07 22:04:57 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2008/10/07 22:04:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2008/10/07 22:04:56 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdosys.dll
[2008/10/07 22:04:56 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmgr.dll
[2008/10/07 22:04:56 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2008/10/07 22:04:56 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\capesnpn.dll
[2008/10/07 22:04:56 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cic.dll
[2008/10/07 22:04:56 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2008/10/07 22:04:55 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmdial32.dll
[2008/10/07 22:04:55 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2008/10/07 22:04:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2008/10/07 22:04:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2008/10/07 22:04:55 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2008/10/07 22:04:54 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2008/10/07 22:04:54 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmsp.dll
[2008/10/07 22:04:54 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2008/10/07 22:04:53 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2008/10/07 22:04:52 | 00,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpmon.dll
[2008/10/07 22:04:52 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\daxctle.ocx
[2008/10/07 22:04:52 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\datime.dll
[2008/10/07 22:04:52 | 00,123,904 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgui.dll
[2008/10/07 22:04:52 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/10/07 22:04:51 | 01,501,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskcopy.dll
[2008/10/07 22:04:51 | 00,273,920 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdlgs.dll
[2008/10/07 22:04:51 | 00,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdskmgr.dll
[2008/10/07 22:04:51 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2008/10/07 22:04:51 | 00,045,083 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dispex.dll
[2008/10/07 22:04:50 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2008/10/07 22:04:50 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2008/10/07 22:04:50 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2008/10/07 22:04:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2008/10/07 22:04:49 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2008/10/07 22:04:48 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2008/10/07 22:04:48 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsquery.dll
[2008/10/07 22:04:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2008/10/07 22:04:48 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dskquoui.dll
[2008/10/07 22:04:48 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprop.dll
[2008/10/07 22:04:47 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2008/10/07 22:04:47 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2008/10/07 22:04:47 | 00,382,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontext.dll
[2008/10/07 22:04:47 | 00,380,957 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expsrv.dll
[2008/10/07 22:04:47 | 00,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filemgmt.dll
[2008/10/07 22:04:47 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/07 22:04:47 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2008/10/07 22:04:47 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\els.dll
[2008/10/07 22:04:47 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exts.dll
[2008/10/07 22:04:47 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2008/10/07 22:04:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\forcedos.exe
[2008/10/07 22:04:45 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323msp.dll
[2008/10/07 22:04:45 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2008/10/07 22:04:45 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2008/10/07 22:04:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\help.exe
[2008/10/07 22:04:44 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/07 22:04:44 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2008/10/07 22:04:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\initpki.dll
[2008/10/07 22:04:44 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\input.dll
[2008/10/07 22:04:43 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2008/10/07 22:04:43 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsmsnap.dll
[2008/10/07 22:04:43 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsecsnp.dll
[2008/10/07 22:04:43 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprtrmgr.dll
[2008/10/07 22:04:43 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2008/10/07 22:04:43 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipmontr.dll
[2008/10/07 22:04:43 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2008/10/07 22:04:43 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxwan.dll
[2008/10/07 22:04:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/10/07 22:04:42 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keymgr.dll
[2008/10/07 22:04:42 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/10/07 22:04:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec.dll
[2008/10/07 22:04:41 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2008/10/07 22:04:41 | 00,399,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmrt.dll
[2008/10/07 22:04:41 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localsec.dll
[2008/10/07 22:04:41 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2008/10/07 22:04:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/10/07 22:04:39 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2008/10/07 22:04:39 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mprdim.dll
[2008/10/07 22:04:38 | 00,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2008/10/07 22:04:38 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2008/10/07 22:04:38 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2008/10/07 22:04:38 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2008/10/07 22:04:38 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdart.dll
[2008/10/07 22:04:37 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2008/10/07 22:04:37 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimsg.dll
[2008/10/07 22:04:37 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msihnd.dll
[2008/10/07 22:04:37 | 00,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msieftp.dll
[2008/10/07 22:04:37 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiexec.exe
[2008/10/07 22:04:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msisip.dll
[2008/10/07 22:04:36 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnsspc.dll
[2008/10/07 22:04:36 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjint40.dll
[2008/10/07 22:04:36 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msorcl32.dll
[2008/10/07 22:04:35 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msutb.dll
[2008/10/07 22:04:34 | 01,428,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2008/10/07 22:04:34 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/10/07 22:04:33 | 00,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml2.dll
[2008/10/07 22:04:33 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml.dll
[2008/10/07 22:04:33 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/10/07 22:04:32 | 01,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/07 22:04:32 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 22:04:32 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2008/10/07 22:04:32 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nddeapir.exe
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2008/10/07 22:04:31 | 00,875,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netplwiz.dll
[2008/10/07 22:04:30 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsmgr.dll
[2008/10/07 22:04:30 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmssvc.dll
[2008/10/07 22:04:30 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\objsel.dll
[2008/10/07 22:04:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsdba.dll
[2008/10/07 22:04:30 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ocmanage.dll
[2008/10/07 22:04:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntvdmd.dll
[2008/10/07 22:04:29 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcjt32.dll
[2008/10/07 22:04:28 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbctrac.dll
[2008/10/07 22:04:28 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2008/10/07 22:04:28 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olepro32.dll
[2008/10/07 22:04:28 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli32.dll
[2008/10/07 22:04:27 | 00,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\photowiz.dll
[2008/10/07 22:04:27 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfnet.dll
[2008/10/07 22:04:26 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2008/10/07 22:04:26 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/10/07 22:04:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/10/07 22:04:26 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/10/07 22:04:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/10/07 22:04:26 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/10/07 22:04:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/10/07 22:04:26 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2008/10/07 22:04:25 | 00,397,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwizc.dll
[2008/10/07 22:04:25 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2008/10/07 22:04:24 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2008/10/07 22:04:24 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2008/10/07 22:04:24 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sccsccp.dll
[2008/10/07 22:04:24 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvpsp.dll
[2008/10/07 22:04:22 | 01,497,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2008/10/07 22:04:21 | 08,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2008/10/07 22:04:21 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2008/10/07 22:04:21 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2008/10/07 22:04:20 | 00,363,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smlogcfg.dll
[2008/10/07 22:04:20 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsnap.dll
[2008/10/07 22:04:20 | 00,180,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlunirl.dll
[2008/10/07 22:04:20 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2008/10/07 22:04:20 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sort.exe
[2008/10/07 22:04:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdole2.tlb
[2008/10/07 22:04:18 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi3.dll
[2008/10/07 22:04:18 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2008/10/07 22:04:18 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termmgr.dll
[2008/10/07 22:04:18 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmon.ocx
[2008/10/07 22:04:18 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncui.dll
[2008/10/07 22:04:16 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/07 22:04:16 | 00,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnpui.dll
[2008/10/07 22:04:16 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2008/10/07 22:04:15 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2008/10/07 22:04:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.dll
[2008/10/07 22:04:14 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wavemsp.dll
[2008/10/07 22:04:13 | 00,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winntbbu.dll
[2008/10/07 22:04:13 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2008/10/07 22:04:13 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2008/10/07 22:04:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winver.exe
[2008/10/07 22:04:11 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2008/10/07 22:04:11 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2008/10/07 22:04:10 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/10/07 22:04:10 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/10/07 22:04:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/10/07 22:04:09 | 00,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/10/07 22:04:09 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/10/07 22:04:09 | 00,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/10/07 22:04:09 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/10/07 22:04:09 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/10/07 22:04:09 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/10/07 22:04:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/10/07 22:04:09 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/10/07 22:04:09 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/10/07 22:04:09 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/10/07 22:04:09 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/10/07 22:04:09 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cacls.exe
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/10/07 22:04:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/10/07 22:04:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/10/07 22:04:08 | 00,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/10/07 22:04:08 | 00,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2008/10/07 22:04:08 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/10/07 22:04:08 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/10/07 22:04:08 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/10/07 22:04:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/10/07 22:04:07 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/10/07 22:04:07 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/10/07 22:04:07 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2008/10/07 22:04:07 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/10/07 22:04:07 | 00,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/10/07 22:04:07 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2008/10/07 22:04:07 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/10/07 22:04:07 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/10/07 22:04:07 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/10/07 22:04:07 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/10/07 22:04:07 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/10/07 22:04:07 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/10/07 22:04:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/10/07 22:04:07 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/10/07 22:04:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecnv32.dll
[2008/10/07 22:04:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/10/07 22:04:06 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\untfs.dll
[2008/10/07 22:04:06 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/10/07 22:04:06 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winspool.drv
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2008/10/07 22:04:05 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/10/07 22:04:05 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/10/07 22:04:04 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/10/07 22:04:04 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/07 22:04:04 | 00,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/10/07 22:04:04 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/10/07 22:04:04 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/10/07 22:04:04 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/10/07 22:04:04 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/07 22:04:04 | 00,134,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/10/07 22:04:04 | 00,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/10/07 22:04:04 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/10/07 22:04:04 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/10/07 22:04:04 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/10/07 22:04:04 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/10/07 22:04:04 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/10/07 22:04:04 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/10/07 22:04:04 | 00,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/10/07 22:04:04 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/10/07 22:04:04 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/10/07 22:04:04 | 00,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/10/07 22:04:04 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/10/07 22:04:04 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/10/07 22:04:04 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/10/07 22:04:04 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/10/07 22:04:04 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/10/07 22:04:04 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2008/10/07 22:04:04 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/10/07 22:04:04 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/10/07 22:04:04 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/10/07 22:04:04 | 00,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2008/10/07 22:04:04 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fips.sys
[2008/10/07 22:04:04 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/10/07 22:04:04 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/10/07 22:04:04 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/10/07 22:04:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/10/07 22:04:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/10/07 22:04:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/10/07 22:04:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/10/07 22:04:04 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/10/07 22:04:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/10/07 22:04:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/10/07 22:04:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/10/07 22:04:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/10/07 22:04:04 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/10/07 22:04:04 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/10/07 22:04:04 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/10/07 22:04:04 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/10/07 22:04:04 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2008/10/07 22:04:04 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/10/07 22:04:04 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/10/07 22:04:04 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2008/10/07 22:04:03 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/10/07 22:04:03 | 00,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/10/07 22:04:03 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/10/07 22:04:03 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/10/07 22:04:03 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/10/07 22:04:03 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/10/07 22:04:03 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/10/07 22:04:03 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/07 22:04:02 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/10/07 22:04:02 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/10/07 22:04:02 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/10/07 22:04:02 | 00,119,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/10/07 22:04:02 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/10/07 22:04:02 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/10/07 22:04:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/10/07 22:04:02 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/10/07 22:04:02 | 00,064,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/10/07 22:04:02 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/10/07 22:04:02 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/10/07 22:04:02 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/10/07 22:04:02 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/10/07 22:04:02 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/10/07 22:04:02 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/10/07 22:04:02 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/10/07 22:04:02 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/10/07 22:04:02 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\partmgr.sys
[2008/10/07 22:04:02 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/10/07 22:04:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/10/07 22:04:02 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/10/07 22:04:02 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2008/10/07 22:04:02 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/10/07 22:04:02 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2008/10/07 22:04:01 | 00,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys
[2008/10/07 22:04:01 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2008/10/07 22:04:01 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/10/07 22:04:01 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd.sys
[2008/10/07 22:04:01 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/10/07 22:04:01 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/10/07 22:04:01 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2008/10/07 22:04:01 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2008/10/07 22:04:01 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/07 22:04:00 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/10/07 22:04:00 | 00,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/10/07 22:04:00 | 00,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2008/10/07 22:04:00 | 00,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008/10/07 22:04:00 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wanarp.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/10/07 22:04:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys
[2008/10/07 22:04:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2008/10/07 22:04:00 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[694 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/26 02:23:57 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/26 02:23:49 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/10/26 02:22:50 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 02:22:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/26 02:22:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/26 02:22:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/26 02:20:56 | 04,302,922 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/26 02:17:16 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/26 02:17:16 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/26 02:17:16 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/26 02:16:33 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2008/10/26 02:11:08 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/25 14:08:10 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:50:00 | 27,462,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/25 08:46:03 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2008/10/25 08:45:40 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Live Messenger.lnk
[2008/10/22 18:43:39 | 00,095,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/21 15:40:35 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/21 00:29:16 | 00,000,085 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 22:40:56 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 20:51:51 | 00,077,312 | ---- | M] () -- C:\WINDOWS\ua2.dll
[2008/10/19 22:54:24 | 00,878,080 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable
[2008/10/19 21:27:36 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/10/17 23:56:13 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 13:39:37 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 03:11:37 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 03:04:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/14 12:36:08 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/12 13:14:17 | 02,516,992 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\My Documents\Thumbs.db:encryptable
[2008/10/11 00:36:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 22:57:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/07 22:57:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/07 22:29:36 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 26 October 2008 - 09:54 AM

Hello moliere.

If there's any way to recover any type of log, please let me know.

No problem. The log is saved at:
C:\_OTMoveIt\MovedFiles\********.log
It doesn't look like OTMoveIt was able to delete that svchost anyways.

That is a tough one. We are going to have to bring out the big guns.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

Disable Avast!'s realtime protection by right clicking on the try icon beside your clock that looks like Posted Image and selecting Stop On-Access Protection.

In the settings:
Posted Image

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose NO.
    Posted Image

  • Click on your Start Menu, then Run... . In the box that appears enter the follow and click OK.
    "%USERPROFILE%\Desktop\ComboFix.exe" /killall
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Post back with:
-the ComboFix log
-a new HijackThis log

With Regards,
The Panda

#10 moliere

moliere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 26 October 2008 - 02:30 PM

I disabled avast! as instructed!

Here is that OTMoveIt log that I didn't post earlier:
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Jrgypooo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\instal deleted successfully.
========== PROCESSES ==========
Unable to kill process: C:\WINDOWS\svchost.exe
========== FILES ==========
File/Folder C:\Program Files\Qaqbrhk not found.
C:\WINDOWS\syscheck moved successfully.
C:\WINDOWS\svchost.exe moved successfully.
C:\WINDOWS\1.ini moved successfully.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_021315



Here is the ComboFix log:

ComboFix 08-10-25.01 - Owner 2008-10-26 11:16:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.286 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ProtectService
C:\Program Files\ProtectService\ProtectService.exe
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\fmark2.dat
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\kenny15.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\_003606_.tmp.dll
C:\WINDOWS\system32\_003754_.tmp.dll
C:\WINDOWS\system32\_003755_.tmp.dll
C:\WINDOWS\system32\_003756_.tmp.dll
C:\WINDOWS\system32\_003757_.tmp.dll
C:\WINDOWS\system32\_003759_.tmp.dll
C:\WINDOWS\system32\_003760_.tmp.dll
C:\WINDOWS\system32\_003761_.tmp.dll
C:\WINDOWS\system32\_003762_.tmp.dll
C:\WINDOWS\system32\_003769_.tmp.dll
C:\WINDOWS\system32\_003770_.tmp.dll
C:\WINDOWS\system32\_003771_.tmp.dll
C:\WINDOWS\system32\_003773_.tmp.dll
C:\WINDOWS\system32\_003774_.tmp.dll
C:\WINDOWS\system32\_003777_.tmp.dll
C:\WINDOWS\system32\_003778_.tmp.dll
C:\WINDOWS\system32\_003780_.tmp.dll
C:\WINDOWS\system32\_003781_.tmp.dll
C:\WINDOWS\system32\_003782_.tmp.dll
C:\WINDOWS\system32\_003784_.tmp.dll
C:\WINDOWS\system32\_003785_.tmp.dll
C:\WINDOWS\system32\_003787_.tmp.dll
C:\WINDOWS\system32\_003791_.tmp.dll
C:\WINDOWS\system32\_003792_.tmp.dll
C:\WINDOWS\system32\_003794_.tmp.dll
C:\WINDOWS\system32\_003797_.tmp.dll
C:\WINDOWS\system32\_003799_.tmp.dll
C:\WINDOWS\system32\_003800_.tmp.dll
C:\WINDOWS\system32\_003801_.tmp.dll
C:\WINDOWS\system32\_003802_.tmp.dll
C:\WINDOWS\system32\_003805_.tmp.dll
C:\WINDOWS\system32\_004361_.tmp.dll
C:\WINDOWS\system32\_004362_.tmp.dll
C:\WINDOWS\system32\_004363_.tmp.dll
C:\WINDOWS\system32\_004364_.tmp.dll
C:\WINDOWS\system32\_004371_.tmp.dll
C:\WINDOWS\system32\_004372_.tmp.dll
C:\WINDOWS\system32\_004373_.tmp.dll
C:\WINDOWS\system32\_004374_.tmp.dll
C:\WINDOWS\system32\_004376_.tmp.dll
C:\WINDOWS\system32\_004377_.tmp.dll
C:\WINDOWS\system32\_004380_.tmp.dll
C:\WINDOWS\system32\_004381_.tmp.dll
C:\WINDOWS\system32\_004383_.tmp.dll
C:\WINDOWS\system32\_004384_.tmp.dll
C:\WINDOWS\system32\_004385_.tmp.dll
C:\WINDOWS\system32\_004387_.tmp.dll
C:\WINDOWS\system32\_004388_.tmp.dll
C:\WINDOWS\system32\_004390_.tmp.dll
C:\WINDOWS\system32\_004391_.tmp.dll
C:\WINDOWS\system32\_004395_.tmp.dll
C:\WINDOWS\system32\_004396_.tmp.dll
C:\WINDOWS\system32\_004398_.tmp.dll
C:\WINDOWS\system32\_004401_.tmp.dll
C:\WINDOWS\system32\_004403_.tmp.dll
C:\WINDOWS\system32\_004404_.tmp.dll
C:\WINDOWS\system32\_004405_.tmp.dll
C:\WINDOWS\system32\_004406_.tmp.dll
C:\WINDOWS\system32\_004407_.tmp.dll
C:\WINDOWS\system32\_004410_.tmp.dll
C:\WINDOWS\system32\_004411_.tmp.dll
C:\WINDOWS\system32\_004412_.tmp.dll
C:\WINDOWS\system32\_004413_.tmp.dll
C:\WINDOWS\system32\_004414_.tmp.dll
C:\WINDOWS\system32\_004419_.tmp.dll
C:\WINDOWS\system32\_004421_.tmp.dll
C:\WINDOWS\system32\_004422_.tmp.dll
C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_WINCOM32
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 12:10 . 2008-10-26 12:10 22,528 --a------ C:\WINDOWS\svchost.exe
2008-10-26 02:17 . 2008-10-26 02:23 345 --a------ C:\WINDOWS\gmer.ini
2008-10-25 13:49 . 2008-10-25 13:48 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-25 13:49 . 2008-10-25 13:48 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 13:45 . 2008-10-25 13:45 0 --a------ C:\WINDOWS\system32\REN13.tmp
2008-10-25 13:45 . 2008-10-25 13:45 0 --a------ C:\WINDOWS\system32\REN12.tmp
2008-10-25 13:45 . 2008-10-25 13:45 0 --a------ C:\WINDOWS\system32\REN11.tmp
2008-10-22 05:42 . 2008-10-22 05:42 <DIR> d--h----- C:\BJPrinter
2008-10-21 00:29 . 2008-10-21 00:29 85 --a------ C:\WINDOWS\wininit.ini
2008-10-20 23:51 . 2008-10-20 23:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-10-20 21:37 . 2008-10-20 21:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-20 21:08 . 2008-10-25 13:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-10-20 19:47 . 2008-10-20 20:51 77,312 --a------ C:\WINDOWS\ua2.dll
2008-10-18 14:27 . 2008-10-18 14:27 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-17 13:39 . 2008-10-17 13:39 102,400 --a------ C:\WINDOWS\system32\atlcom839_953.dll
2008-10-14 11:41 . 2008-10-14 11:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-08 09:53 . 2008-10-20 18:59 <DIR> d-------- C:\Program Files\World of Warcraft
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-07 22:04 . 2007-10-25 20:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-10-07 22:03 . 2008-08-14 03:00 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-10-07 22:03 . 2008-08-14 03:00 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:03 --------- d-----w C:\Program Files\Alwil Software
2008-10-25 20:48 --------- d-----w C:\Program Files\Java
2008-10-25 20:42 --------- d-----w C:\Program Files\BitTorrent
2008-10-25 20:40 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-10-22 05:43 --------- d-----w C:\Program Files\AIM6
2008-10-21 07:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-21 06:51 --------- d-----w C:\Program Files\Lavasoft
2008-10-21 06:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 05:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-21 05:10 --------- d-----w C:\Program Files\Trend Micro
2008-10-21 04:09 --------- d-----w C:\Program Files\Steam
2008-10-19 07:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-10-19 07:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-10-14 18:43 --------- d-----w C:\Program Files\DivX
2008-10-08 17:19 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-10-07 19:05 --------- d-----w C:\Program Files\Warcraft III
2008-10-03 09:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-09-18 00:38 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 00:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-18 00:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-10 07:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 07:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 14:43 --------- d-----w C:\Program Files\MSN Messenger
2008-09-01 21:15 --------- d-----w C:\Program Files\OGPlanet
2008-09-01 20:01 --------- d-----w C:\Program Files\FLStudio
2008-09-01 20:00 --------- d-----w C:\Program Files\KongKong Online Europe
2008-09-01 19:58 --------- d-----w C:\Program Files\Vstplugins
2008-08-31 09:52 --------- d-----w C:\Program Files\WC3Banlist
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-21 21:30 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2005-05-23 05:42 271 --sh--w C:\Program Files\desktop.ini
2005-05-23 05:42 21,952 ---ha-w C:\Program Files\folder.htt
2005-09-17 06:47 56 --sh--r C:\WINDOWS\system32\0C97BB9017.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2001-10-18 483394]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 126976]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 35328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\World Editor.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Steam\\steamapps\\punkintended@aol.com\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\punkintended@aol.com\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WC3 Frozen Throne
"3724:TCP"= 3724:TCP:Blizzard Downloader

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 wowsystemcode;Remote TCP/IPv6;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-23 45568]
S2 BGOYLNXL;BGOYLNXL;C:\WINDOWS\system32\bgoylnxl.als [ ]
S2 Shell Hardware Detection (ShellHWDetection);Shell Hardware Detection (ShellHWDetection);C:\Program Files\ProtectService\ProtectService.exe [ ]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [ ]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys [ ]
S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode
.
Contents of the 'Scheduled Tasks' folder

2008-10-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 23:55]

2007-09-19 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKCU-Run-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-WinPatrol - C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ubscoe6u.default\
FF -: plugin - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgooglevlc.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 12:10:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\svchost.exe 22528 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BGOYLNXL]
"ImagePath"="\??\C:\WINDOWS\system32\bgoylnxl.als"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-10-26 12:26:18 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-10-26 19:26:14

Pre-Run: 25,658,642,432 bytes free
Post-Run: 25,825,013,760 bytes free

287 --- E O F --- 2008-10-24 10:01:59


Here is a new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:12 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) -
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{817D2139-C3D0-4A58-B0A5-E03A6CAE8053}: NameServer = 128.242.126.95
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\Program Files\ProtectService\ProtectService.exe (file missing)

--
End of file - 9181 bytes

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 26 October 2008 - 02:45 PM

Hello moliere.

Once again, please make sure that Avast! is disabled before running ComboFix.

Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    KILLALL::
    File::
    C:\WINDOWS\system32\REN13.tmp
    C:\WINDOWS\system32\REN12.tmp
    C:\WINDOWS\system32\REN11.tmp
    
    Folder::
    C:\Program Files\ProtectService
    
    Driver::
    BGOYLNXL
    ShellHWDetection
    
    Rootkit::
    C:\WINDOWS\system32\bgoylnxl.als
    C:\WINDOWS\svchost.exe
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Please post back with:
-the ComboFix log
-a new GMER log
-a new OTViewIt log (just OTViewIt.txt)

With Regards,
The Panda

#12 moliere

moliere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 26 October 2008 - 03:37 PM

I can't thank you enough for your support!

Here is the ComboFix log:

ComboFix 08-10-25.01 - Owner 2008-10-26 12:52:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.218 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\REN11.tmp
C:\WINDOWS\system32\REN12.tmp
C:\WINDOWS\system32\REN13.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\REN11.tmp
C:\WINDOWS\system32\REN12.tmp
C:\WINDOWS\system32\REN13.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BGOYLNXL
-------\Legacy_SHELLHWDETECTION
-------\Service_BGOYLNXL
-------\Service_ShellHWDetection


((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 13:01 . 2008-10-26 13:06 22,528 --a------ C:\WINDOWS\svchost.exe
2008-10-26 02:17 . 2008-10-26 02:23 345 --a------ C:\WINDOWS\gmer.ini
2008-10-25 13:49 . 2008-10-25 13:48 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-25 13:49 . 2008-10-25 13:48 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-22 05:42 . 2008-10-22 05:42 <DIR> d--h----- C:\BJPrinter
2008-10-21 00:29 . 2008-10-21 00:29 85 --a------ C:\WINDOWS\wininit.ini
2008-10-20 23:51 . 2008-10-20 23:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-10-20 21:37 . 2008-10-20 21:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-20 21:08 . 2008-10-25 13:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-10-20 19:47 . 2008-10-20 20:51 77,312 --a------ C:\WINDOWS\ua2.dll
2008-10-18 14:27 . 2008-10-18 14:27 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-17 13:39 . 2008-10-17 13:39 102,400 --a------ C:\WINDOWS\system32\atlcom839_953.dll
2008-10-14 11:41 . 2008-10-14 11:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-08 09:53 . 2008-10-20 18:59 <DIR> d-------- C:\Program Files\World of Warcraft
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-07 22:04 . 2007-10-25 20:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-10-07 22:03 . 2008-08-14 03:00 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-10-07 22:03 . 2008-08-14 03:00 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:03 --------- d-----w C:\Program Files\Alwil Software
2008-10-25 20:48 --------- d-----w C:\Program Files\Java
2008-10-25 20:42 --------- d-----w C:\Program Files\BitTorrent
2008-10-25 20:40 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-10-22 05:43 --------- d-----w C:\Program Files\AIM6
2008-10-21 07:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-21 06:51 --------- d-----w C:\Program Files\Lavasoft
2008-10-21 06:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 05:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-21 05:10 --------- d-----w C:\Program Files\Trend Micro
2008-10-21 04:09 --------- d-----w C:\Program Files\Steam
2008-10-19 07:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-10-19 07:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-10-14 18:43 --------- d-----w C:\Program Files\DivX
2008-10-08 17:19 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-10-07 19:05 --------- d-----w C:\Program Files\Warcraft III
2008-10-03 09:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-09-18 00:38 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 00:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-18 00:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-10 07:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 07:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 14:43 --------- d-----w C:\Program Files\MSN Messenger
2008-09-01 21:15 --------- d-----w C:\Program Files\OGPlanet
2008-09-01 20:01 --------- d-----w C:\Program Files\FLStudio
2008-09-01 20:00 --------- d-----w C:\Program Files\KongKong Online Europe
2008-09-01 19:58 --------- d-----w C:\Program Files\Vstplugins
2008-08-31 09:52 --------- d-----w C:\Program Files\WC3Banlist
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-21 21:30 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2005-05-23 05:42 271 --sh--w C:\Program Files\desktop.ini
2005-05-23 05:42 21,952 ---ha-w C:\Program Files\folder.htt
2005-09-17 06:47 56 --sh--r C:\WINDOWS\system32\0C97BB9017.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-26_12.25.50.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-10-26 19:59:02 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2001-10-18 483394]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 126976]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 35328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\World Editor.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Steam\\steamapps\\punkintended@aol.com\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\punkintended@aol.com\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WC3 Frozen Throne
"3724:TCP"= 3724:TCP:Blizzard Downloader

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 wowsystemcode;Remote TCP/IPv6;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-23 45568]
S2 Shell Hardware Detection (ShellHWDetection);Shell Hardware Detection (ShellHWDetection);C:\Program Files\ProtectService\ProtectService.exe [ ]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [ ]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys [ ]
S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode
.
Contents of the 'Scheduled Tasks' folder

2008-10-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 23:55]

2007-09-19 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 12:59:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svchost.exe
.
**************************************************************************
.
Completion time: 2008-10-26 13:16:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 20:16:17
ComboFix2.txt 2008-10-26 19:26:20

Pre-Run: 25,763,201,024 bytes free
Post-Run: 25,714,892,800 bytes free

197 --- E O F --- 2008-10-24 10:01:59


Here is a new GMER log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-26 13:34:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEECF618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEECF4D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEECF9B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEECF0AC]
SSDT sptd.sys ZwEnumerateKey [0xF8779FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF877A340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEECF5AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEECEFEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEECF050]
SSDT sptd.sys ZwQueryKey [0xF877A418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEECF6CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEECF68E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEECF80E]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? Combo-Fix.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F770A62C 5 Bytes JMP 83236720
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1364] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\svchost.exe[3420] C:\WINDOWS\svchost.exe section is writeable [0x00401000, 0x500C, 0xE0000020]
.CRT C:\WINDOWS\svchost.exe[3420] C:\WINDOWS\svchost.exe unknown last section [0x00407000, 0x4, 0xC0000040]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F878B06C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F878B018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F87AD9AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F878B06C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8774AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8774C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8774B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8775748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F877561E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F878A29A] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [01ED2070] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [01ED20B0] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01ED2030] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01ED2000] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[1364] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [01ED4C50] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8336A1E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{1CFB8E23-62FC-4B40-8203-360A522FCBB7} 82DEE1E8

AttachedDevice \Driver\Tcpip \Device\Ip msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 83207790
Device \Driver\usbuhci \Device\USBPDO-1 83207790
Device \Driver\usbuhci \Device\USBPDO-2 83207790
Device \Driver\usbehci \Device\USBPDO-3 8320B790

AttachedDevice \Driver\Tcpip \Device\Tcp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 833D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 833D71E8
Device \Driver\Cdrom \Device\CdRom0 831B36E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8336B1E8
Device \Driver\atapi \Device\Ide\IdePort0 8336B1E8
Device \Driver\atapi \Device\Ide\IdePort1 8336B1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8336B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 833D71E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82DEE1E8
Device \Driver\NetBT \Device\NetbiosSmb 82DEE1E8

AttachedDevice \Driver\Tcpip \Device\Udp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 83207790
Device \Driver\usbuhci \Device\USBFDO-1 83207790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82DF21E8
Device \Driver\usbuhci \Device\USBFDO-2 83207790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82DF21E8
Device \Driver\usbehci \Device\USBFDO-3 8320B790
Device \Driver\Ftdisk \Device\FtControl 833D71E8
Device \FileSystem\Fastfat \Fat 82E51790
Device \FileSystem\Fastfat \Fat EDBC91F9

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 830041E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\.aswcs@ aswsfile
Reg HKLM\SOFTWARE\Classes\.aswcs@Content Type application/avast-aswcs
Reg HKLM\SOFTWARE\Classes\.asws@ aswsfile
Reg HKLM\SOFTWARE\Classes\.asws@Content Type application/avast-asws
Reg HKLM\SOFTWARE\Classes\.csk@ cskfile
Reg HKLM\SOFTWARE\Classes\.csk@Content Type application/copernic-csk
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer@ ActiveSkin4.Skin.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer@ ActiveSkin4.SkinLabel.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\aswcsfile@ avast! Compressed Skin
Reg HKLM\SOFTWARE\Classes\aswcsfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\aswcsfile@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell@
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open@
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open\command@ "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe" "%1"
Reg HKLM\SOFTWARE\Classes\aswsfile@ avast! Skin
Reg HKLM\SOFTWARE\Classes\aswsfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\aswsfile@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\aswsfile\shell
Reg HKLM\SOFTWARE\Classes\aswsfile\shell@
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open@
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open\command@ "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe" "%1"
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner@ sbScanner Class
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CLSID
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CLSID@ {7BFC2BD7-0937-41EA-8872-CE3B27E08F84}
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CurVer
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CurVer@ AvAScr.sbScanner.1
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1@ sbScanner Class
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1\CLSID@ {7BFC2BD7-0937-41EA-8872-CE3B27E08F84}
Reg HKLM\SOFTWARE\Classes\avast\ShellEx
Reg HKLM\SOFTWARE\Classes\avast\ShellEx\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\avast\ShellEx\ContextMenuHandlers@ {472083B0-C522-11CF-8763-00608CC02F24}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F3013FB-6322-A5F7-F30F-1EDA7CA4292B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F3013FB-6322-A5F7-F30F-1EDA7CA4292B}@iaoepfgplppapbnhlc 0x63 0x61 0x70 0x6B ...

---- EOF - GMER 1.0.14 ----


Here is a new OTViewIt.txt log:

OTViewIt logfile created on: 10/26/2008 1:35:19 PM - Run 4
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 176.86 Mb Available Physical Memory | 34.68% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.76% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 23.97 Gb Free Space | 33.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZEN-EIR2CVHVA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2001/10/18 13:37:22 | 00,483,394 | ---- | M] (BroadJump, Inc.) -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007/05/14 15:22:22 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/01/10 15:27:36 | 00,385,024 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/01/15 03:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/05/11 09:45:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/10/25 13:48:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/07/19 07:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/10/17 23:55:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/10/26 13:06:11 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/08/22 22:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/08/04 00:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 07:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
[2008/07/23 07:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/06/16 12:43:37 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
File not found -- -- (msfwsvc [Auto | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/08/02 14:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
File not found -- -- (Shell Hardware Detection (ShellHWDetection) [Auto | Stopped])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 07:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2008/07/19 07:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 07:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 07:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 07:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 07:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/03 09:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2002/06/23 14:31:20 | 00,045,568 | R--- | M] (D-Link Corporation ) -- C:\WINDOWS\system32\drivers\DLKRTS.SYS -- (DLKRTS [On_Demand | Running])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/10/26 02:17:16 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2007/08/02 17:19:25 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2005/01/23 11:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2004/08/03 22:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2006/09/12 02:06:08 | 00,081,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv [Auto | Running])
[2006/09/12 02:06:06 | 00,105,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR [System | Running])
[2004/08/03 22:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/07/16 13:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/07/29 16:29:58 | 00,211,072 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Stopped])
[2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/11/18 11:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/09/02 02:19:08 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2000/01/21 01:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
File not found -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{0EC4C9E3-EC6A-11CF-8E3B-444553540000}: -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}: -- Microsoft Data Collection Control
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}: http://moneycentral.msn.com/cabs/pmupd806.exe -- MSN Money Charting
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://scan.safety.live.com/resource/downl...lscbase5059.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{AECD14A8-F662-11D1-A395-00805F535788}: -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1CFB8E23-62FC-4B40-8203-360A522FCBB7} (Servers: | Description: D-Link DFE-530TX+ PCI Adapter)
{817D2139-C3D0-4A58-B0A5-E03A6CAE8053} (Servers: 128.242.126.95 | Description: Belkin 802.11g Wireless Card)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/07/30 17:19:15 | 00,000,050 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[691 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/26 13:01:47 | 00,022,528 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2008/10/26 12:56:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/26 11:15:31 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/26 11:09:57 | 00,000,304 | ---- | C] () -- C:\Boot.bak
[2008/10/26 11:09:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/26 11:09:43 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/10/26 11:08:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/26 11:08:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/26 11:08:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/26 11:08:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/26 11:08:08 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/26 11:08:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/26 11:08:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/26 11:08:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/26 11:07:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/26 11:07:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/10/26 11:05:32 | 02,995,771 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/10/26 03:03:28 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/10/26 03:03:28 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2008/10/26 03:03:27 | 00,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/10/26 03:03:27 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/10/26 03:03:24 | 00,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/10/26 03:03:24 | 00,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2008/10/26 03:03:24 | 00,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/10/26 03:03:24 | 00,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/10/26 03:03:24 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/10/26 03:03:04 | 01,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/10/26 03:03:04 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2008/10/26 02:17:18 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/26 02:17:16 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/26 02:17:16 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/26 02:17:16 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/26 02:17:16 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/26 02:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2008/10/26 02:16:28 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2008/10/26 02:11:07 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/25 14:08:09 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:49:25 | 27,462,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:44:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/25 13:07:00 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/24 03:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BitTorrent Downloads
[2008/10/22 18:43:38 | 00,095,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/22 07:02:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2008/10/22 05:42:44 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2008/10/21 00:29:16 | 00,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/20 22:40:56 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 21:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/20 21:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
[2008/10/20 19:47:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2008/10/18 14:27:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/10/17 23:56:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 23:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2008/10/17 13:39:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/14 11:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
[2008/10/08 09:53:47 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/08 09:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2008/10/07 22:54:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/07 22:17:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/07 22:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/07 22:17:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/07 22:05:27 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/07 22:05:27 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/07 22:05:27 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/10/07 22:05:27 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/10/07 22:05:27 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/10/07 22:05:27 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/07 22:05:27 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/10/07 22:05:27 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/10/07 22:05:27 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/10/07 22:05:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/07 22:05:27 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/07 22:05:27 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/07 22:05:27 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/10/07 22:05:27 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/10/07 22:05:26 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/10/07 22:05:26 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/07 22:05:26 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/10/07 22:05:26 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/07 22:05:26 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/10/07 22:05:26 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/07 22:05:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/10/07 22:05:26 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/07 22:05:26 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/07 22:05:26 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/10/07 22:05:26 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/10/07 22:05:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/10/07 22:05:26 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/07 22:05:25 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/10/07 22:05:24 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiagn.dll
[2008/10/07 22:05:24 | 00,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2008/10/07 22:05:24 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2008/10/07 22:05:23 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2008/10/07 22:05:23 | 00,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2psvc.dll
[2008/10/07 22:05:23 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgraph.dll
[2008/10/07 22:05:23 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2008/10/07 22:05:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbeio.dll
[2008/10/07 22:05:23 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/10/07 22:05:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2008/10/07 22:05:22 | 04,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2008/10/07 22:05:22 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2008/10/07 22:05:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2008/10/07 22:05:21 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/10/07 22:05:21 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb041b.dll
[2008/10/07 22:05:21 | 00,732,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb0424.dll
[2008/10/07 22:05:21 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2008/10/07 22:05:21 | 00,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlqp20.dll
[2008/10/07 22:05:21 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb041b.dll
[2008/10/07 22:05:21 | 00,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2008/10/07 22:05:21 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra041b.dll
[2008/10/07 22:05:21 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra0424.dll
[2008/10/07 22:05:21 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime
[2008/10/07 22:05:21 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqldb20.dll
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2008/10/07 22:05:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2008/10/07 22:05:20 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb0424.dll
[2008/10/07 22:05:20 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2008/10/07 22:05:18 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/10/07 22:05:13 | 00,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2008/10/07 22:05:13 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2008/10/07 22:05:12 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2008/10/07 22:05:12 | 00,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2008/10/07 22:05:12 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/10/07 22:05:12 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentctl.dll
[2008/10/07 22:05:12 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/10/07 22:05:12 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2008/10/07 22:05:12 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2008/10/07 22:05:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040c.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0407.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0816.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0413.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0410.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0c0a.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0416.dll
[2008/10/07 22:05:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041d.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0414.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040b.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0409.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0406.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/10/07 22:05:12 | 00,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/10/07 22:05:11 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2008/10/07 22:05:11 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2008/10/07 22:05:11 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2008/10/07 22:05:11 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2008/10/07 22:05:11 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2008/10/07 22:05:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2008/10/07 22:05:11 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/10/07 22:05:11 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2008/10/07 22:05:11 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2008/10/07 22:05:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2008/10/07 22:05:11 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2008/10/07 22:05:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/10/07 22:05:11 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/10/07 22:05:11 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/10/07 22:05:10 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2008/10/07 22:05:10 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2008/10/07 22:05:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2008/10/07 22:05:09 | 03,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2008/10/07 22:05:09 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/10/07 22:05:09 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/10/07 22:05:09 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2008/10/07 22:05:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2008/10/07 22:05:09 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2008/10/07 22:05:09 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/10/07 22:05:09 | 00,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2008/10/07 22:05:09 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/10/07 22:05:09 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2008/10/07 22:05:09 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2008/10/07 22:05:09 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2008/10/07 22:05:09 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/10/07 22:05:08 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/07 22:05:08 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/07 22:05:08 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/10/07 22:05:08 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2008/10/07 22:05:08 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/10/07 22:05:08 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/10/07 22:05:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nppagent.exe
[2008/10/07 22:05:08 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2008/10/07 22:05:07 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2008/10/07 22:05:07 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/10/07 22:05:07 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/10/07 22:05:07 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2008/10/07 22:05:07 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2008/10/07 22:05:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2008/10/07 22:05:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2008/10/07 22:05:07 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/10/07 22:05:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/07 22:05:04 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2008/10/07 22:05:04 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2008/10/07 22:05:04 | 00,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2008/10/07 22:05:04 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2008/10/07 22:05:04 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2008/10/07 22:05:04 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2008/10/07 22:05:04 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2008/10/07 22:05:04 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2008/10/07 22:05:04 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2008/10/07 22:05:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2008/10/07 22:05:03 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/10/07 22:05:02 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2008/10/07 22:05:02 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2008/10/07 22:05:02 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsetup.dll
[2008/10/07 22:05:02 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2008/10/07 22:05:02 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2008/10/07 22:05:02 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imsinsnt.dll
[2008/10/07 22:05:02 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcstp.dll
[2008/10/07 22:05:01 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2008/10/07 22:05:00 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/10/07 22:05:00 | 00,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2008/10/07 22:05:00 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\guitrn.dll
[2008/10/07 22:05:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2008/10/07 22:05:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2008/10/07 22:04:59 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnt.dll
[2008/10/07 22:04:59 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\script.dll
[2008/10/07 22:04:59 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migism.dll
[2008/10/07 22:04:59 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsldp.dll
[2008/10/07 22:04:59 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmod.dll
[2008/10/07 22:04:59 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migload.exe
[2008/10/07 22:04:59 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2008/10/07 22:04:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2008/10/07 22:04:57 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2008/10/07 22:04:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2008/10/07 22:04:56 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdosys.dll
[2008/10/07 22:04:56 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmgr.dll
[2008/10/07 22:04:56 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2008/10/07 22:04:56 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\capesnpn.dll
[2008/10/07 22:04:56 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cic.dll
[2008/10/07 22:04:56 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2008/10/07 22:04:55 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmdial32.dll
[2008/10/07 22:04:55 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2008/10/07 22:04:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2008/10/07 22:04:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2008/10/07 22:04:55 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2008/10/07 22:04:54 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2008/10/07 22:04:54 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmsp.dll
[2008/10/07 22:04:54 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2008/10/07 22:04:53 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2008/10/07 22:04:52 | 00,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpmon.dll
[2008/10/07 22:04:52 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\daxctle.ocx
[2008/10/07 22:04:52 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\datime.dll
[2008/10/07 22:04:52 | 00,123,904 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgui.dll
[2008/10/07 22:04:52 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/10/07 22:04:51 | 01,501,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskcopy.dll
[2008/10/07 22:04:51 | 00,273,920 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdlgs.dll
[2008/10/07 22:04:51 | 00,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdskmgr.dll
[2008/10/07 22:04:51 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2008/10/07 22:04:51 | 00,045,083 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dispex.dll
[2008/10/07 22:04:50 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2008/10/07 22:04:50 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2008/10/07 22:04:50 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2008/10/07 22:04:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2008/10/07 22:04:49 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2008/10/07 22:04:48 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2008/10/07 22:04:48 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsquery.dll
[2008/10/07 22:04:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2008/10/07 22:04:48 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dskquoui.dll
[2008/10/07 22:04:48 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprop.dll
[2008/10/07 22:04:47 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2008/10/07 22:04:47 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2008/10/07 22:04:47 | 00,382,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontext.dll
[2008/10/07 22:04:47 | 00,380,957 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expsrv.dll
[2008/10/07 22:04:47 | 00,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filemgmt.dll
[2008/10/07 22:04:47 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/07 22:04:47 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2008/10/07 22:04:47 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\els.dll
[2008/10/07 22:04:47 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exts.dll
[2008/10/07 22:04:47 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2008/10/07 22:04:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\forcedos.exe
[2008/10/07 22:04:45 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323msp.dll
[2008/10/07 22:04:45 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2008/10/07 22:04:45 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2008/10/07 22:04:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\help.exe
[2008/10/07 22:04:44 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/07 22:04:44 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2008/10/07 22:04:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\initpki.dll
[2008/10/07 22:04:44 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\input.dll
[2008/10/07 22:04:43 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2008/10/07 22:04:43 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsmsnap.dll
[2008/10/07 22:04:43 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsecsnp.dll
[2008/10/07 22:04:43 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprtrmgr.dll
[2008/10/07 22:04:43 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2008/10/07 22:04:43 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipmontr.dll
[2008/10/07 22:04:43 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2008/10/07 22:04:43 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxwan.dll
[2008/10/07 22:04:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/10/07 22:04:42 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keymgr.dll
[2008/10/07 22:04:42 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/10/07 22:04:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec.dll
[2008/10/07 22:04:41 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2008/10/07 22:04:41 | 00,399,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmrt.dll
[2008/10/07 22:04:41 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localsec.dll
[2008/10/07 22:04:41 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2008/10/07 22:04:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/10/07 22:04:39 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2008/10/07 22:04:39 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mprdim.dll
[2008/10/07 22:04:38 | 00,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2008/10/07 22:04:38 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2008/10/07 22:04:38 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2008/10/07 22:04:38 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2008/10/07 22:04:38 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdart.dll
[2008/10/07 22:04:37 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2008/10/07 22:04:37 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimsg.dll
[2008/10/07 22:04:37 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msihnd.dll
[2008/10/07 22:04:37 | 00,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msieftp.dll
[2008/10/07 22:04:37 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiexec.exe
[2008/10/07 22:04:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msisip.dll
[2008/10/07 22:04:36 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnsspc.dll
[2008/10/07 22:04:36 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjint40.dll
[2008/10/07 22:04:36 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msorcl32.dll
[2008/10/07 22:04:35 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msutb.dll
[2008/10/07 22:04:34 | 01,428,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2008/10/07 22:04:34 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/10/07 22:04:33 | 00,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml2.dll
[2008/10/07 22:04:33 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml.dll
[2008/10/07 22:04:33 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/10/07 22:04:32 | 01,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/07 22:04:32 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 22:04:32 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2008/10/07 22:04:32 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nddeapir.exe
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2008/10/07 22:04:31 | 00,875,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netplwiz.dll
[2008/10/07 22:04:30 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsmgr.dll
[2008/10/07 22:04:30 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmssvc.dll
[2008/10/07 22:04:30 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\objsel.dll
[2008/10/07 22:04:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsdba.dll
[2008/10/07 22:04:30 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ocmanage.dll
[2008/10/07 22:04:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntvdmd.dll
[2008/10/07 22:04:29 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcjt32.dll
[2008/10/07 22:04:28 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbctrac.dll
[2008/10/07 22:04:28 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2008/10/07 22:04:28 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olepro32.dll
[2008/10/07 22:04:28 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli32.dll
[2008/10/07 22:04:27 | 00,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\photowiz.dll
[2008/10/07 22:04:27 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfnet.dll
[2008/10/07 22:04:26 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2008/10/07 22:04:26 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/10/07 22:04:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/10/07 22:04:26 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/10/07 22:04:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/10/07 22:04:26 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/10/07 22:04:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/10/07 22:04:26 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2008/10/07 22:04:25 | 00,397,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwizc.dll
[2008/10/07 22:04:25 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2008/10/07 22:04:24 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2008/10/07 22:04:24 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2008/10/07 22:04:24 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sccsccp.dll
[2008/10/07 22:04:24 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvpsp.dll
[2008/10/07 22:04:22 | 01,497,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2008/10/07 22:04:21 | 08,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2008/10/07 22:04:21 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2008/10/07 22:04:21 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2008/10/07 22:04:20 | 00,363,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smlogcfg.dll
[2008/10/07 22:04:20 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsnap.dll
[2008/10/07 22:04:20 | 00,180,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlunirl.dll
[2008/10/07 22:04:20 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2008/10/07 22:04:20 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sort.exe
[2008/10/07 22:04:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdole2.tlb
[2008/10/07 22:04:18 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi3.dll
[2008/10/07 22:04:18 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2008/10/07 22:04:18 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termmgr.dll
[2008/10/07 22:04:18 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmon.ocx
[2008/10/07 22:04:18 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncui.dll
[2008/10/07 22:04:16 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/07 22:04:16 | 00,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnpui.dll
[2008/10/07 22:04:16 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2008/10/07 22:04:15 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2008/10/07 22:04:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.dll
[2008/10/07 22:04:14 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wavemsp.dll
[2008/10/07 22:04:13 | 00,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winntbbu.dll
[2008/10/07 22:04:13 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2008/10/07 22:04:13 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2008/10/07 22:04:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winver.exe
[2008/10/07 22:04:11 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2008/10/07 22:04:11 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2008/10/07 22:04:10 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/10/07 22:04:10 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/10/07 22:04:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/10/07 22:04:09 | 00,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/10/07 22:04:09 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/10/07 22:04:09 | 00,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/10/07 22:04:09 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/10/07 22:04:09 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/10/07 22:04:09 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/10/07 22:04:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/10/07 22:04:09 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/10/07 22:04:09 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/10/07 22:04:09 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/10/07 22:04:09 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/10/07 22:04:09 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cacls.exe
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/10/07 22:04:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/10/07 22:04:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/10/07 22:04:08 | 00,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/10/07 22:04:08 | 00,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2008/10/07 22:04:08 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/10/07 22:04:08 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/10/07 22:04:08 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/10/07 22:04:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/10/07 22:04:07 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/10/07 22:04:07 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/10/07 22:04:07 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2008/10/07 22:04:07 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/10/07 22:04:07 | 00,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/10/07 22:04:07 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2008/10/07 22:04:07 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/10/07 22:04:07 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/10/07 22:04:07 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/10/07 22:04:07 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/10/07 22:04:07 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/10/07 22:04:07 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/10/07 22:04:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/10/07 22:04:07 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/10/07 22:04:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecnv32.dll
[2008/10/07 22:04:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/10/07 22:04:06 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\untfs.dll
[2008/10/07 22:04:06 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/10/07 22:04:06 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winspool.drv
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2008/10/07 22:04:05 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/10/07 22:04:05 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/10/07 22:04:04 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/10/07 22:04:04 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/07 22:04:04 | 00,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/10/07 22:04:04 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/10/07 22:04:04 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/10/07 22:04:04 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/10/07 22:04:04 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/07 22:04:04 | 00,134,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/10/07 22:04:04 | 00,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/10/07 22:04:04 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/10/07 22:04:04 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/10/07 22:04:04 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/10/07 22:04:04 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/10/07 22:04:04 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/10/07 22:04:04 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/10/07 22:04:04 | 00,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/10/07 22:04:04 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/10/07 22:04:04 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/10/07 22:04:04 | 00,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/10/07 22:04:04 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/10/07 22:04:04 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/10/07 22:04:04 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/10/07 22:04:04 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/10/07 22:04:04 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/10/07 22:04:04 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2008/10/07 22:04:04 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/10/07 22:04:04 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/10/07 22:04:04 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/10/07 22:04:04 | 00,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2008/10/07 22:04:04 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fips.sys
[2008/10/07 22:04:04 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/10/07 22:04:04 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/10/07 22:04:04 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/10/07 22:04:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/10/07 22:04:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/10/07 22:04:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/10/07 22:04:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/10/07 22:04:04 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/10/07 22:04:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/10/07 22:04:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/10/07 22:04:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/10/07 22:04:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/10/07 22:04:04 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/10/07 22:04:04 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/10/07 22:04:04 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/10/07 22:04:04 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/10/07 22:04:04 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2008/10/07 22:04:04 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/10/07 22:04:04 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/10/07 22:04:04 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2008/10/07 22:04:03 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/10/07 22:04:03 | 00,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/10/07 22:04:03 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/10/07 22:04:03 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/10/07 22:04:03 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/10/07 22:04:03 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/10/07 22:04:03 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/10/07 22:04:03 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/07 22:04:02 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/10/07 22:04:02 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/10/07 22:04:02 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/10/07 22:04:02 | 00,119,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/10/07 22:04:02 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/10/07 22:04:02 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/10/07 22:04:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/10/07 22:04:02 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/10/07 22:04:02 | 00,064,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/10/07 22:04:02 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/10/07 22:04:02 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/10/07 22:04:02 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/10/07 22:04:02 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/10/07 22:04:02 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/10/07 22:04:02 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/10/07 22:04:02 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/10/07 22:04:02 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/10/07 22:04:02 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\partmgr.sys
[2008/10/07 22:04:02 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/10/07 22:04:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/10/07 22:04:02 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/10/07 22:04:02 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2008/10/07 22:04:02 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/10/07 22:04:02 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2008/10/07 22:04:01 | 00,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys
[2008/10/07 22:04:01 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2008/10/07 22:04:01 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/10/07 22:04:01 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd.sys
[2008/10/07 22:04:01 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/10/07 22:04:01 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/10/07 22:04:01 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2008/10/07 22:04:01 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2008/10/07 22:04:01 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/07 22:04:00 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/10/07 22:04:00 | 00,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/10/07 22:04:00 | 00,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2008/10/07 22:04:00 | 00,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008/10/07 22:04:00 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wanarp.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/10/07 22:04:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys
[2008/10/07 22:04:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2008/10/07 22:04:00 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[691 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/26 13:19:07 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/26 13:06:11 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/10/26 13:05:48 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/26 12:58:55 | 00,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/26 12:58:42 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/26 12:58:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/26 12:58:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/26 12:13:49 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 11:09:57 | 00,000,374 | RHS- | M] () -- C:\boot.ini
[2008/10/26 11:05:37 | 02,995,771 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/10/26 08:33:20 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2008/10/26 08:30:58 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Live Messenger.lnk
[2008/10/26 03:15:17 | 05,364,012 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/26 03:03:28 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2008/10/26 03:03:27 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/10/26 02:17:16 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/26 02:17:16 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/26 02:17:16 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/26 02:16:33 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2008/10/26 02:11:08 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/25 14:08:10 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:50:00 | 27,462,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/22 18:43:39 | 00,095,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/21 00:29:16 | 00,000,085 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 22:40:56 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 20:51:51 | 00,077,312 | ---- | M] () -- C:\WINDOWS\ua2.dll
[2008/10/19 22:54:24 | 00,878,080 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable
[2008/10/19 21:27:36 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/10/17 23:56:13 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 13:39:37 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 03:11:37 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 03:04:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/14 12:36:08 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/12 13:14:17 | 02,516,992 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\My Documents\Thumbs.db:encryptable
[2008/10/11 00:36:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 22:57:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/07 22:57:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/07 22:29:36 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 26 October 2008 - 04:19 PM

Hello moliere.

I see what was missed.

Run ComboFix with CFScript
We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    Rootkit::
    C:\WINDOWS\svchost.exe
    
    Driver::
    wowsystemcode
    
    NetSvc::
    wowsystemcode
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Once again, please follow up with new GMER and OTViewIt logs.

With Regards,
The Panda

#14 moliere

moliere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 26 October 2008 - 06:22 PM

Here is the new ComboFix log:
ComboFix 08-10-25.01 - Owner 2008-10-26 14:38:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.170 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.exe
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 14:48 . 2008-10-26 14:51 22,528 --a------ C:\WINDOWS\svchost.exe
2008-10-26 02:17 . 2008-10-26 13:19 345 --a------ C:\WINDOWS\gmer.ini
2008-10-25 13:49 . 2008-10-25 13:48 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-25 13:49 . 2008-10-25 13:48 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-22 05:42 . 2008-10-22 05:42 <DIR> d--h----- C:\BJPrinter
2008-10-21 00:29 . 2008-10-21 00:29 85 --a------ C:\WINDOWS\wininit.ini
2008-10-20 23:51 . 2008-10-20 23:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-10-20 21:37 . 2008-10-20 21:38 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-20 21:08 . 2008-10-25 13:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-10-20 19:47 . 2008-10-20 20:51 77,312 --a------ C:\WINDOWS\ua2.dll
2008-10-18 14:27 . 2008-10-18 14:27 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-17 13:39 . 2008-10-17 13:39 102,400 --a------ C:\WINDOWS\system32\atlcom839_953.dll
2008-10-14 11:41 . 2008-10-14 11:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-08 09:53 . 2008-10-20 18:59 <DIR> d-------- C:\Program Files\World of Warcraft
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-07 22:17 . 2008-10-07 22:29 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-07 22:04 . 2007-10-25 20:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-10-07 22:03 . 2008-08-14 03:00 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-10-07 22:03 . 2008-08-14 03:00 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:03 --------- d-----w C:\Program Files\Alwil Software
2008-10-25 20:48 --------- d-----w C:\Program Files\Java
2008-10-25 20:42 --------- d-----w C:\Program Files\BitTorrent
2008-10-25 20:40 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-10-22 05:43 --------- d-----w C:\Program Files\AIM6
2008-10-21 07:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-21 06:51 --------- d-----w C:\Program Files\Lavasoft
2008-10-21 06:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 05:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-21 05:10 --------- d-----w C:\Program Files\Trend Micro
2008-10-21 04:09 --------- d-----w C:\Program Files\Steam
2008-10-19 07:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-10-19 07:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-10-14 18:43 --------- d-----w C:\Program Files\DivX
2008-10-08 17:19 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-10-07 19:05 --------- d-----w C:\Program Files\Warcraft III
2008-10-03 09:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-09-18 00:38 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 00:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-18 00:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-10 07:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 07:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 14:43 --------- d-----w C:\Program Files\MSN Messenger
2008-09-01 21:15 --------- d-----w C:\Program Files\OGPlanet
2008-09-01 20:01 --------- d-----w C:\Program Files\FLStudio
2008-09-01 20:00 --------- d-----w C:\Program Files\KongKong Online Europe
2008-09-01 19:58 --------- d-----w C:\Program Files\Vstplugins
2008-08-31 09:52 --------- d-----w C:\Program Files\WC3Banlist
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-21 21:30 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2005-05-23 05:42 271 --sh--w C:\Program Files\desktop.ini
2005-05-23 05:42 21,952 ---ha-w C:\Program Files\folder.htt
2005-09-17 06:47 56 --sh--r C:\WINDOWS\system32\0C97BB9017.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-26_12.25.50.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2001-10-18 483394]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 126976]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 35328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\World Editor.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Steam\\steamapps\\punkintended@aol.com\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\punkintended@aol.com\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WC3 Frozen Throne
"3724:TCP"= 3724:TCP:Blizzard Downloader

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-25 152984]
R2 wowsystemcode;Remote TCP/IPv6;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-23 45568]
S2 Shell Hardware Detection (ShellHWDetection);Shell Hardware Detection (ShellHWDetection);C:\Program Files\ProtectService\ProtectService.exe [ ]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [ ]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys [ ]
S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode
.
Contents of the 'Scheduled Tasks' folder

2008-10-26 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-17 23:55]

2007-09-19 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 14:45:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-26 15:02:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 22:02:23
ComboFix2.txt 2008-10-26 20:16:23
ComboFix3.txt 2008-10-26 19:26:20

Pre-Run: 25,714,864,128 bytes free
Post-Run: 25,749,032,960 bytes free

185 --- E O F --- 2008-10-24 10:01:59


Here is a new GMER log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-26 15:50:46
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEF1D9618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEF1D94D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEF1D99B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEF1D90AC]
SSDT sptd.sys ZwEnumerateKey [0xF8779FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF877A340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEF1D95AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEF1D8FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEF1D9050]
SSDT sptd.sys ZwQueryKey [0xF877A418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEF1D96CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEF1D968E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEF1D980E]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? Combo-Fix.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7A5C62C 5 Bytes JMP 831FB770
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\svchost.exe[1360] C:\WINDOWS\svchost.exe section is writeable [0x00401000, 0x500C, 0xE0000020]
.CRT C:\WINDOWS\svchost.exe[1360] C:\WINDOWS\svchost.exe unknown last section [0x00407000, 0x4, 0xC0000040]
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2180] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F878B06C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F878B018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F87AD9AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F878B06C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8774AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8774C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8774B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8775748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F877561E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F878A29A] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [01942070] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [019420B0] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [01942030] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01942000] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [01944C50] C:\Program Files\Canon\Easy-WebPrint\EWPCore.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 833D51E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{1CFB8E23-62FC-4B40-8203-360A522FCBB7} 82E381E8

AttachedDevice \Driver\Tcpip \Device\Ip msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 831FC790
Device \Driver\usbuhci \Device\USBPDO-1 831FC790
Device \Driver\usbuhci \Device\USBPDO-2 831FC790
Device \Driver\usbehci \Device\USBPDO-3 8322A1E8

AttachedDevice \Driver\Tcpip \Device\Tcp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8336B1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8336B1E8
Device \Driver\Cdrom \Device\CdRom0 8322D1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 833D61E8
Device \Driver\atapi \Device\Ide\IdePort0 833D61E8
Device \Driver\atapi \Device\Ide\IdePort1 833D61E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 833D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8336B1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82E381E8
Device \Driver\NetBT \Device\NetbiosSmb 82E381E8

AttachedDevice \Driver\Tcpip \Device\Udp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 831FC790
Device \Driver\usbuhci \Device\USBFDO-1 831FC790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82F43790
Device \Driver\usbuhci \Device\USBFDO-2 831FC790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82F43790
Device \Driver\usbehci \Device\USBFDO-3 8322A1E8
Device \Driver\Ftdisk \Device\FtControl 8336B1E8
Device \FileSystem\Fastfat \Fat 82D47790
Device \FileSystem\Fastfat \Fat EE0A51F9

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 82FF71E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCA 0xB5 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0xE7 0x18 0x85 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x52 0x21 0x84 0xAB ...
Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\.aswcs@ aswsfile
Reg HKLM\SOFTWARE\Classes\.aswcs@Content Type application/avast-aswcs
Reg HKLM\SOFTWARE\Classes\.asws@ aswsfile
Reg HKLM\SOFTWARE\Classes\.asws@Content Type application/avast-asws
Reg HKLM\SOFTWARE\Classes\.csk@ cskfile
Reg HKLM\SOFTWARE\Classes\.csk@Content Type application/copernic-csk
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer@ ActiveSkin4.Skin.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer@ ActiveSkin4.SkinLabel.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\aswcsfile@ avast! Compressed Skin
Reg HKLM\SOFTWARE\Classes\aswcsfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\aswcsfile@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell@
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open@
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\aswcsfile\shell\open\command@ "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe" "%1"
Reg HKLM\SOFTWARE\Classes\aswsfile@ avast! Skin
Reg HKLM\SOFTWARE\Classes\aswsfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\aswsfile@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\aswsfile\shell
Reg HKLM\SOFTWARE\Classes\aswsfile\shell@
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open@
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\aswsfile\shell\open\command@ "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe" "%1"
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner@ sbScanner Class
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CLSID
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CLSID@ {7BFC2BD7-0937-41EA-8872-CE3B27E08F84}
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CurVer
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner\CurVer@ AvAScr.sbScanner.1
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1@ sbScanner Class
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\AvAScr.sbScanner.1\CLSID@ {7BFC2BD7-0937-41EA-8872-CE3B27E08F84}
Reg HKLM\SOFTWARE\Classes\avast\ShellEx
Reg HKLM\SOFTWARE\Classes\avast\ShellEx\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\avast\ShellEx\ContextMenuHandlers@ {472083B0-C522-11CF-8763-00608CC02F24}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F3013FB-6322-A5F7-F30F-1EDA7CA4292B}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F3013FB-6322-A5F7-F30F-1EDA7CA4292B}@iaoepfgplppapbnhlc 0x63 0x61 0x70 0x6B ...

---- EOF - GMER 1.0.14 ----


Here is a new OTViewIt.txt:

OTViewIt logfile created on: 10/26/2008 3:51:05 PM - Run 5
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 165.19 Mb Available Physical Memory | 32.39% Memory free
1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.28% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 24.00 Gb Free Space | 33.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAZEN-EIR2CVHVA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2001/10/18 13:37:22 | 00,483,394 | ---- | M] (BroadJump, Inc.) -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/01/10 15:27:36 | 00,385,024 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/01/15 03:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/05/11 09:45:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/10/25 13:48:55 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/07/19 07:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/10/17 23:55:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/10/26 14:51:39 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/01/02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/08/22 22:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/20 23:55:38 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2006/05/03 09:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/05/03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 07:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
[2008/07/23 07:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2005/07/22 17:04:50 | 00,217,088 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/10/25 13:48:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/06/16 12:43:37 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
File not found -- -- (msfwsvc [Auto | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/08/02 14:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
File not found -- -- (Shell Hardware Detection (ShellHWDetection) [Auto | Stopped])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 07:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2008/07/19 07:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 07:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 07:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 07:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 07:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/03 09:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2002/06/23 14:31:20 | 00,045,568 | R--- | M] (D-Link Corporation ) -- C:\WINDOWS\system32\drivers\DLKRTS.SYS -- (DLKRTS [On_Demand | Running])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/10/26 02:17:16 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2007/08/02 17:19:25 | 00,026,056 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2005/01/23 11:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2004/08/03 22:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2006/09/12 02:06:08 | 00,081,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv [Auto | Running])
[2006/09/12 02:06:06 | 00,105,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR [System | Running])
[2004/08/03 22:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2003/07/16 13:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/07/29 16:29:58 | 00,211,072 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500 [On_Demand | Stopped])
[2004/08/03 22:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/11/18 11:38:32 | 00,591,808 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/09/02 02:19:08 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = local.,

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe (BroadJump, Inc.)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2000/01/21 01:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
File not found -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 14:39:38 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2004/04/27 15:18:34 | 00,061,440 | ---- | M] (America Online, Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
80 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
81 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1957994488-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
aol.com\objects: * is out of zone range (0)
cox.com: http in Local intranet
cox.com: https in Local intranet
coxenterprises.com: http in Local intranet
coxenterprises.com: https in Local intranet
81 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened.
{0EC4C9E3-EC6A-11CF-8E3B-444553540000}: -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5}: -- Microsoft Data Collection Control
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}: http://moneycentral.msn.com/cabs/pmupd806.exe -- MSN Money Charting
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://scan.safety.live.com/resource/downl...lscbase5059.cab -- Windows Live Safety Center Base Module
{6414512B-B978-451D-A0D8-FCFDF33E833C}: -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{AECD14A8-F662-11D1-A395-00805F535788}: -- Reg Error: Key does not exist or could not be opened.
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1CFB8E23-62FC-4B40-8203-360A522FCBB7} (Servers: | Description: D-Link DFE-530TX+ PCI Adapter)
{817D2139-C3D0-4A58-B0A5-E03A6CAE8053} (Servers: 128.242.126.95 | Description: Belkin 802.11g Wireless Card)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/07/30 17:19:15 | 00,000,050 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[691 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/26 14:48:35 | 00,022,528 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2008/10/26 12:56:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/10/26 11:15:31 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/26 11:09:57 | 00,000,304 | ---- | C] () -- C:\Boot.bak
[2008/10/26 11:09:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/26 11:09:43 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/10/26 11:08:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/26 11:08:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/26 11:08:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/26 11:08:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/26 11:08:08 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/26 11:08:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/26 11:08:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/26 11:08:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/26 11:07:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/26 11:07:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/10/26 11:05:32 | 02,995,771 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/10/26 03:03:28 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/10/26 03:03:28 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2008/10/26 03:03:27 | 00,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/10/26 03:03:27 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/10/26 03:03:24 | 00,094,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/10/26 03:03:24 | 00,094,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2008/10/26 03:03:24 | 00,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/10/26 03:03:24 | 00,078,416 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/10/26 03:03:24 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/10/26 03:03:04 | 01,163,960 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/10/26 03:03:04 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2008/10/26 02:17:18 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/26 02:17:16 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/26 02:17:16 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/26 02:17:16 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/26 02:17:16 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/26 02:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2008/10/26 02:16:28 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2008/10/26 02:11:07 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/25 14:08:09 | 00,230,776 | ---- | C] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:49:25 | 27,462,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:44:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/25 13:07:00 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/24 03:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BitTorrent Downloads
[2008/10/22 18:43:38 | 00,095,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/22 07:02:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2008/10/22 05:42:44 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2008/10/21 00:29:16 | 00,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 23:51:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/20 22:40:56 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 21:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/20 21:08:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
[2008/10/20 19:47:10 | 00,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2008/10/18 14:27:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/10/17 23:56:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 23:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2008/10/17 13:39:37 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/14 11:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
[2008/10/08 09:53:47 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/08 09:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2008/10/07 22:54:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/07 22:17:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/07 22:17:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/07 22:17:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/07 22:05:27 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/07 22:05:27 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/07 22:05:27 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/10/07 22:05:27 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/10/07 22:05:27 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/10/07 22:05:27 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/07 22:05:27 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys
[2008/10/07 22:05:27 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/10/07 22:05:27 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2008/10/07 22:05:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/07 22:05:27 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/07 22:05:27 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/07 22:05:27 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2008/10/07 22:05:27 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/10/07 22:05:26 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2008/10/07 22:05:26 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/07 22:05:26 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2008/10/07 22:05:26 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/07 22:05:26 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/10/07 22:05:26 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/07 22:05:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/10/07 22:05:26 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/07 22:05:26 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/07 22:05:26 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunmp.sys
[2008/10/07 22:05:26 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2008/10/07 22:05:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2008/10/07 22:05:26 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/07 22:05:25 | 00,262,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2008/10/07 22:05:24 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiagn.dll
[2008/10/07 22:05:24 | 00,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2008/10/07 22:05:24 | 00,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2008/10/07 22:05:23 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msftedit.dll
[2008/10/07 22:05:23 | 00,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2psvc.dll
[2008/10/07 22:05:23 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\p2pgraph.dll
[2008/10/07 22:05:23 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2008/10/07 22:05:23 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbeio.dll
[2008/10/07 22:05:23 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/10/07 22:05:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2008/10/07 22:05:22 | 04,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2008/10/07 22:05:22 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2008/10/07 22:05:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbinst.exe
[2008/10/07 22:05:21 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/10/07 22:05:21 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb041b.dll
[2008/10/07 22:05:21 | 00,732,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sprb0424.dll
[2008/10/07 22:05:21 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2008/10/07 22:05:21 | 00,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlqp20.dll
[2008/10/07 22:05:21 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb041b.dll
[2008/10/07 22:05:21 | 00,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2008/10/07 22:05:21 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra041b.dll
[2008/10/07 22:05:21 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spra0424.dll
[2008/10/07 22:05:21 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime
[2008/10/07 22:05:21 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqldb20.dll
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2008/10/07 22:05:21 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2008/10/07 22:05:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2008/10/07 22:05:20 | 00,408,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\obrb0424.dll
[2008/10/07 22:05:20 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2008/10/07 22:05:18 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/10/07 22:05:13 | 00,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acspecfc.dll
[2008/10/07 22:05:13 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclua.dll
[2008/10/07 22:05:12 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2008/10/07 22:05:12 | 00,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentsvr.exe
[2008/10/07 22:05:12 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/10/07 22:05:12 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentctl.dll
[2008/10/07 22:05:12 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/10/07 22:05:12 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdpv.dll
[2008/10/07 22:05:12 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agentdp2.dll
[2008/10/07 22:05:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040c.dll
[2008/10/07 22:05:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0407.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0816.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0413.dll
[2008/10/07 22:05:12 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0410.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0c0a.dll
[2008/10/07 22:05:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0416.dll
[2008/10/07 22:05:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041d.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0414.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040b.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0409.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0406.dll
[2008/10/07 22:05:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2008/10/07 22:05:12 | 00,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/10/07 22:05:11 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2008/10/07 22:05:11 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2008/10/07 22:05:11 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2008/10/07 22:05:11 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2008/10/07 22:05:11 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2008/10/07 22:05:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2008/10/07 22:05:11 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2008/10/07 22:05:11 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2008/10/07 22:05:11 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2008/10/07 22:05:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2008/10/07 22:05:11 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2008/10/07 22:05:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2008/10/07 22:05:11 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/10/07 22:05:11 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2008/10/07 22:05:10 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2008/10/07 22:05:10 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2008/10/07 22:05:10 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2008/10/07 22:05:09 | 03,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2008/10/07 22:05:09 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/10/07 22:05:09 | 00,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2008/10/07 22:05:09 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2008/10/07 22:05:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2008/10/07 22:05:09 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2008/10/07 22:05:09 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2008/10/07 22:05:09 | 00,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2008/10/07 22:05:09 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2008/10/07 22:05:09 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2008/10/07 22:05:09 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2008/10/07 22:05:09 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2008/10/07 22:05:09 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2008/10/07 22:05:08 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/07 22:05:08 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/07 22:05:08 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/10/07 22:05:08 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2008/10/07 22:05:08 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/10/07 22:05:08 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/10/07 22:05:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nppagent.exe
[2008/10/07 22:05:08 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2008/10/07 22:05:07 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2008/10/07 22:05:07 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2008/10/07 22:05:07 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2008/10/07 22:05:07 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2008/10/07 22:05:07 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2008/10/07 22:05:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2008/10/07 22:05:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2008/10/07 22:05:07 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/10/07 22:05:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/07 22:05:04 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2008/10/07 22:05:04 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2008/10/07 22:05:04 | 00,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2008/10/07 22:05:04 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2008/10/07 22:05:04 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2008/10/07 22:05:04 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2008/10/07 22:05:04 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2008/10/07 22:05:04 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2008/10/07 22:05:04 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2008/10/07 22:05:04 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2008/10/07 22:05:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2008/10/07 22:05:03 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2008/10/07 22:05:02 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2008/10/07 22:05:02 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2008/10/07 22:05:02 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsetup.dll
[2008/10/07 22:05:02 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2008/10/07 22:05:02 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2008/10/07 22:05:02 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imsinsnt.dll
[2008/10/07 22:05:02 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcstp.dll
[2008/10/07 22:05:01 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2008/10/07 22:05:00 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2008/10/07 22:05:00 | 00,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2008/10/07 22:05:00 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\guitrn.dll
[2008/10/07 22:05:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2008/10/07 22:05:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2008/10/07 22:04:59 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsnt.dll
[2008/10/07 22:04:59 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\script.dll
[2008/10/07 22:04:59 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migism.dll
[2008/10/07 22:04:59 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsldp.dll
[2008/10/07 22:04:59 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmod.dll
[2008/10/07 22:04:59 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migload.exe
[2008/10/07 22:04:59 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2008/10/07 22:04:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\actmovie.exe
[2008/10/07 22:04:57 | 01,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2008/10/07 22:04:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\attrib.exe
[2008/10/07 22:04:56 | 02,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdosys.dll
[2008/10/07 22:04:56 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmgr.dll
[2008/10/07 22:04:56 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2008/10/07 22:04:56 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\capesnpn.dll
[2008/10/07 22:04:56 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cic.dll
[2008/10/07 22:04:56 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ciodm.dll
[2008/10/07 22:04:55 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmdial32.dll
[2008/10/07 22:04:55 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2008/10/07 22:04:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2008/10/07 22:04:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2008/10/07 22:04:55 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2008/10/07 22:04:54 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2008/10/07 22:04:54 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmsp.dll
[2008/10/07 22:04:54 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2008/10/07 22:04:53 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2008/10/07 22:04:52 | 00,370,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpmon.dll
[2008/10/07 22:04:52 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\daxctle.ocx
[2008/10/07 22:04:52 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\datime.dll
[2008/10/07 22:04:52 | 00,123,904 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dllcache\dfrgui.dll
[2008/10/07 22:04:52 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2008/10/07 22:04:51 | 01,501,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskcopy.dll
[2008/10/07 22:04:51 | 00,273,920 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdlgs.dll
[2008/10/07 22:04:51 | 00,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\dmdskmgr.dll
[2008/10/07 22:04:51 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2008/10/07 22:04:51 | 00,045,083 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dispex.dll
[2008/10/07 22:04:50 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2008/10/07 22:04:50 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2008/10/07 22:04:50 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2008/10/07 22:04:50 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2008/10/07 22:04:49 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2008/10/07 22:04:48 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2008/10/07 22:04:48 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsquery.dll
[2008/10/07 22:04:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2008/10/07 22:04:48 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dskquoui.dll
[2008/10/07 22:04:48 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprop.dll
[2008/10/07 22:04:47 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2008/10/07 22:04:47 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2008/10/07 22:04:47 | 00,382,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontext.dll
[2008/10/07 22:04:47 | 00,380,957 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expsrv.dll
[2008/10/07 22:04:47 | 00,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filemgmt.dll
[2008/10/07 22:04:47 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/07 22:04:47 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2008/10/07 22:04:47 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\els.dll
[2008/10/07 22:04:47 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exts.dll
[2008/10/07 22:04:47 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2008/10/07 22:04:47 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\forcedos.exe
[2008/10/07 22:04:45 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323msp.dll
[2008/10/07 22:04:45 | 00,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2008/10/07 22:04:45 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hlink.dll
[2008/10/07 22:04:45 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\help.exe
[2008/10/07 22:04:44 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/07 22:04:44 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2008/10/07 22:04:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\initpki.dll
[2008/10/07 22:04:44 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\input.dll
[2008/10/07 22:04:43 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2008/10/07 22:04:43 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsmsnap.dll
[2008/10/07 22:04:43 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsecsnp.dll
[2008/10/07 22:04:43 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprtrmgr.dll
[2008/10/07 22:04:43 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\dllcache\jgdw400.dll
[2008/10/07 22:04:43 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipmontr.dll
[2008/10/07 22:04:43 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\dllcache\jgpl400.dll
[2008/10/07 22:04:43 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipxwan.dll
[2008/10/07 22:04:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/10/07 22:04:42 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keymgr.dll
[2008/10/07 22:04:42 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2008/10/07 22:04:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec.dll
[2008/10/07 22:04:41 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2008/10/07 22:04:41 | 00,399,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmrt.dll
[2008/10/07 22:04:41 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localsec.dll
[2008/10/07 22:04:41 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mf3216.dll
[2008/10/07 22:04:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2008/10/07 22:04:39 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2008/10/07 22:04:39 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mprdim.dll
[2008/10/07 22:04:38 | 00,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2008/10/07 22:04:38 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2008/10/07 22:04:38 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2008/10/07 22:04:38 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2008/10/07 22:04:38 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdart.dll
[2008/10/07 22:04:37 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msi.dll
[2008/10/07 22:04:37 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimsg.dll
[2008/10/07 22:04:37 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msihnd.dll
[2008/10/07 22:04:37 | 00,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msieftp.dll
[2008/10/07 22:04:37 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiexec.exe
[2008/10/07 22:04:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msisip.dll
[2008/10/07 22:04:36 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnsspc.dll
[2008/10/07 22:04:36 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjint40.dll
[2008/10/07 22:04:36 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msorcl32.dll
[2008/10/07 22:04:35 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msutb.dll
[2008/10/07 22:04:34 | 01,428,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2008/10/07 22:04:34 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/10/07 22:04:33 | 00,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml2.dll
[2008/10/07 22:04:33 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml.dll
[2008/10/07 22:04:33 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2008/10/07 22:04:32 | 01,104,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/07 22:04:32 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/07 22:04:32 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2008/10/07 22:04:32 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nddeapir.exe
[2008/10/07 22:04:32 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2008/10/07 22:04:31 | 00,875,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netplwiz.dll
[2008/10/07 22:04:30 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsmgr.dll
[2008/10/07 22:04:30 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmssvc.dll
[2008/10/07 22:04:30 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\objsel.dll
[2008/10/07 22:04:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntmsdba.dll
[2008/10/07 22:04:30 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ocmanage.dll
[2008/10/07 22:04:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntvdmd.dll
[2008/10/07 22:04:29 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbcjt32.dll
[2008/10/07 22:04:28 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbctrac.dll
[2008/10/07 22:04:28 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledlg.dll
[2008/10/07 22:04:28 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olepro32.dll
[2008/10/07 22:04:28 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli32.dll
[2008/10/07 22:04:27 | 00,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\photowiz.dll
[2008/10/07 22:04:27 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perfnet.dll
[2008/10/07 22:04:26 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2008/10/07 22:04:26 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/10/07 22:04:26 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/10/07 22:04:26 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/10/07 22:04:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/10/07 22:04:26 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/10/07 22:04:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/10/07 22:04:26 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasadhlp.dll
[2008/10/07 22:04:25 | 00,397,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwizc.dll
[2008/10/07 22:04:25 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2008/10/07 22:04:24 | 00,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2008/10/07 22:04:24 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\riched20.dll
[2008/10/07 22:04:24 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sccsccp.dll
[2008/10/07 22:04:24 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvpsp.dll
[2008/10/07 22:04:22 | 01,497,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2008/10/07 22:04:21 | 08,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2008/10/07 22:04:21 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2008/10/07 22:04:21 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2008/10/07 22:04:20 | 00,363,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smlogcfg.dll
[2008/10/07 22:04:20 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsnap.dll
[2008/10/07 22:04:20 | 00,180,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlunirl.dll
[2008/10/07 22:04:20 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2008/10/07 22:04:20 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sort.exe
[2008/10/07 22:04:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdole2.tlb
[2008/10/07 22:04:18 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi3.dll
[2008/10/07 22:04:18 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2008/10/07 22:04:18 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termmgr.dll
[2008/10/07 22:04:18 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysmon.ocx
[2008/10/07 22:04:18 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncui.dll
[2008/10/07 22:04:16 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/07 22:04:16 | 00,239,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnpui.dll
[2008/10/07 22:04:16 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\upnphost.dll
[2008/10/07 22:04:15 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2008/10/07 22:04:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.dll
[2008/10/07 22:04:14 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wavemsp.dll
[2008/10/07 22:04:13 | 00,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winntbbu.dll
[2008/10/07 22:04:13 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiaservc.dll
[2008/10/07 22:04:13 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2008/10/07 22:04:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winver.exe
[2008/10/07 22:04:11 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2008/10/07 22:04:11 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2008/10/07 22:04:10 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/10/07 22:04:10 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/10/07 22:04:09 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2008/10/07 22:04:09 | 00,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2008/10/07 22:04:09 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/10/07 22:04:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2008/10/07 22:04:09 | 00,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autochk.exe
[2008/10/07 22:04:09 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2008/10/07 22:04:09 | 00,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2008/10/07 22:04:09 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/10/07 22:04:09 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/10/07 22:04:09 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2008/10/07 22:04:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll
[2008/10/07 22:04:09 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2008/10/07 22:04:09 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2008/10/07 22:04:09 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll
[2008/10/07 22:04:09 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2008/10/07 22:04:09 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cacls.exe
[2008/10/07 22:04:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2008/10/07 22:04:09 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2008/10/07 22:04:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll
[2008/10/07 22:04:08 | 00,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/10/07 22:04:08 | 00,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2008/10/07 22:04:08 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwprovau.dll
[2008/10/07 22:04:08 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/10/07 22:04:08 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2008/10/07 22:04:08 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2008/10/07 22:04:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2008/10/07 22:04:07 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/10/07 22:04:07 | 00,657,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2008/10/07 22:04:07 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\printui.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/10/07 22:04:07 | 00,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2008/10/07 22:04:07 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2008/10/07 22:04:07 | 00,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysdm.cpl
[2008/10/07 22:04:07 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll
[2008/10/07 22:04:07 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2008/10/07 22:04:07 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2008/10/07 22:04:07 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
[2008/10/07 22:04:07 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll
[2008/10/07 22:04:07 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2008/10/07 22:04:07 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll
[2008/10/07 22:04:07 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
[2008/10/07 22:04:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/10/07 22:04:07 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2008/10/07 22:04:07 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rshx32.dll
[2008/10/07 22:04:07 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/10/07 22:04:07 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecnv32.dll
[2008/10/07 22:04:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2008/10/07 22:04:06 | 00,984,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2008/10/07 22:04:06 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\untfs.dll
[2008/10/07 22:04:06 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2008/10/07 22:04:06 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/10/07 22:04:05 | 01,846,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/10/07 22:04:05 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winspool.drv
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll
[2008/10/07 22:04:05 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2008/10/07 22:04:05 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2008/10/07 22:04:05 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2008/10/07 22:04:04 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys
[2008/10/07 22:04:04 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/07 22:04:04 | 00,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpi.sys
[2008/10/07 22:04:04 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxdav.sys
[2008/10/07 22:04:04 | 00,179,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxdav.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2008/10/07 22:04:04 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2008/10/07 22:04:04 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys
[2008/10/07 22:04:04 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2008/10/07 22:04:04 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2008/10/07 22:04:04 | 00,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/10/07 22:04:04 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/10/07 22:04:04 | 00,134,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipnat.sys
[2008/10/07 22:04:04 | 00,107,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys
[2008/10/07 22:04:04 | 00,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/10/07 22:04:04 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys
[2008/10/07 22:04:04 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndiswan.sys
[2008/10/07 22:04:04 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/10/07 22:04:04 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008/10/07 22:04:04 | 00,071,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
[2008/10/07 22:04:04 | 00,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2008/10/07 22:04:04 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys
[2008/10/07 22:04:04 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\arp1394.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2008/10/07 22:04:04 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2008/10/07 22:04:04 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmarpc.sys
[2008/10/07 22:04:04 | 00,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2008/10/07 22:04:04 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2008/10/07 22:04:04 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys
[2008/10/07 22:04:04 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/10/07 22:04:04 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2008/10/07 22:04:04 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdrom.sys
[2008/10/07 22:04:04 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys
[2008/10/07 22:04:04 | 00,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\imapi.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys
[2008/10/07 22:04:04 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2008/10/07 22:04:04 | 00,036,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2008/10/07 22:04:04 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys
[2008/10/07 22:04:04 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\disk.sys
[2008/10/07 22:04:04 | 00,036,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/10/07 22:04:04 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2008/10/07 22:04:04 | 00,035,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msgpc.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys
[2008/10/07 22:04:04 | 00,034,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fips.sys
[2008/10/07 22:04:04 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys
[2008/10/07 22:04:04 | 00,027,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fdc.sys
[2008/10/07 22:04:04 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2008/10/07 22:04:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdclass.sys
[2008/10/07 22:04:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouclass.sys
[2008/10/07 22:04:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipinip.sys
[2008/10/07 22:04:04 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\flpydisk.sys
[2008/10/07 22:04:04 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys
[2008/10/07 22:04:04 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/10/07 22:04:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2008/10/07 22:04:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/10/07 22:04:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asyncmac.sys
[2008/10/07 22:04:04 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2008/10/07 22:04:04 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisuio.sys
[2008/10/07 22:04:04 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2008/10/07 22:04:04 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2008/10/07 22:04:04 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2008/10/07 22:04:04 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2008/10/07 22:04:04 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/10/07 22:04:04 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2008/10/07 22:04:04 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2008/10/07 22:04:04 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2008/10/07 22:04:04 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys
[2008/10/07 22:04:03 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2008/10/07 22:04:03 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbt.sys
[2008/10/07 22:04:03 | 00,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2008/10/07 22:04:03 | 00,080,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys
[2008/10/07 22:04:03 | 00,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nic1394.sys
[2008/10/07 22:04:03 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\p3.sys
[2008/10/07 22:04:03 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2008/10/07 22:04:03 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\netbios.sys
[2008/10/07 22:04:03 | 00,030,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/10/07 22:04:02 | 00,333,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2008/10/07 22:04:02 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/07 22:04:02 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2008/10/07 22:04:02 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdbss.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2008/10/07 22:04:02 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2008/10/07 22:04:02 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2008/10/07 22:04:02 | 00,119,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys
[2008/10/07 22:04:02 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2008/10/07 22:04:02 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2008/10/07 22:04:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\psched.sys
[2008/10/07 22:04:02 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/10/07 22:04:02 | 00,064,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2008/10/07 22:04:02 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2008/10/07 22:04:02 | 00,057,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2008/10/07 22:04:02 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2008/10/07 22:04:02 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.sys
[2008/10/07 22:04:02 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2008/10/07 22:04:02 | 00,048,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspptp.sys
[2008/10/07 22:04:02 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\raspppoe.sys
[2008/10/07 22:04:02 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys
[2008/10/07 22:04:02 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2008/10/07 22:04:02 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2008/10/07 22:04:02 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys
[2008/10/07 22:04:02 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\partmgr.sys
[2008/10/07 22:04:02 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serenum.sys
[2008/10/07 22:04:02 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/10/07 22:04:02 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2008/10/07 22:04:02 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys
[2008/10/07 22:04:02 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2008/10/07 22:04:02 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2008/10/07 22:04:02 | 00,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swenum.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\update.sys
[2008/10/07 22:04:01 | 00,364,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\update.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys
[2008/10/07 22:04:01 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2008/10/07 22:04:01 | 00,225,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2008/10/07 22:04:01 | 00,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys
[2008/10/07 22:04:01 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2008/10/07 22:04:01 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2008/10/07 22:04:01 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd2.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2008/10/07 22:04:01 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbcamd.sys
[2008/10/07 22:04:01 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2008/10/07 22:04:01 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2008/10/07 22:04:01 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2008/10/07 22:04:01 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2008/10/07 22:04:01 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/10/07 22:04:00 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/07 22:04:00 | 00,142,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/10/07 22:04:00 | 00,131,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2008/10/07 22:04:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2008/10/07 22:04:00 | 00,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2008/10/07 22:04:00 | 00,052,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008/10/07 22:04:00 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wanarp.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2008/10/07 22:04:00 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/10/07 22:04:00 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/10/07 22:04:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys
[2008/10/07 22:04:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2008/10/07 22:04:00 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/10/07 22:04:00 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2008/10/07 22:03:59 | 02,180,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[691 C:\WINDOWS\System32\*.tmp files]
[17 C:\WINDOWS\*.tmp files]
[4 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2008/10/26 15:07:57 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/26 14:52:43 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/26 14:51:39 | 00,022,528 | ---- | M] () -- C:\WINDOWS\svchost.exe
[2008/10/26 14:45:36 | 00,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/26 14:45:24 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/26 14:45:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/26 14:45:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/26 12:13:49 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 11:09:57 | 00,000,374 | RHS- | M] () -- C:\boot.ini
[2008/10/26 11:05:37 | 02,995,771 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/10/26 08:33:20 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2008/10/26 08:30:58 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Live Messenger.lnk
[2008/10/26 03:15:17 | 05,364,012 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/26 03:03:28 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2008/10/26 03:03:27 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/10/26 02:17:16 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/26 02:17:16 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/26 02:17:16 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/26 02:16:33 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2008/10/26 02:11:08 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/25 14:08:10 | 00,230,776 | ---- | M] (Alwil Software) -- C:\Documents and Settings\Owner\Desktop\aswclear.exe
[2008/10/25 13:50:00 | 27,462,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setupeng.exe
[2008/10/25 13:07:01 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/22 18:43:39 | 00,095,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Account-Retrieval.pdf
[2008/10/21 00:29:16 | 00,000,085 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Watch.lnk
[2008/10/20 23:52:03 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2008/10/20 22:40:56 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/10/20 20:51:51 | 00,077,312 | ---- | M] () -- C:\WINDOWS\ua2.dll
[2008/10/19 22:54:24 | 00,878,080 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable
[2008/10/19 21:27:36 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/10/17 23:56:13 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2008/10/17 13:39:37 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\atlcom839_953.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 09:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 03:11:37 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 03:04:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/14 12:36:08 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\World of Warcraft.lnk
[2008/10/12 13:14:17 | 02,516,992 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Owner\My Documents\Thumbs.db:encryptable
[2008/10/11 00:36:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/07 22:57:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/10/07 22:57:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/10/07 22:29:36 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2008/10/07 12:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 10:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
< End of report >

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 AM

Posted 27 October 2008 - 07:30 AM

Hello.

Please give me some time to prepare our next steps :thumbsup: . Thanks for your patience.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users